Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Crypted data (.blockchain)


  • Please log in to reply
1 reply to this topic

#1 filipkcz

filipkcz

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 15 March 2018 - 01:30 AM

Hi,

 

Do you have decryptor for these files: http://ceskeit.cz/bc/ ?

 

ESET detect information file instructions.html like: http://www.virusradar.com/en/Win32_Filecoder.FV/description and deleted it. 

 

 

Your personal ID

61 BE 04 7C 65 99 7C 31 54 80 B0 AC 9F BE 92 F5
E8 4B 57 E1 9C 70 F5 87 8D E7 D6 E2 BA A2 21 E8
FA 82 A7 2B 0F E6 F3 2E E7 E8 D6 D4 03 50 16 68
F2 6D 9C C5 63 43 1E DE 81 C5 3B 5F AA 45 8B 73
9D 0B CB C1 F0 57 0A BD CD 68 85 B7 9F 1E B8 80
43 F9 9A 17 77 61 80 0B DD 0F DA 5C D7 31 6C B1
E1 C1 0A BF 59 58 79 A6 62 37 7C 0A C6 DF 1A EF
92 CB B0 22 02 38 9C 3D E2 70 03 3A EC 0C 4C 3D
53 7B 0A 24 DE 26 AF F3 37 F4 46 00 48 48 05 98
7C D2 AA 02 94 07 39 C5 87 1D 5E 7D F4 E0 D6 8D
F9 4B 98 2F C7 60 C7 24 68 DB 1D 8F 83 9E E3 B4
B6 7F 7A F8 0E 41 0F 51 6A 6E 6C D6 F2 82 9C 90
DA 96 FB 78 11 DF 09 35 18 D1 75 3C CC 29 CA 59
3B A6 C5 FA 9A 1D 0B 59 EC 78 CF F3 37 74 79 A4
FA 76 37 8B 87 00 2E 4A DC 23 A1 70 A9 0D 83 F6
83 43 D8 AE A3 94 73 C9 87 BC 7C 17 77 DE 73 62
 
<center><h1>Hello</center></br></h1>
 
<br><center>Your files, documents, photo, databases and all the rest aren't REMOVED. </br>
It is impossible to restore files without our help.</br>
You will try to restore files independent you will lose files</br>
FOREVER.</h1></center>
 
<br><center>---------------------------------------------------------- </br></center>
You will be able to restore files so:
<li> to contact us by e-mail: <strong>helpforyou@airmail.cc</strong></li>
 
  you send your ID identifier and 2 files, up to 1 MB in size everyone.
  We decipher them, as proof of a possibility of interpretation.
  also you receive the instruction where and how many it is necessary to pay.
 
<li> you pay and confirm payment.</li>
 
<li> after payment you receive the DECODER program. which you restore ALL YOUR FILES.</li>
<center>----------------------------------------------------------</center>
 
You have 72 hours on payment.
 
If you don't manage to pay in 72 hours, then the price of interpretation increases twice.</br>
 
 <li> If you don't waste time for attempts to decipher, then you will be able to restore all files in 1 hour. </li>
 <li> If you try to decipher - you can FOREVER lose your files. </li>
 <li> Decoders of other users are incompatible with your data as at each user </li>
unique key of enciphering
<center>-----------------------------   P.S. ----------------------------------</center>
If you have no bitcoins
 <li> Create Bitcoin purse: https://blockchain.info/ru/wallet/new</li>
 <li> Buy Bitcoin in the convenient way:</li>
   <center><strong>https://localbitcoins.com/buy_bitcoins (Visa/MasterCard, Bank transfering, etc.)</strong></center>
   <center><strong>http://www.instructables.com/id/Bitcoins-The-Complete-Guide/ (the instruction for beginners in English)</strong></center>
 
 - It doesn't make sense to complain of us and to arrange a hysterics. </br>
 - Complaints having blocked e-mail, you deprive a possibility of the others, to decipher the computers.</br>
   Other people at whom computers are also ciphered you deprive of the ONLY hope to decipher. FOREVER.</br>
 - Just contact with us, we will stipulate conditions of interpretation of files and available payment, </br>
   in a friendly situation.</br>
<center>---------------------------------------------------------</center>

Edited by filipkcz, 15 March 2018 - 01:45 AM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,613 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:45 PM

Posted 15 March 2018 - 06:27 AM


GlobeImposter/GlobeImposter 2.0 will leave files (ransom notes) named how_to_back_files.html as idicated in the ESET link you provided.

The best way to identify the different ransomwares is the ransom note (including it's name), samples of the encrypted files, any obvious extensions appended to the encrypted files, information related to any email addresses or hyperlinks provided by the cyber-criminals to request payment and the malware file responsible for the infection.

You can submit (upload) samples of encrypted files, ransom notes and any contact email addresses or hyperlinks provided by the cyber-criminals to
ID Ransomware for assistance with identification and confirmation. This is a service that helps identify what ransomware may have encrypted your files and then attempts to direct you to an appropriate support topic where you can seek further assistance. Uploading both encrypted files, ransom notes and any contact email addresses or hyperlinks provided by the cyber-criminals together provides a more positive match and helps to avoid false detections. Any email addresses or hyperlinks provided by the criminals may also be helpful with identification. If ID Ransomware cannot identify the infection, you can post the case SHA1 it gives you in your next reply for Demonslay335 to manually inspect the files.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users