Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

This ransomware is decryptable! CryptON


  • This topic is locked This topic is locked
3 replies to this topic

#1 audi911

audi911

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 25 March 2018 - 08:46 PM

Hello friends, I have a question. Which might sound extremely ridiculous as a question, but common sense is telling me that the person who came up with this was either not in their right state of mind or simply didn't think it through properly.

I am infected with a ransomware that gives me 

filename.extention.id-#.locked

Which according to ID Ransomware it is decryptable. The file is identified as CryptON

So I am directed to EmiSoft decrypter tool. 

When I run the decrypter tool the tool tells me to put the INFECTED file and the NON INFECTED file. 

Am I the only one who finds this the most ridiculous way of decrypting the file?

If I have the original file, why in the world would I care about the encrypted one?

Common sense would suggest that if someone has their file encrypted, and they are looking to decrypt the file, it's because they do not have the original file. If someone had the original file they wouldn't care about the decrypted file?

 

Is there a "real" tool that will simply decrypt the file that I have without asking me for the original file?

This isn't a rant, it's just a very obvious question to a problem that seems to have a very ridiculous solution available.

It's kind of like saying, I can fix your broken car engine, but the only way I can fix your engine is if you provide me with a non broken same engine so I can examine the two. If I had a non broken engine, why would I care about fixing the broken one?

 

Can someone explain to me if I am the dim witted person for asking this or is there some logic to this that I am missing

Thanks!



BC AdBot (Login to Remove)

 


#2 anton75

anton75

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:11 PM

Posted 25 March 2018 - 10:02 PM

Did you read the "READ ME"?

https://decrypter.emsisoft.com/howtos/emsisoft_howto_crypton.pdf

 

The purpose of the dragging both original and encrypted file is to generate a key.

Try using system file or something that commonly exist in the computer.

 

I'm not an expert. Just trying to help.



#3 opera

opera

  • Members
  • 1,023 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:11 AM

Posted 25 March 2018 - 11:45 PM

 

You need one file pair. Not the original files to all your encrypted files. One file pair is enough to extrapolate the encryption key and use that to decrypt all your other files. In the years I have been doing this there hasn't been a single case where a user genuinely wasn't able to find at least one original file to one of the encrypted files he has. To give you a few pointers:

  • Were sample pictures or wallpapers encrypted, that ship with Windows? Just get the original files from a different system running the same Windows version.
  • Were files you downloaded encrypted (check your Download folder)? Simply download the same file again. The Download history may come in handy for that (pressing CTRL + J in most browsers will bring it up).
  • Were files encrypted that you recently shared with colleagues or friends/family? Simply get the original from your "Sent Mail" folder.

There are literally dozens of ways.

 

https://support.emsisoft.com/topic/26800-mrcrmerry-x-mas-ransomware-pegs1-mrcr1-rare1-merry-or-rmcm1-your_files_are_deadhta-merry_i_love_you_brucehta/?page=3&tab=comments#comment-166519



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,905 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:11 AM

Posted 26 March 2018 - 06:22 AM


There is an ongoing discussion in this topic where victims can post comments, ask questions and seek further assistance. Other victims have been directed there to share information, experiences and suggestions.Rather than have everyone with individual topics, it would be best (and more manageable for staff) if you posted any more questions, comments or requests for assistance in the above support topic discussion...it includes experiences by experts, a variety of IT consultants, end users and company reps who have been affected by ransomware infections. To avoid unnecessary confusion, this topic is closed.

Thanks
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users