Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

help@cairihi.com


  • Please log in to reply
3 replies to this topic

#1 WorkerBee9

WorkerBee9

  • Members
  • 1 posts
  • OFFLINE
  •  

Posted 25 March 2018 - 10:29 PM

These guys locked up my server with ransomware. They asked for $2k in Bitcoin which I paid immediately.
They sent an .exe file that didnt work. They said they would correct it and to wait. After sever emails to them they stopped responding. Do not pay these amateurs they dont know to fix what they do.

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:48 PM

Posted 26 March 2018 - 06:48 AM

Are there any obvious file extensions appended to or with your encrypted data files? If so, what is the extension and is it the same for each encrypted file or is it different? Some types of ransomware will completely rename, encrypt or even scramble file names while others do not append any extensions.
Did you find any ransom notes and if so, what is the actual name of the note?

Did you submit (upload) any samples of encrypted files, ransom notes and any contact email addresses or hyperlinks provided by the cyber-criminals to ID Ransomware for assistance with identification and confirmation? Uploading both encrypted files and ransom notes together provides a more positive match and helps to avoid false detections.

As typical with ransomware, some victims have reported they paid the ransom and were successful in decrypting their data. Some victims have reported paying the ransom only to discover the criminals wanted more money...demanding additional payments with threats the data would be destroyed or exposed. Still others have reported they paid but the cyber-criminals did not provide a decryptor or a key to decrypt the files, while others reported the decryption software and/or key they received did not work, resulted in errors and in some cases caused damage to the files. Most cyber-criminals provide instructions in the ransom note that allow their victims to submit one or two limited size files for free decryption as proof they can decrypt the files. However, decryption in bulk may not always work properly or work at all and decryption of very large files may be unsuccessful even with the criminal's decyption tool.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Amigo-A

Amigo-A

  • Members
  • 416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:03:48 AM

Posted 26 March 2018 - 01:49 PM

Email: help@cairihi.com was used in Rapid Ransomware v.1
Update on Febuary 16, 2018
Source - Russian-language forum
 
Extension: .rapid
Ransom-note: How Recovery Files.txt
Email: help@cairihi.com
BM-2cVeAHvZZjUf8M1v7AZKWeopqcYnTVFVZG@bitmessage.ch
 
Contents of Ransom-note: 
Hello, dear friend!
All your files have been ENCRYPTED
Do you really want to restore your files?
Write to our email - help@cairihi.com or BM-2cVeAHvZZjUf8M1v7AZKWeopqcYnTVFVZG@bitmessage.ch
and tell us your unique ID - ID-XXXXXXXX

 

 


Edited by Amigo-A, 27 March 2018 - 05:39 AM.

My projects: Digest "Crypto-Ransomwares" + Anti-Ransomware Project (In Russian) + Google Translate Technology

Have you been attacked by a Ransomware? Report here. Пострадали от шифровальщика? Сообщите мне здесь. 


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:48 PM

Posted 26 March 2018 - 03:45 PM

ID Ransomware should confirm if OP submits as instructed.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users