Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

COMPANY SERVER INFECTED bronmerkberpa1976@protonmail.com


  • Please log in to reply
23 replies to this topic

#1 pabliuca

pabliuca

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 26 March 2018 - 03:07 AM

We were attacked by this ransom yesterday. We have all te files encryted, the security backup too.

 

Please, we need help, its very important.

 

We have a readme with this:

 

"All your files are encrypted.
 
Ask how to restore your files by email bronmerkberpa1976@protonmail.com
 
Use only gmail.com, yahoo.com, protonmail.com.
Messages written from other mail services we can not get.
 
!!!With any changes to the encrypted files, do not forget to backup files!!!
 
Your ID:"

 

And the files had been rename with the filename.bronmerkberpa1976.b2dr

 

We used Id Ransonmware but it didn´t work.

 

thnx



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:32 AM

Posted 26 March 2018 - 06:14 AM

Looks new.

Our crypto malware experts most likely will need a sample of the malware file itself to analyze. Samples of any suspicious executable's (installer, malicious files, attachments) that you suspect were involved in causing the infection can be submitted (uploaded) here with a link to this topic...it's best to zip (compress) all files before sharing. There is a "Link to topic where this file was requested" box under the Browse button.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 pabliuca

pabliuca
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 26 March 2018 - 06:23 AM

zip is uploaded. thanks!!



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:32 AM

Posted 26 March 2018 - 06:43 AM

Ok. Please be patient until our crypto malware experts have a chance to review the submissions. Bleeping Computer is inundated with support requests and not everyone may receive an individual reply. After our volunteer experts have examined submitted files, they typically will only reply in a support topic if they can assist or need further information. If not, then the submissions were not helpful.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 pabliuca

pabliuca
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 26 March 2018 - 07:07 AM

we´ll be patient. If we could do something else just tell us. thnx



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:32 AM

Posted 26 March 2018 - 08:07 AM

If ID Ransomware did not provide any information, there is nothing else to do at this time but wait.

However, if ID Ransomware provided the case SHA1 you can post it here for Demonslay335 to manually inspect the files.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 pabliuca

pabliuca
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 26 March 2018 - 09:40 AM

Of course.

 

SHA1: 811becea67573dc7edf48d7dc52ac01a6d7f4de3



#8 Amigo-A

Amigo-A

  • Members
  • 566 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:10:32 AM

Posted 26 March 2018 - 01:32 PM

pabliuca

What is the name of the Ransom-note?


My projects: Digest "Crypto-Ransomwares" + Anti-Ransomware Project (In Russian) + Google Translate Technology

Have you been attacked by a Ransomware? Report here. Знаете русский язык? Пишите мне на русском. Помогу. 


#9 RolandJS

RolandJS

  • Members
  • 4,533 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:12:32 AM

Posted 26 March 2018 - 01:54 PM

How much are they asking to send you a de-encryption key?  Reason for asking:  Some companies, agencies, but not all, took a big chance and paid the ransom and actually got the key or keys to return their files to the original state; of course, such companies very likely immediately made data backups onto external media and had same stored in more than one off-site place.

Of course you can rightly and properly refuse to pay, and hope that key(s) can be found to unlock your stuff for free.


Edited by RolandJS, 26 March 2018 - 01:55 PM.

"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#10 pabliuca

pabliuca
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 27 March 2018 - 02:04 AM

They mailed yesterday:

 

"Hey. Archive any three files no larger than 2 mb.
Archive upload to http://sendspace.com and send us a link to the archive.
We will decrypt the files. Thank you."
 
 
And answering to Amigo-a: we have a txt called readme and a mail: bronmerberpa1976@protonmail.com


#11 Amigo-A

Amigo-A

  • Members
  • 566 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:10:32 AM

Posted 27 March 2018 - 02:54 AM

I found that encrypted files on compromised sites look like this:
filename.doc.bronmerkberpa1976@protonmail.com.b2dr 
filename.txt.bronmerkberpa1976@protonmail.com.b2dr
filename.asp.bronmerkberpa1976@protonmail.com.b2dr
filename.png.bronmerkberpa1976@protonmail.com.b2dr
filename.css.bronmerkberpa1976@protonmail.com.b2dr 
 
I did not find similar notes in my database.
If this is a version of a well-known extortioner, then it was reworked to be unrecognizable.
 

Edited by Amigo-A, 27 March 2018 - 03:55 AM.

My projects: Digest "Crypto-Ransomwares" + Anti-Ransomware Project (In Russian) + Google Translate Technology

Have you been attacked by a Ransomware? Report here. Знаете русский язык? Пишите мне на русском. Помогу. 


#12 pabliuca

pabliuca
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 27 March 2018 - 03:50 AM

thats the way our files are. Amigo-A



#13 Amigo-A

Amigo-A

  • Members
  • 566 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:10:32 AM

Posted 27 March 2018 - 03:53 AM

Have you already been informed of the ransom sum?


My projects: Digest "Crypto-Ransomwares" + Anti-Ransomware Project (In Russian) + Google Translate Technology

Have you been attacked by a Ransomware? Report here. Знаете русский язык? Пишите мне на русском. Помогу. 


#14 pabliuca

pabliuca
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 27 March 2018 - 04:02 AM

They want to sell us a program, and we are worried about if this program could works with bigger files. If they could show us that the program works with files about 4 or 5 gb, we were talking about the sum.



#15 Amigo-A

Amigo-A

  • Members
  • 566 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:10:32 AM

Posted 27 March 2018 - 04:33 AM

I understand your desire to return files, some encryptors damage large files when encrypted. But such large files are difficult to load over the Internet. Because they do not want to receive large files. When transferring large files, can also track the location of extortionists, but they do not want to be caught.


My projects: Digest "Crypto-Ransomwares" + Anti-Ransomware Project (In Russian) + Google Translate Technology

Have you been attacked by a Ransomware? Report here. Знаете русский язык? Пишите мне на русском. Помогу. 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users