Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

.WAITING Ransomware


  • This topic is locked This topic is locked
4 replies to this topic

#1 ruthay

ruthay

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 17 April 2018 - 10:04 PM

Hello all, thank goodness this forum exist! Many thanks to the creators, contributors and moderators.

 

A computer on my network was infected with ransomware and it proceeded to encrypt the files there and then moved to my public network locations on April 9th.

 

I'm struggling with the identification of this one. I've used a few identification sites but have had no luck, so I'm hoping someone here can recognize it.

 

The file extension is .WAITING, the emails provided to respond to are:  waiting@bitmessage.ch  &  waiting@india.com

 

The ransom note is as follows:

All your important files were encrypted on this PC.
 
All files with .WAITING extension are encrypted.
 
Encryption was produced using unique private key RSA-1024 generated for this computer.
 
To decrypt your files, you need to obtain private key + decrypt software.
 
To retrieve the private key and decrypt software, you need to contact us by email waiting@bitmessage.ch send us an email your !!!INFO_RESTORE!!!.txt file and wait for further instructions.
 
For you to be sure, that we can decrypt your files - you can send us a 1-3 any not very big encrypted files and we will send you back it in a original form FREE.
 
Price for decryption $600 if you contact us first 72 hours.
------------------------------
 
I've tried many decrypters from TREND as well as Rakhni. At one point I changed the file extension on a test file from .WAITING to .LOCKED and ran RAKHNI on it. I was able to get the key however, it was unable to decrypt the file (as it was probably the wrong decrypter)
 
Appreciate anyone's advice, thanks for reading!
 


BC AdBot (Login to Remove)

 


#2 Amigo-A

Amigo-A

  • Members
  • 530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:08:01 AM

Posted 18 April 2018 - 03:36 AM

If you have the original file of ransom-note saved, then send it to me use the services of sendspace.com


My projects: Digest "Crypto-Ransomwares" + Anti-Ransomware Project (In Russian) + Google Translate Technology

Have you been attacked by a Ransomware? Report here. Знаете русский язык? Пишите мне на русском. Помогу. 


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,485 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:01 PM

Posted 18 April 2018 - 06:25 AM

Did you upload (submit) both encrypted files and ransom notes together along with any contact email addresses or hyperlinks provided by the cyber-criminals to ID Ransomware?

BYW...in some cases using an incorrect decrypter may cause additional damage or corruption of files.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Amigo-A

Amigo-A

  • Members
  • 530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:08:01 AM

Posted 18 April 2018 - 07:21 AM

This is new version STOP Ransomware

 

1) STOP ........................................ 2) SYSPENDED ......................................... 3) WATING

EBgh06i.png


Edited by Amigo-A, 18 April 2018 - 07:25 AM.

My projects: Digest "Crypto-Ransomwares" + Anti-Ransomware Project (In Russian) + Google Translate Technology

Have you been attacked by a Ransomware? Report here. Знаете русский язык? Пишите мне на русском. Помогу. 


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,485 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:01 PM

Posted 18 April 2018 - 07:34 AM

Since the infection has been identified, rather than have everyone with individual topics, it would be best (and more manageable for staff) if victims posted any more questions, comments or requests for assistance in the below support topic discussion.To avoid unnecessary confusion, this topic is closed.

Thanks
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users