Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help. YOUR SYSTEM IS LOCKED AND ALL YOUR IMPORTANT DATA HAS BEEN ENCRYPTED


  • This topic is locked This topic is locked
3 replies to this topic

#1 Zoreck

Zoreck

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:28 AM

Posted 11 July 2018 - 12:03 PM

Hi to everyone, i'm new here

 

Recently mi server was infected by a Ransomware, all my data is encrypted with the extension .DATA_IS_SAFE_YOU_NEED_TO_MAKE_THE_PAYMENT_IN_MAXIM_24_HOURS_OR_ALL_YOUR_FILES_WILL_BE_LOST_FOREVER_PLEASE_BE_REZONABLE_IS_NOT_A_JOKE_TIME_IS_LIMITED

 

it's a very long extension. 

 

This is the message received, it appears when the computer starts

 

YOUR SYSTEM IS LOCKED AND ALL YOUR IMPORTANT DATA HAS BEEN ENCRYPTED.
DON'T WORRY YOUR FILES ARE SAFE.
TO RETURN ALL TO NORMALLY YOU MUST BUY THE CERBER DECRYPTOR PROGRAM.
PAYMENTS ARE ACCEPTED ONLY THROUGH THE BITCOIN NETWORK.
YOU CAN GET THEM VIA ATM MACHINE OR ONLINE 
THE PRICE FOR DECRYPTOR SOFTWARE IS 1 BTC
BTC ADRESS : 3MWmCxtgTeUgdDtdvhk1dtoEg5sb7cmypS (where you need to make the payment)
VERRY IMPORTANT !
DO NOT TRY TO SCAN WITH ANTIVIRUS YOU RISK LOSING YOUR DATA .
ANTIVIRUSES ONLY DESTROY THE ENCRYPTED DATA , THEY DO NOT KNOW THE ALGORITH WITH WICH THE ENTIRE SYSTEM WAS ENCRYPTED.
THE ONLY WAY TO DECRYPT YOUR SYSTEM AND RETURN TO NORMAL IS TO BUY THE ORIGINAL DECRYPTOR SOFTWARE.
For more information : FSA2018@scryptmail.com   (24/7)
Subject : SYSTEM-LOCKED-ID: 77661012018

 

Thanks 


Edited by Zoreck, 11 July 2018 - 12:14 PM.


BC AdBot (Login to Remove)

 


#2 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,513 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:28 AM

Posted 11 July 2018 - 12:14 PM

It's Xorist, ID Ransomware would have already identified it if you uploaded the ransom note and/or encrypted file. It's decryptable using an encrypted file and it's original with the Emsisoft decrypter.

 

https://www.bleepingcomputer.com/news/security/emsisoft-releases-decryptors-for-the-xorist-and-777-ransomware/


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#3 thyrex

thyrex

  • Members
  • 574 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belarus
  • Local time:08:28 AM

Posted 11 July 2018 - 01:04 PM

But I think a lot of files may be encrypted without filename changing


Microsoft MVP 2012-2016 Consumer Security

Microsoft Reconnect 2016


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,485 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:28 AM

Posted 11 July 2018 - 05:26 PM

Since the infection has been identified/confirmed, rather than have everyone with individual topics, it would be best (and more manageable for staff) if victims posted any more questions, comments or requests for assistance in the below support topic discussion.To avoid unnecessary confusion, this topic is closed.

Thanks
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users