Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My files got encrypted tech@cock.mail


  • This topic is locked This topic is locked
6 replies to this topic

#1 DrBeshir

DrBeshir

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:56 AM

Posted 11 April 2018 - 02:54 AM

My files were encrypted as I startde my computer today.

 

The note is a text file which says:

 

 

 

                    tech@cock.email
====================================================================================================
Your files are encrypted!
Your personal identifier:
6A02000000000000450883741D91890DC03008035702F3EFBF582F5555A94DC0D887D54C6E6CA485B979D8F4B94DDD2D57BE
AEAEF2F0EE7255AE9B2EA225F7B34CF94D8EC277E6366EB7AC62EBBCC6B4BEB21CEFBD922BA30EC92B3FD5862E73E766D5D7
324BA922B3AECCA290C889CE9A3064877645E433516978ABB9BAC0DB45F26E7127BCDCF585A3BE59D187D675F6A0304F01BB
04543B93F0A9F28E3C6B47E98D1375F63C104D3B02856DF310B8354C885869F8C7418CE04168CFAA6DF5BC0E87C81533913F
4E228AA8811328F8DA183CA87E790C60E69A9809464CF7AE3271EC8773D4EAF27403B2EE91A7F57400B8FF228FF54A4A2D03
9403F012466C1FB46195AF8F2AB6790E8336D94FED4545FC7905A0736A97E0A3971561EB6D6901E4B452D87CB2AD228B339B
94C6E26029403558D240F57C3109600FA3990DBBECF00F
====================================================================================================
To decrypt files, please contact us by email:
tech@cock.email
===================================================================================================

 

 

The files are renamed like this:

 

 

zvgD2L5vWgLvhMvPWXtD6rG5SPm8msmN.tech@cock.email

 

 

Any software I tried could not identify or decrypt the files.

 

Thank you in advance for your help.



BC AdBot (Login to Remove)

 


#2 Amigo-A

Amigo-A

  • Members
  • 416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:03:56 AM

Posted 11 April 2018 - 04:02 AM

DrBeshir

 

This Ransomware seems familiar to me. This is Scarab.
Earlier I described his previous version as Scarab-Decrypts Ransomware
 
The format of ransom-note is similar. Only a new email-address is used.
ID in all variants of the new version of the Scarab now longer.
Your ID now has 646 characters. 
 
 

Edited by Amigo-A, 11 April 2018 - 04:32 AM.

My projects: Digest "Crypto-Ransomwares" + Anti-Ransomware Project (In Russian) + Google Translate Technology

Have you been attacked by a Ransomware? Report here. Пострадали от шифровальщика? Сообщите мне здесь. 


#3 Amigo-A

Amigo-A

  • Members
  • 416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:03:56 AM

Posted 11 April 2018 - 04:10 AM

It can be decrypted under certain conditions by DrWeb specialists.

 

This #86 post refers to the previous version.
 
You need to contact Emmanuel_ADC-Soft to make a private request for a decryption in Dr.Web.
Good luck!

Edited by Amigo-A, 11 April 2018 - 04:20 AM.

My projects: Digest "Crypto-Ransomwares" + Anti-Ransomware Project (In Russian) + Google Translate Technology

Have you been attacked by a Ransomware? Report here. Пострадали от шифровальщика? Сообщите мне здесь. 


#4 DrBeshir

DrBeshir
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:56 AM

Posted 11 April 2018 - 04:25 AM

Thank you. Is there a known decypter? I can't find one to download.



#5 Amigo-A

Amigo-A

  • Members
  • 416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:03:56 AM

Posted 11 April 2018 - 04:27 AM

 

Is ransom-note called as HOW TO RECOVER ENCRYPTED FILES - tech@cock.email.TXT?

Or somehow differently?

 

Do not try to decrypt files use any decryptors. This can damage the files. You must act with caution. Before it's action you need make a backup copy of the encrypted files.


Edited by Amigo-A, 11 April 2018 - 04:40 AM.

My projects: Digest "Crypto-Ransomwares" + Anti-Ransomware Project (In Russian) + Google Translate Technology

Have you been attacked by a Ransomware? Report here. Пострадали от шифровальщика? Сообщите мне здесь. 


#6 DrBeshir

DrBeshir
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:56 AM

Posted 11 April 2018 - 04:58 AM

Thank you! I contacted Emmanuel_ADC-Soft for help with decrypting the files.

 

I will make a backup. Glad that I have a backup of my files from yesterday.



#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,938 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:56 PM

Posted 11 April 2018 - 06:32 AM

There is an ongoing discussion in this topic where victims can post comments, ask questions and seek further assistance. Other victims have been directed there to share information, experiences and suggestions.Rather than have everyone with individual topics, it would be best (and more manageable for staff) if you posted any more questions, comments or requests for assistance in the above support topic discussion...it includes experiences by experts, a variety of IT consultants, end users and company reps who have been affected by ransomware infections. To avoid unnecessary confusion, this topic is closed.

Thanks
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users