Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Everbe Ransomware Support & Help Topic (.everbe & !=How_recovery_files=!.txt)


  • Please log in to reply
10 replies to this topic

#1 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,640 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:37 AM

Posted 14 June 2018 - 05:57 PM

This topic is to support victims who have been infected with the Everbe Ransomware. The Everbe ransomware is currently encrypting files and appending the .[everbe@airmail.cc].everbe extension to encrypted file names.

When done, it will create a ransom note named !=How_recovery_files=!.txt, which contains ransom instructions.
 

ransom-note.jpg


The good news is that this ransomware can currently be decrypted using this decryptor:

https://download.bleepingcomputer.com/demonslay335/InsaneCryptDecrypter.zip

For more information on how to decrypt files encrypted by the Everbe ransomware, please see the Decryptor Released for the Everbe Ransomware article.



BC AdBot (Login to Remove)

 


#2 tjd65vw

tjd65vw

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 13 September 2018 - 12:03 AM

Hello, first time posting here and I am at a total loss. My family's business server was hit with Evil Locker ransomware and it is holding all instrumental data hostage. Our backups are infected as well.  Our IT company says that we will have to just start over, but we have information from when we first opened in 2004 that would have to be re-entered.  Does the above mentioned decryptor work for this ransomware or is there a decryption tool that may help us recover our files?



#3 tjd65vw

tjd65vw

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 13 September 2018 - 11:07 AM

Should I upload screenshots of the ransom note and notepad file to this topic?



#4 Amigo-A

Amigo-A

  • Members
  • 584 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:08:37 PM

Posted 13 September 2018 - 12:10 PM

tjd65vw
 
Use this service to upload files and images.
Then paste here the link.

My projects: Digest "Crypto-Ransomwares" + Anti-Ransomware Project (In Russian) + Google Translate Technology

Have you been attacked by a Ransomware? Report here. Знаете русский язык? Пишите мне на русском. Помогу. 


#5 tjd65vw

tjd65vw

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 13 September 2018 - 12:21 PM

https://www.sendspace.com/filegroup/5iIWOn3CLO48klDaFzE9kw



#6 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:37 AM

Posted 13 September 2018 - 02:03 PM

The decrypter only works with v1 of the ransomware. They fixed the flaws a long time ago, it is impossible to decrypt without the criminal's private RSA keys. Restore from backups and stop exposing RDP to the web.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#7 tjd65vw

tjd65vw

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 13 September 2018 - 02:06 PM

Damn.  Our backups were infected as well.  So SOL pretty much?



#8 JLondon999

JLondon999

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 08 October 2018 - 11:21 AM

Have a client with Everbe 2.0. Any chance the InsaneCryptDecrypter will or can be modified to help decrypt?



#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:37 AM

Posted 08 October 2018 - 02:17 PM

There is no known method to decrypt files encrypted by Everbe 2.0 without paying the ransom and obtaining the private RSA keys from the criminals since they fixed the flaws and Demonslay335's decypter for Everbe 1.0 will not work.
 


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 Tiwann-limo

Tiwann-limo

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 11 October 2018 - 03:43 AM

We were hit by Ransomware in all our information that was completely encrypted.

We contacted the email that was in the note on our servers as below.

 

*********************************************************************************************************

*    Hello ! All your files have been encrypted !                                                                         *
*   Don't worry , we can help tou to return all of your files .                                                       *
*    If you want to know price for decryptor , write to our email - divine@cock.lu                      *
*   In the subject write - id-8fc05427 .                                                                                        *
*                                                                                                                                                 *
*                                                                                                                                                 *
*   Every 7 days price doubles.                                                                                                  * 
*  If within 24 hours we didn't answer you , write to our backup mail - divinebackup@tuta.io . *
*                                                                                                                                                 *        

*********************************************************************************************************

 

And from this contact we managed to retrieve all our information positively.


Edited by Tiwann-limo, 11 October 2018 - 03:50 AM.


#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:37 AM

Posted 11 October 2018 - 05:06 AM

Most security experts will advise against paying the ransom demands of the malware writers because doing so only helps to finance their criminal enterprise and keep them in business. One of the reasons that folks get infected is because someone before them paid the bad guys to decrypt their data. The more people that pay the ransom, the more cyber-criminals are encouraged to keep creating ransomware for financial gain. Further, there is never a guarantee that paying the ransom will actually result in the restoration (decryption) of your files.

Some ransomware victims have reported they paid the ransom and were successful in decrypting their data. Other victims have reported paying the ransom only to discover the criminals wanted more money...demanding additional payments with threats the data would be destroyed or exposed. Still others have reported they paid but the cyber-criminals did not provide a decryptor or a key to decrypt the files, while others reported the decryption software and/or key they received did not work, resulted in errors and in some cases caused damage to the files. Most cyber-criminals provide instructions in the ransom note that allow their victims to submit one or two limited size files for free decryption as proof they can decrypt the files. However, decryption in bulk may not always work properly or work at all and decryption of very large files may be unsuccessful even with the criminal's decyption tool. In some cases victims may actually be dealing with scam ransomware where the malware writers have no intention or capability of decrypting files after the ransom is paid.

Keep all this in mind if you are considering paying the ransom since there is never a guarantee decryption will be successful or that the decrypter provided by the cyber-criminals will work as they claim.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users