Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help me to id my ransom


  • Please log in to reply
2 replies to this topic

#1 magnored

magnored

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 21 May 2018 - 07:16 AM

I formatted my pc and erased all the txt and html files of the virus.
I am only with the encrypted files and could not be identified on the idransomware site

https://mega.nz/#!K0o0VYoR!ECSa8fGHGjN5k1xkh8TzE_Rqh1WDFtv_cVmURVQ9YBs


BC AdBot (Login to Remove)

 


#2 Amigo-A

Amigo-A

  • Members
  • 533 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:12:20 AM

Posted 21 May 2018 - 07:57 AM

Find a note of ransom: these can be images replacing wallpaper or files with extensions: txt, rft, html, hta.

 

Take a screenshot and send the file to sendspace.com


Edited by Amigo-A, 21 May 2018 - 08:02 AM.

My projects: Digest "Crypto-Ransomwares" + Anti-Ransomware Project (In Russian) + Google Translate Technology

Have you been attacked by a Ransomware? Report here. Знаете русский язык? Пишите мне на русском. Помогу. 


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:20 PM

Posted 21 May 2018 - 05:19 PM

Did you backup/image the hard drive before reformatting?

Are there any obvious file extensions appended to or with your encrypted data files? If so, what is the extension and is it the same for each encrypted file or is it different? Some types of ransomware will completely rename, encrypt or even scramble file names while others do not append any extensions.

The best way to identify the different ransomwares is the ransom note (including it's name), samples of the encrypted files, any obvious extensions appended to the encrypted files, information related to any email addresses or hyperlinks provided by the cyber-criminals to request payment and the malware file responsible for the infection.

Without the above information or if this is something new (or if there is no extension or filemarker in encrypted files), our crypto malware experts most likely will need a sample of the malware file itself to analyze before the type of infection can be confirmed. Samples of any suspicious executable's (installer, malicious files, attachments) that you suspect were involved in causing the infection can be submitted (uploaded) here with a link to this topic.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users