Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zenis Ransomware Help & Support Topic (Zenis & Zenis-Instructions.html)


  • Please log in to reply
34 replies to this topic

#1 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,622 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:56 AM

Posted 16 March 2018 - 05:09 PM

If you have been hit by this ransomware, please PM Demonslay335 to receive help

 

 
 
A new ransomware is currently in the wild called Zenis Ransomware. If you are infected with this ransomware you will have your files encrypted and renamed as something like Zenis-4Q.4QDV9txVRGh4.

Ransom notes named Zenis-Instructions.html will also be dropped.

 

ransom-note.png


Edited by xXToffeeXx, 11 April 2018 - 08:27 AM.


BC AdBot (Login to Remove)

 


#2 panda2005

panda2005

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 17 March 2018 - 06:08 AM

I have a client whose system has been infected.

Please keep us up to date and let me know if any additional information might help.



#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,613 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:56 AM

Posted 17 March 2018 - 06:24 AM

More information in this BC news article: Zenis Ransomware Encrypts Your Data & Deletes Your Backups
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 notisz

notisz

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:56 PM

Posted 18 March 2018 - 02:48 AM

Guys my file server was hit. I had to pay they send me private key and decryptor but its not working please help

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,613 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:56 AM

Posted 18 March 2018 - 06:26 AM

If you have a decrypter, you can zip and submit it here with a link to this topic along with a few encrypted files, the private key and anything else the malware writers provide. Our crypto malware experts may be able to get some information to exploit by analyzing it further.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 notisz

notisz

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:56 PM

Posted 18 March 2018 - 06:46 AM

i just uploaded you the decrypter, private key and ransomwares instruction file with the hidden code inside



#7 notisz

notisz

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:56 PM

Posted 18 March 2018 - 07:00 AM

this was their answer after they tried to restore the damage and they failed!

 

We check all you 1206 help files with hashing them, Unfortunately, we did not find any difference between them. That means your private key is 100% correct, But your files was damaged, One of the potential reasons is the use of public programs. They are trying to bring your files back to their original state, but because the content has been modified, this will damage your files. You are a good man, and making these words upset us. Unfortunately, all you can do. start first ( download link, AES ) zenis decryptor and start full decrypt to undamaged files will be returned, Also upgrade your server and keep string password use for it, Although it's a pity for us, we are sadly saddened by this. Life goes on. Get up from the ground and continue with strength. Never forget the security of information. Our digital assets are not all our assets.



#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,613 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:56 AM

Posted 18 March 2018 - 07:02 AM

Ok...after our volunteer experts have examined submitted files, they typically will only reply in a support topic if they can assist or need further information. If not, then the submissions were not helpful.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 notisz

notisz

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:56 PM

Posted 18 March 2018 - 07:51 AM

So im waiting and hope to have some good news fast



#10 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:56 AM

Posted 18 March 2018 - 08:15 PM

Anyone who is affected by the ransomware, please contact me. I can help decrypt files without paying the criminals.

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#11 notisz

notisz

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:56 PM

Posted 19 March 2018 - 03:30 AM

I send you pm

#12 energetic_s2k

energetic_s2k

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 19 March 2018 - 05:42 AM

I’ve been affected too, my entire server. Is there a fix yet, as I understand by Demonslay335 post?

#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,613 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:56 AM

Posted 19 March 2018 - 06:15 AM

Demonslay335 said he can help decrypt files without paying the criminals but wants victims to contact him directly. This is most likely because he doesn't want to reveal how he can do this in public where the malware developers can see what the fix is. The malware writers are known to read these forum topics and we don't want to give them any information which could help them fix any flaws that Demonslay335 may have found.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:56 AM

Posted 19 March 2018 - 11:04 AM

Yes, if any victims haven't PM'd me yet, please do so. It's easier for me to queue the requests there.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#15 FrankZeka

FrankZeka

  • Members
  • 2 posts
  • OFFLINE
  •  

Posted 19 March 2018 - 11:39 AM

Yes, if any victims haven't PM'd me yet, please do so. It's easier for me to queue the requests there.

Done. :)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users