Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


PGPSnippet Ransomware (!!!README_DECRYPT!!!.txt) Support Topic

  • Please log in to reply
2 replies to this topic

#1 baku123


  • Members
  • 1 posts
  • Local time:01:56 PM

Posted 12 June 2018 - 01:33 PM

Hello guys!


Please help me!

It creates a file named "!!!README_DECRYPT!!!.txt" in ALL affected folders, and its contents are as follows:


All your documents and other files ENCRYPTED !!!
TO RESTORE YOUR FILES YOU MUST TO PAY:   150$   by Bitcoin to this address: 1CEvCVbVnCC1eiM84MXCy3UmRecMPngKT
You can open an wallet here:  
Send the file on the way "WIN + R >> %APPDATA%" file name hosts.txt to our e-mail after paymentat this email address: criptfud@protonmail.com
We will confirm payment and send to you decrypt key + instruction
Remember: you have a 72 hours and if you not paid, that price will up
ATTENTION : all your attempts to decrypt your PC without our software and key can lead to irreversible destruction of your files !
Encrypted files have a ,.criptfud@protonmail_com, which is something else I couldn't find anywhere.
Please help me!
Thanks you :heart:  !

BC AdBot (Login to Remove)


#2 Demonslay335


    Ransomware Hunter

  • Security Colleague
  • 3,586 posts
  • Gender:Male
  • Location:USA
  • Local time:01:56 AM

Posted 12 June 2018 - 01:36 PM

If you had uploaded the ransom note to ID Ransomware, it would have identified it as PGPSnippet. In this case, the good news is that it is decryptable.


I will need an encrypted file and its original in order to break your key. You may share them using any third-party sharing site and posting the link here or in PM.

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.

#3 Amigo-A


  • Members
  • 622 posts
  • Gender:Male
  • Location:3st station from Sun
  • Local time:12:56 PM

Posted 12 June 2018 - 01:38 PM

This is PGPSnippet Ransomware, which I found a week ago.
Email: criptfud@protonmail.com
Sum ransom: 150$
Note: !!!README_DECRYPT!!!.txt
What extension is added to the files?

Edited by Amigo-A, 12 June 2018 - 01:40 PM.

My projects: Digest "Crypto-Ransomwares" + Anti-Ransomware Project (In Russian) + Google Translate Technology

Have you been attacked by a Ransomware? Report here. Знаете русский язык? Пишите мне на русском. Помогу. 

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users