Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Got ransomeware, unable to ID as full drive is encrypted.


  • Please log in to reply
5 replies to this topic

#1 zqadir

zqadir

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 13 May 2018 - 09:09 PM

Hi 

 

Got a ransomeware in my system today, C is ok but D is fully encrypted so I dont know how to check on ID Ransomware. below is the unlock file content. please guide how to proceed. 


Hello. Sorry, your company's server hard drive was encrypted by us.

We use the most complex encryption algorithm (AES256).Only we can decrypt.

Please contact us: Email address  (Please check spam,Avoid missing mail)

Identification code:xx (Please tell us the identification code)

Ransom: Please pay 50 bitcoins.After the payment is successful, we will tell the Password.

In order for you to believe in us, we have prepared the test server.Please contact us and we will tell the test server and decrypt the password.

How to buy and pay for Bitcoin:

http://www.localbitcoins.com
Or you can google search "How to buy Bitcoin"
If you know other trading websites better.



We are a professional hacker team, not a virus.We only take directional attacks.We know everything about your company.If you refuse to pay, we will disclose important documents that we have(file,email,contracts and many more).


We are a reputable organization and definitely not a liar.Our business covers more than 20 countries around the world. There are hundreds of companies that have successfully unlocked.



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:41 PM

Posted 13 May 2018 - 09:22 PM

Are there any obvious file extensions appended to or with your encrypted data files? If so, what is the extension and is it the same for each encrypted file or is it different? Some types of ransomware will completely rename, encrypt or even scramble file names while others do not append any extensions.

What is the actual name of the ransom note?

Did the cyber-criminals provide an email address to send payment to? If so, what is the email address?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 zqadir

zqadir
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 13 May 2018 - 09:45 PM

Are there any obvious file extensions appended to or with your encrypted data files? If so, what is the extension and is it the same for each encrypted file or is it different? Some types of ransomware will completely rename, encrypt or even scramble file names while others do not append any extensions.

What is the actual name of the ransom note?

Did the cyber-criminals provide an email address to send payment to? If so, what is the email address?

they have left C:\ alone and used bestcryoto software to encrypt i can see a folder on my C: with this software, can i PM you the email ID?



#4 Amigo-A

Amigo-A

  • Members
  • 533 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:09:41 PM

Posted 14 May 2018 - 07:43 AM

bestcryoto 

 

 

BestCrypt, apparently...

 

Please send to PM an original note about the ransom. Without changes. 

Edited by Amigo-A, 14 May 2018 - 07:53 AM.

My projects: Digest "Crypto-Ransomwares" + Anti-Ransomware Project (In Russian) + Google Translate Technology

Have you been attacked by a Ransomware? Report here. Знаете русский язык? Пишите мне на русском. Помогу. 


#5 zqadir

zqadir
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 14 May 2018 - 08:16 PM

 

bestcryoto 

 

 

BestCrypt, apparently...

 

Please send to PM an original note about the ransom. Without changes. 

 

yes bestcrypt it is sorry for the typo yesterday has not been a good day. I am unable to open sendspace site. can i send you on forum PM?



#6 Amigo-A

Amigo-A

  • Members
  • 533 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:09:41 PM

Posted 15 May 2018 - 11:35 AM

zqadir

yes, send will any way you like

 

or 

https://wetransfer.com/


Edited by Amigo-A, 15 May 2018 - 11:37 AM.

My projects: Digest "Crypto-Ransomwares" + Anti-Ransomware Project (In Russian) + Google Translate Technology

Have you been attacked by a Ransomware? Report here. Знаете русский язык? Пишите мне на русском. Помогу. 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users