Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PGPSnippet Ransomware (!!!README_DECRYPT!!!.txt) Support Topic


  • Please log in to reply
2 replies to this topic

#1 baku123

baku123

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 12 June 2018 - 01:33 PM

Hello guys!

 

Please help me!

It creates a file named "!!!README_DECRYPT!!!.txt" in ALL affected folders, and its contents are as follows:

ATTENTION !

 
All your documents and other files ENCRYPTED !!!
 
 
TO RESTORE YOUR FILES YOU MUST TO PAY:   150$   by Bitcoin to this address: 1CEvCVbVnCC1eiM84MXCy3UmRecMPngKT
 
 
You can open an wallet here:  
 
 
Send the file on the way "WIN + R >> %APPDATA%" file name hosts.txt to our e-mail after paymentat this email address: criptfud@protonmail.com
 
We will confirm payment and send to you decrypt key + instruction
 
Remember: you have a 72 hours and if you not paid, that price will up
 
ATTENTION : all your attempts to decrypt your PC without our software and key can lead to irreversible destruction of your files !
 
Encrypted files have a ,.criptfud@protonmail_com, which is something else I couldn't find anywhere.
 
Please help me!
Thanks you :heart:  !


BC AdBot (Login to Remove)

 


#2 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,513 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:43 AM

Posted 12 June 2018 - 01:36 PM

If you had uploaded the ransom note to ID Ransomware, it would have identified it as PGPSnippet. In this case, the good news is that it is decryptable.

 

I will need an encrypted file and its original in order to break your key. You may share them using any third-party sharing site and posting the link here or in PM.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#3 Amigo-A

Amigo-A

  • Members
  • 533 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:04:43 PM

Posted 12 June 2018 - 01:38 PM

baku123
This is PGPSnippet Ransomware, which I found a week ago.
Email: criptfud@protonmail.com
BTC: 1CEvCVbVnCC1eiM84MXCy3UmRecMPngKT
Sum ransom: 150$
Note: !!!README_DECRYPT!!!.txt
 
What extension is added to the files?

Edited by Amigo-A, 12 June 2018 - 01:40 PM.

My projects: Digest "Crypto-Ransomwares" + Anti-Ransomware Project (In Russian) + Google Translate Technology

Have you been attacked by a Ransomware? Report here. Знаете русский язык? Пишите мне на русском. Помогу. 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users