Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Files got encrypted [return.data@qq.com]


  • This topic is locked This topic is locked
4 replies to this topic

#1 scyth333

scyth333

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 11 April 2018 - 08:47 AM

My computer was encrypted with the following details:

 

Does uploading the virus here for someone able to reverse engineer the codes help find the encryption key?

 

file extension"

id-66F6E0C7.[return.data@qq.com].arrow

email response i got from them:

Your files have been encrypted because you care badly about your security system.
We do not deliberately hacked you, it was an accident.

We can and we will help you if you accept our offer.
We always keep our promises.
You must make payment in BITCOINS to our adress.
After payment we will send to you detailed instructions and personal decoder for your infected device.
Also we will give you tips for improve your security.
Please make your decision as soon as possible! Otherwise, the price can change!
The price is 0,7 BTC. 
our wallet is: 19e9duPrD6F2Db3mCQUG5wC5r4BnmKUXFa

If you plan to get your data back, please write to us that you have read our terms.

Also you can make free test decryption. Conditions for test decryption:
1) You can send FEW files for test decrypting. Maximum files for test is 3.
2) Put your files in one archive, and upload your files here: dropfile.to and send to us link.
3) We don't decrypt ".exe" files, archives, databases, and backups for test(read: for free). 
You can send another files like jpg pdf xls doc and other. 
4) Files should not have the same extensions. One extesion - one file.
5) Total max size of test files is 5 mb(non-archived)!
6) If you will send to us test files it's mean that you completely agree with our proposal for decryption.


BC AdBot (Login to Remove)

 


#2 Amigo-A

Amigo-A

  • Members
  • 507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:07:37 AM

Posted 11 April 2018 - 09:36 AM

What is the name this ransom-note? 

Info.hta or FILES ENCRYPTED.txt or somehow differently? 


My projects: Digest "Crypto-Ransomwares" + Anti-Ransomware Project (In Russian) + Google Translate Technology

Have you been attacked by a Ransomware? Report here. Знаете русский язык? Пишите мне на русском. Помогу. 


#3 scyth333

scyth333
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 11 April 2018 - 09:38 AM

its info.hta, virus file is Explorer.exe (capital E)



#4 Amigo-A

Amigo-A

  • Members
  • 507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:07:37 AM

Posted 11 April 2018 - 09:41 AM

So this is Dharma Ransomware

 

No one has yet released a public decryptor.


Edited by Amigo-A, 11 April 2018 - 09:42 AM.

My projects: Digest "Crypto-Ransomwares" + Anti-Ransomware Project (In Russian) + Google Translate Technology

Have you been attacked by a Ransomware? Report here. Знаете русский язык? Пишите мне на русском. Помогу. 


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,390 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:37 PM

Posted 11 April 2018 - 03:54 PM

There is an ongoing discussion in this topic where victims can post comments, ask questions and seek further assistance. Other victims have been directed there to share information, experiences and suggestions.Rather than have everyone with individual topics, it would be best (and more manageable for staff) if you posted any more questions, comments or requests for assistance in the above support topic discussion...it includes experiences by experts, a variety of IT consultants, end users and company reps who have been affected by ransomware infections. To avoid unnecessary confusion, this topic is closed.

Thanks
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users