Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ryuk Ransomware Support & Help Topic


  • Please log in to reply
2 replies to this topic

#1 dukeishere

dukeishere

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:54 AM

Posted 17 August 2018 - 01:41 PM

Your network has been penetrated.
 
All files on each host in the network have been encrypted with a strong algorithm.
 
Backups were either encrypted or deleted or backup disks were formatted.
Shadow copies also removed, so F8 or any other methods may damage encrypted data but not recover.
 
We exclusively have decryption software for your situation
No decryption software is available in the public.
 
DO NOT RESET OR SHUTDOWN - files may be damaged.
DO NOT RENAME OR MOVE the encrypted and readme files.
DO NOT DELETE readme files.
This may lead to the impossibility of recovery of the certain files.
 
To get info (decrypt your files) contact us at
MelisaPeterman@protonmail.com
or
MelisaPeterman@tutanota.com
 
BTC wallet:
14hVKm7Ft2rxDBFTNkkRC3kGstMGp2A4hk
 
Ryuk
 
No system is safe
 
 
 
 
This notepad file is saved on  the c drive also multiple files are saved to the public user folder such as
kIUAm (seems randomly name because it differs pc to pc) - Application
PUBLIC - file
RyukReadMe- Text Document
sys-file
UNIQUE_ID_DO_NOT_REMOVE-file
 
Any Information is greatly appreciated on a fix or any other info
 
Thanks
 
This affected 50+ pc's in a business
 
 
 
 
 


BC AdBot (Login to Remove)

 


#2 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:54 AM

Posted 17 August 2018 - 03:52 PM

We've seen a few submissions of this. ID Ransomware is picking up on the encrypted file via filemarker as Hermes, but the ransom note really looks like Bitpaymer to us. Either way, it is likely targetted via RDP hack.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#3 Amigo-A

Amigo-A

  • Members
  • 613 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:08:54 PM

Posted 19 August 2018 - 01:32 PM

it's not fish or not meat, but... Ryuk Ransomware


My projects: Digest "Crypto-Ransomwares" + Anti-Ransomware Project (In Russian) + Google Translate Technology

Have you been attacked by a Ransomware? Report here. Знаете русский язык? Пишите мне на русском. Помогу. 





3 user(s) are reading this topic

0 members, 3 guests, 0 anonymous users