Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

please suggest me any decrypter


  • This topic is locked This topic is locked
5 replies to this topic

#1 mohsin_hassan

mohsin_hassan

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 01 March 2018 - 01:31 AM

my software tally ERP9 backup files which were xyz.900 (extension). 

         Now due to some virus, it is encrypted to zxy.mf8y3 (extension) after searching hours of hours on google I was given a clue that some decrypters over the internet may help me to solve this problem, so if anybody has knowledge about this kindly guide me ill be very thankful 

waiting for the response

THANX



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:32 AM

Posted 01 March 2018 - 07:51 AM

You need to identify the ransomware infection first..in some cases using a faulty or incorrect decrypter may cause additional damage or corruption of files.

You can submit (upload) samples of encrypted files, ransom notes and any contact email addresses or hyperlinks provided by the cyber-criminals to ID Ransomware for assistance with identification and confirmation. This is a service that helps identify what ransomware may have encrypted your files and then attempts to direct you to an appropriate support topic where you can seek further assistance. Uploading both encrypted files and ransom notes together provides a more positive match and helps to avoid false detections. Any contact email addresses or hyperlinks provided by the criminals may also be helpful with identification. If ID Ransomware cannot identify the infection, you can post the case SHA1 it gives you for Demonslay335 to manually inspect the files.

Example screenshot:
2016-07-01_0936.png

Samples of encrypted files, ransom notes, any related files or suspicious executable's (installer, malicious files, attachments) that you suspect were involved in causing the infection can be submitted (uploaded) here with a link to this topic. There is a "Link to topic where this file was requested" box under the Browse button...it's best to zip (compress) all files before sharing. Doing that will be helpful with analyzing and investigating by our crypto malware experts.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 mohsin_hassan

mohsin_hassan
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 01 March 2018 - 08:46 AM

You need to identify the ransomware infection first..in some cases using a faulty or incorrect decrypter may cause additional damage or corruption of files.

You can submit (upload) samples of encrypted files, ransom notes and any contact email addresses or hyperlinks provided by the cyber-criminals to ID Ransomware for assistance with identification and confirmation. This is a service that helps identify what ransomware may have encrypted your files and then attempts to direct you to an appropriate support topic where you can seek further assistance. Uploading both encrypted files and ransom notes together provides a more positive match and helps to avoid false detections. Any contact email addresses or hyperlinks provided by the criminals may also be helpful with identification. If ID Ransomware cannot identify the infection, you can post the case SHA1 it gives you for Demonslay335 to manually inspect the files.

Example screenshot:
2016-07-01_0936.png

Samples of encrypted files, ransom notes, any related files or suspicious executable's (installer, malicious files, attachments) that you suspect were involved in causing the infection can be submitted (uploaded) here with a link to this topic. There is a "Link to topic where this file was requested" box under the Browse button...it's best to zip (compress) all files before sharing. Doing that will be helpful with analyzing and investigating by our crypto malware experts.

it is really help ful at least now i know what type of ransome it is it says its cry9 and decryptable but when i tried cry9 decrypter nothing happend i dont know what to do now...



#4 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:32 PM

Posted 01 March 2018 - 10:09 AM

This was identified as Cry36. Cry9 was just a false positive due to the email address in the ransom note. Cry36 was identified by the filemarker, which is more reliable. Also, the victim stated they were hit in December 2017, long after Cry9 stopped distribution.

 

Cry36 is not decryptable.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#5 mohsin_hassan

mohsin_hassan
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 01 March 2018 - 10:17 AM

This was identified as Cry36. Cry9 was just a false positive due to the email address in the ransom note. Cry36 was identified by the filemarker, which is more reliable. Also, the victim stated they were hit in December 2017, long after Cry9 stopped distribution.

 

Cry36 is not decryptable.

THANX for the response



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:32 AM

Posted 01 March 2018 - 11:55 AM

Since the infection has been identified, rather than have everyone with individual topics, it would be best (and more manageable for staff) if victims posted any more questions, comments or requests for assistance in the below support topic discussion.To avoid unnecessary confusion, this topic is closed.

Thanks
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users