Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

need help: ransomed@india.com


  • This topic is locked This topic is locked
5 replies to this topic

#1 ortidan

ortidan

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:14 AM

Posted 09 July 2018 - 08:04 PM

good day to all

 

need your help 

 

all my files are encrypted due to a ransome virus: picture, music, video etc

 

the format is my file name  followed with a number.ransomed@india.com

 

I have installed Red hunter and spy Hunter: removed all the virus etc, tried to use stellar Phoenix Windows data software without any succes

 

Any suggestion

 

Thanks in advane

 

Dan

 

 

 

 



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:14 AM

Posted 09 July 2018 - 08:53 PM

Any files that are encrypted with Cry36, will have an <id-number> followed by a random 5 character hexadecimal extension and <email> (i.e. .id-1163283255_[liukang@mortalkombat.su].08c85, .id-1163283255_[mk.baraka@aol.com].830s7, .id-1163283255_[mk.stryker@aol.com].i05fp), or <id-number> followed by <email> (i.e. .id-1163283255_[<email>].nemesis, .id-1163283255_[<email>].losers, id-2152775323_[vegan.klassic@aol.com].vx7mi, .3952765454.ransomed@india.com) extension appended to the end of the encrypted filename and leave files (ransom notes) named ### DECRYPT MY FILES ###.txt, HOWTODECRYPTFILES.HTML, HOW TO DECRYPT FILES.txt. The Cry36 (Damoclis gladius) version will append the .damoclis extension to the end of the encrypted filename.

You can submit (upload) samples of encrypted files, ransom notes and any contact email addresses or hyperlinks provided by the cyber-criminals to ID Ransomware (IDR) for assistance with identification and confirmation. This is a service that helps identify what ransomware may have encrypted your files, whether it is decryptable and then attempts to direct you to an appropriate support topic where you can seek further assistance. Uploading both encrypted files and ransom notes together provides a more positive match and helps to avoid false detections. Any contact email addresses or hyperlinks provided by the criminals may also be helpful with identification.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 ortidan

ortidan
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:14 AM

Posted 10 July 2018 - 07:29 AM

one sample file transfered

thanks

#4 ortidan

ortidan
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:14 AM

Posted 10 July 2018 - 07:31 AM

uploaded one sample to your link, with this as conclusion: no solution available: is this the latest info for this ransome infection

#5 ortidan

ortidan
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:14 AM

Posted 10 July 2018 - 07:43 AM

here is the ransome link



You can learn more / request e-mail:
ransomed@india.com
You can learn more/questions in the chat:
https://cryptxf3zamy5kfz.tor2web.link (not need Tor)
https://cryptxf3zamy5kfz.onion.plus (not need Tor)
http://cryptxf3zamy5kfz.onion/ (need Tor)
You can learn more problem out bitmessage:
https://bitmsg.me/ BM-2cWzhoNFbjQ3X8pULiWSyKhc6dedQ54zQ1


- If the resource is unavailable for a long time to install and use the terms of reference of the browser:
1. + Start the Internet browser
2. + Type or copy the address https://www.torproject.org/download/download-easy.html in the address bar of your browser and press key ENTER
3. + On the website you will be prompted to download the Tor browser, download and install it. To work.
4. + Connection, click "connect" (using English version)
5. + After connecting, open a normal window Tor-browser
6. + Type or copy the address http://cryptxf3zamy5kfz.onion/ in the address bar of Tor-browser and press key ENTER
7. + Wait for the download site


// + If you have any problems with installation or usage, please visit the video:

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:14 AM

Posted 10 July 2018 - 03:54 PM

That is correct, Cry36 is not decryptable at this time without paying the ransom to the criminals. Fabian Wosar has previously explained why.

As mentioned before in various places: We classified Cry36 as not feasible to decrypt using the restrictions we try to operate within. Kaspersky was able to "liberate" some of the private keys, so you can try to contact them. But it is highly unlikely that there will be a new decrypter for Cry36 from us.


There is an ongoing discussion in this topic where victims can post comments, ask questions and seek further assistance. Other victims have been directed there to share information, experiences and suggestions.Rather than have everyone with individual topics, it would be best (and more manageable for staff) if you posted any more questions, comments or requests for assistance in the above support topic discussion...it includes experiences by experts, a variety of IT consultants, end users and company reps who have been affected by ransomware infections. To avoid unnecessary confusion, this topic is closed.

Thanks
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users