Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help to decrypt Filename.id.ransomed@india.com


  • This topic is locked This topic is locked
3 replies to this topic

#1 novo

novo

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Bengal, India
  • Local time:03:06 PM

Posted 29 May 2018 - 10:30 AM

Hello,
 
I have windows 10 installed in my PC and 2 days ago it was affected by Ransomware which encrypt my data files with extension ‘2221072979.ransomed@india.com’. A html file named ‘HOWTODECRYPTFILES’ shows it’s a CryptON encryption and obviously need to pay through Tor browser to get my files back.
 
I have three partitions C, D, E in my desktop hard-drive. I have formatted C: drive (my system drive) with my OS to stop the infection. But all the files in D: and E: remain encrypted.
 
I have tried the process explained in ‘nomoreransom.org’. It showed my PC attacked by ‘cryptXXX v1’ and can be decrypted by ‘Kaspersky’ or ‘Trend Micro’ decrypter. I have also tried emsisoft decrypter for cryptON. I have some backup files in my Onedrive so I provide them for reference as the decryption software asked. But failed to get any results
 
Even Recuva deep scan failed to recover data. and ID Ransomware link: 

https://id-ransomware.malwarehunterteam.com/identify.php?case=d7abcd1378aba10957be39b994ce29df657e78d2
 

Please Help. Ransom note given below

 

CryptON Ransomware
 
To decrypt the files, you need to purchase special software «CryptON decryptor»
Restore the data, follow the instructions!
 
 
 
You can learn more / request e-mail:
ransomed@india.com
You can learn more/questions in the chat:
You can learn more problem out bitmessage:
https://bitmsg.me/ BM-2cWzhoNFbjQ3X8pULiWSyKhc6dedQ54zQ1
 
 
- If the resource is unavailable for a long time to install and use the terms of reference of the browser:
1. + Start the Internet browser
2. + Type or copy the address https://www.torproject.org/download/download-easy.html in the address bar of your browser and press key ENTER
3. + On the website you will be prompted to download the Tor browser, download and install it. To work.
4. + Connection, click "connect" (using English version)
5. + After connecting, open a normal window Tor-browser
6. + Type or copy the address http://cryptxf3zamy5kfz.onion/ in the address bar of Tor-browser and press key ENTER
7. + Wait for the download site
 
 
// + If you have any problems with installation or usage, please visit the video:
 
Your personal identification ID:2221072979


BC AdBot (Login to Remove)

 


#2 Emmanuel_ADC-Soft

Emmanuel_ADC-Soft

  • Members
  • 312 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Paris
  • Local time:11:36 AM

Posted 29 May 2018 - 10:33 AM

Hello,

Unfortunatly there is no free tool to decrypt this Cry36 Ransomware.

You can have a look at the forum about the situation.

 

Kind regards,

Emmanuel emte@adc-soft.com



#3 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:36 AM

Posted 29 May 2018 - 10:54 AM

The CryptON tools are only for the earliest versions that had flaws, which have all been fixed since. ID Ransomware correctly identified it as Cry36 and already states it is not decryptable. Restoring from backups is your best option.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,482 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:36 AM

Posted 29 May 2018 - 06:16 PM

Rather than have everyone with individual topics, it would be best (and more manageable for staff) if you posted any more questions, comments or requests for assistance in the above CryptON Ransomware Support topic discussion link provided by Emmanuel_ADC-Soft.

To avoid unnecessary confusion, this topic is closed.

Thanks
The BC Staff


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users