Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FLKR Ransomware (INSTRUCTION.txt)


  • Please log in to reply
6 replies to this topic

#1 AkSeN

AkSeN

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:19 AM

Posted 25 May 2018 - 10:14 AM

help decrypt files - thanks
 
SHA1: 2b3c4be7cc8bd62b30176946e8245a168605bb3c[/size]

BC AdBot (Login to Remove)

 


#2 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:19 PM

Posted 25 May 2018 - 11:16 AM

help decrypt files - thanks

 

SHA1: 2b3c4be7cc8bd62b30176946e8245a168605bb3c

 

 

 

Looks like it may be something new, we'll need the malware itself to analyze.

 

For Google's sake.

 

Encrypted Filename: 1Cv7.CFG__murzik@jabber.mipt.ru

 

Ransom Note: INSTRUCTION.txt

Хотите расшифровать Ваши файлы? Пишите на джаббер (xmpp): murzik@jabber.mipt.ru (можете писать в оффлайн если нас нет в онлайне) Ваш PIN: [redacted 2 numbers]

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#3 thyrex

thyrex

  • Members
  • 597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belarus
  • Local time:03:19 AM

Posted 25 May 2018 - 11:25 AM

It's new version FLKR Ransomware. No chances without keyfile


Microsoft MVP 2012-2016 Consumer Security

Microsoft Reconnect 2016


#4 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:19 PM

Posted 25 May 2018 - 11:42 AM

Thanks for identifying it @thyrex, I've added it to detections on ID Ransomware.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#5 Amigo-A

Amigo-A

  • Members
  • 613 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:05:19 AM

Posted 25 May 2018 - 12:49 PM

It's not new ransomware. This is a new version of the previously known, which we described in December 2016.

 

 
I added this update a few days ago - on May 21. 2018

Edited by Amigo-A, 25 May 2018 - 12:52 PM.

My projects: Digest "Crypto-Ransomwares" + Anti-Ransomware Project (In Russian) + Google Translate Technology

Have you been attacked by a Ransomware? Report here. Знаете русский язык? Пишите мне на русском. Помогу. 


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:19 PM

Posted 25 May 2018 - 02:31 PM

The following posts were merged into this topic.

(Post #428)

It's new version FLKR Ransomware. No chances without keyfile


(Post #429)

Thanks for identifying it @thyrex, I've added it to detections on ID Ransomware.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 thyrex

thyrex

  • Members
  • 597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belarus
  • Local time:03:19 AM

Posted 29 May 2018 - 11:36 AM

File with keys now have name dakeys.txt. Virus delete this file when randomly select key.


Microsoft MVP 2012-2016 Consumer Security

Microsoft Reconnect 2016





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users