Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

All my files are encrypted. HELP


  • This topic is locked This topic is locked
9 replies to this topic

#1 Alper1

Alper1

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 29 May 2018 - 05:26 PM

Hello to everyone. My files have been encrypted for a long time. Hacked. 20 gb photo album encrypted. Please help me. In all my memories.
I leave a sample file below. help me.

 

Z31DJz.png

 

encrypted file​encrypted fileencrypted file
 
 
     encrypted fileEEN EENCYPTED FİLES https://yadi.sk/d/IQt_3B-X3WgFXJ
contact: pm & alpersaka123@protonmail.com & alpersaka123@gmail.com please.
 


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,613 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:27 PM

Posted 29 May 2018 - 06:06 PM

Are there any obvious file extensions appended to or with your encrypted data files? If so, what is the extension and is it the same for each encrypted file or is it different? Some types of ransomware will completely rename, encrypt or even scramble file names while others do not append any extensions.
Did you find any ransom notes and if so, what is the actual name of the note?

Did you submit (upload) any samples of encrypted files, ransom notes and any contact email addresses or hyperlinks provided by the cyber-criminals to ID Ransomware (IDR) for assistance with identification and confirmation? Uploading both encrypted files and ransom notes together provides a more positive match and helps to avoid false detections.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Alper1

Alper1
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 29 May 2018 - 06:50 PM

Hello quietman7 thank you for answer. All files have different extensions. There are thousands of pictures and all of them have different extensions. The picture is above as the ransom note. Its original name is HELP_YOUR_FILES. Link is on the picture part that i covered.

Edited by Alper1, 29 May 2018 - 06:51 PM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,613 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:27 PM

Posted 29 May 2018 - 06:56 PM

HELP_YOUR_FILES is a ransom note used by several types of ransomware. You should submit (upload) samples of encrypted files, the ransom note and any contact email addresses or hyperlinks provided by the cyber-criminals to ID Ransomware (IDR) for assistance with identification and confirmation.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Alper1

Alper1
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 29 May 2018 - 07:00 PM

no other note except the note above.

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,613 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:27 PM

Posted 29 May 2018 - 08:04 PM

Submit the note, encrypted files and any contact email addresses to ID Ransomware (IDR).
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 Amigo-A

Amigo-A

  • Members
  • 569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:06:27 AM

Posted 30 May 2018 - 12:04 PM

Probably, CryptoWall 4.0 
That was a long time ago - November, 2015
Ransom notes: 
HELP_YOUR_FILES.TXT
HELP_YOUR_FILES.HTML

My projects: Digest "Crypto-Ransomwares" + Anti-Ransomware Project (In Russian) + Google Translate Technology

Have you been attacked by a Ransomware? Report here. Знаете русский язык? Пишите мне на русском. Помогу. 


#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,613 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:27 PM

Posted 30 May 2018 - 03:24 PM

According to my notes...CryptoMix (CrypMix), Zeta and Iron Ransomware also use that ransom note name.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 Amigo-A

Amigo-A

  • Members
  • 569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:06:27 AM

Posted 01 June 2018 - 06:36 AM

Yes, but this is an early version of CryptoWall 4.0, which was distributed in November-December 2015 using a Angler EK.
 
The texts of HELP_YOUR_FILES.TXT and HELP_YOUR_FILES.HTML differed from each other.
 
lwv7pzA.png
 
Here link to Hybrid Analysis, where there are original screenshots of notes. 

Edited by Amigo-A, 01 June 2018 - 06:40 AM.

My projects: Digest "Crypto-Ransomwares" + Anti-Ransomware Project (In Russian) + Google Translate Technology

Have you been attacked by a Ransomware? Report here. Знаете русский язык? Пишите мне на русском. Помогу. 


#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,613 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:27 PM

Posted 01 June 2018 - 06:41 AM

A repository of all current knowledge regarding CryptoWall, CryptoWall 2.0, CryptoWall 3.0 & CryptoWall 4.0 is provided by Grinler (aka Lawrence Abrams), in the: CryptoWall and DECRYPT_INSTRUCTION Ransomware Information Guide and FAQ

Unfortunately, decryption of CryptoWall files...is impossible without paying the ransom since there is no way to retrieve the malware developer's private key that can be used to decrypt your files. For a more detailed explanation, read this reply by Nathan (DecrypterFixer).

The only methods you have of restoring your files is explained in the FAQ: How to restore files encrypted by CryptoWall...but there is no guarantee that will work.

There is an ongoing discussion in this topic where victims can post comments, ask questions and seek further assistance but as noted above there is no solution to fix your encrypted files. Other victims have been directed there to share information, experiences and suggestions.When or if a decryption solution is found, that information will be provided in the above support topic and you will receive notification if subscribed to it. In addition, a news article most likely will be posted on the Bleeping Computer front page.

Rather than have everyone with individual topics, it would be best (and more manageable for staff) if you posted any more questions, comments or requests for assistance in the above support topic discussion...it includes experiences by experts, a variety of IT consultants, end users and company reps who have been affected by ransomware infections. To avoid unnecessary confusion, this topic is closed.

Thanks
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users