Kraken Cryptor Ransomware Help Topic (-Lock.onion, How to Decrypt Files.txt)

Hello.
 
Recently my computer got encrypted with a cryptolocker that ID ransomware found it to be a amensia variant and at this moment there isn't a known way of decypting data.
I have tried the software from emsisoft but without any succes.
 
The ransom note is: 
                        ___
                     .-'   `'.
                    /         \
                    |         ;
                    |         |           ___.--,
           _.._     |0) ~ (0) |    _.---'`__.-( (_.
    __.--'`_.. '.__.\    '--. \_.-' ,.--'`     `''`
   ( ,.--'`   ',__ /./;   ;, '.__.'`    __
   _`) )  .---.__.' / |   |\   \__..--''  '''--.,_
  `---' .'.''-._.-'`_./  /\ '.  \ _.-~~~````~~~-._`-.__.'
        | |  .' _.-' |  |  \  \  '.               `~---`
         \ \/ .'     \  \   '. '-._)
          \/ /        \  \    `=.__`~-.     - ALL YOUR FILES HAS BEEN ENCRYPTED BY KRAKEN CRYPTOR!
          / /\         `) )    / / `''.`\   - READ THIS GUIDE BELOW TO RECOVERY YOUR FILES!
    , _.-'.'\ \        / /    ( (     / /
     `--~`   ) )    .-'.'      '.'.  | (    E-Mail      : onionhelp@memeware.net
            (/`    ( (`          ) )  '-;   Alternative : BM-2cWdhn4f5UyMvruDBGs5bK77NsCFALMJkR@bitmessage.ch
             `      '-;         (-'
 
 
-----BEGIN KRAKEN ENCRYPTED UNIQUE KEY-----
NFiz6rCPbObyymi97ANy/F/0CbBZwkrSKZS+CWwvXRrdTCxNoBu3t1n/GPEo7+nx
Yw+BymxKTTjgwT8lqSrWif2z1lkRe8ZaGGOaaX5M0zvZVrhRHA6zmqGeOpdiFZJu
FlCDRSOn070UA0Lx+UORBac3K+LprDQhhCLvKakVpqc+6i8BbZObL6P+BahoBh+2
Nt2CRsqAXMBdGteYDVr91B6E1peNKboKzsLQCaMafcLld20kE5myHoVgnOp7ZyWm
PGHkOah0vHzs0ABTxI+bj6R3KQTqhgN9Z2AoBcItzQzkvYvVTvM3jhMCBhx5sIJs
tIWIR9701I5zjcOr6fw+tXF7v1HS0LW7EaRR5NDXb0yB/aWJLcln6oEJrgXYhd+y
cUWIzB5wNSQTgQqzD0Xo8dwQR/pONPSR3Yx6XKj86MtnYdLEIduiH+fa8tqtknWZ
TeYS/42as8dpCKAcXN90Mj2n1jQ20sz/wZ2GjInZWphct51EfwpstDG5dsyo9vDz
RtMM7Nw9qpUIHltHFHHw9xRz93ImPEWWPjsLUrLAttwfummENxt/Ncb3QEzil0sG
cNCm/AdxlYz7EphVm1ON8k+0ronACMxWTH+g7wLXddrsUsP7LSftxPCD9lxkzLHF
br4O0OF/6YPbWdAwkTWrMQCeD2FediqLKI5rEuqBa44he6CUn8wq8KCx2f7rYg==
-----END KRAKEN ENCRYPTED UNIQUE KEY-----
 
 
> What happened to my computer?
 
All of your files such as documents, images, videos and other files with the different names and extensions are encrypted by KRAKEN CRYPTOR!
The speed, power and complexity of this encryption have been high and if you are now viewing this guide.
It means that KRAKEN CRYPTOR immediately removed form your system!
No way to recovery your files without KRAKEN DECRYPTOR software and your computer UNIQUE KEY!
You need to buy it from us because only we can help you!
 
> What the mean is encryption?
 
In cryptography, encryption is the process of encoding a message or information in such a way that only authorized parties can access it.
And those who are not authorized cannot.
 
> How can recover my files?
 
We guarantee that you can recover all your files soon safely.
You can decrypt one of your encrypted smaller file for free in the first contact with us.
For the decryption service, we also need your KRAKEN ENCRYPTED UNIQUE KEY you can see this in the top!
Are you want to decrypt all of your encrypted files? if yes! You need to pay for decryption service to us!
After your payment made, all of your encrypted files has been decrypted.
 
> How much is need to pay?
 
You need to pay (0.25 BTC), payment only can made as Bitcoins.
This links help you to understand whats is a Bitcoins and how it work:
https://en.wikipedia.org/wiki/Bitcoins
 
> How to obtain Bitcoins?
 
The easiest way to buy Bitcoins is LocalBitcoins website.
You must register on this site and click BUY Bitcoins then choose your country to find sellers and their prices.
https://localBitcoins.com/buy_Bitcoins
 
Other places to buy Bitcoins in exchange for other currencies:
https://Bitcoins.org/en/exchanges
 
> Attention
 
* DON'T MODIFY OR RENAME ENCRYPTED FILES!
* DON'T MODIFY KRAKEN ENCRYPTED UNIQUE KEY!
* DON'T USE THIRD-PARTY OR PUBLIC TOOLS/SOFTWARE TO DECRYPT YOUR FILES, THIS CAUSE DAMAGE YOUR FILES PERMANENTLY!
* DON'T ASK PEOPLE OR DATA RECOVERY CENTERS, THEY CANNOT DIRECT DECRYPT YOUR FILES AND CONTACT WITH US, THEY ARE MAY ADD EXTRA CHARGE!
 
> Additional
 
- Project KRAKEN CRYPTOR doesn't damage any of your files, this action is reversible if you follow the instructions above.
- Also, our policy is obvious: NO PAYMENT! NO DECRYPT!, if you do not have the ability to pay, we review your terms.
 
I've also tried any decryptor from Eset or Kasperky.
The files are encyped by this name 00017385-Lock.onion (the 00000 part is growing, it started from 000001-lock.onion)
I can give a moderate amount of money to anyone that can help me with the decyption.
 
 
Thank you,
 
Victor

Edited by quietman7, 22 August 2018 - 05:33 PM.

https://twitter.com/malwrhunterteam/status/1032259654552887296

It's KrakenCryptor, and is still under analysis. It has a very... interesting way of encrypting the file.

Edited by Amigo-A, 22 August 2018 - 02:28 PM.

yea, i guess they do love exUSSR since i'm part of that world.

Funny thing is that not many from this part of the world can pay that much for the decryption. I guess i've made a mistake sticking to an old OS and they did some mistakes with the research of the targeted area with an income of 300-1000Euro/month, and they want 0.25BTC:).

 

Is there any hope for a decryptor from the intial data?:D

 

Thanks

Victor

Maybe they will decrypt your files for free if they make sure that it happened by chance, because of the old OS.

Может они расшифруют ваши файлы бесплатно, если убедятся, что это произошло из-за старой ОС.

I've finished analyzing it, and it is secure I'm afraid. No way to decrypt without their private RSA keys. There is a pretty in-depth way it encrypts the file and it's metadata with the use of AES, RSA, Salsa20, and RC4. They also use SHA256 for veriying the keys. All of the keys are securely generated, and new keys are generated per file, then those keys are protected by a "session key" per victim, which is protected by the master RSA key. Afraid there's no way of cracking any of those keys.

Demonslay335

From which countries are the victims?

 

 

Extortionists themselves cannot decipher this. Already there are cases of confirmation.

Edited by Amigo-A, 23 August 2018 - 02:15 PM.

I've finished analyzing it, and it is secure I'm afraid. No way to decrypt without their private RSA keys. There is a pretty in-depth way it encrypts the file and it's metadata with the use of AES, RSA, Salsa20, and RC4. They also use SHA256 for veriying the keys. All of the keys are securely generated, and new keys are generated per file, then those keys are protected by a "session key" per victim, which is protected by the master RSA key. Afraid there's no way of cracking any of those keys.

 

hi...i have had a hit also and all my files have been encrypted with a -lock.onion file extension...i have searched for a decryptor all week but nothing..i guess you are right when you say there is no way of cracking the keys...I hope something comes up soon...I have very important files that I have lost...although I was rescued by an old backup from earlier this year on an external drive...do communicate in case something does come up...no way I am paying to these buggers...this is from Africa by the way from Tanzania...habib@raid.co.tz

If possible, your best option is to restore from backups, try file recovery software or backup/save your encrypted data as is and wait for a possible solution at a later time. Ignore all Google searches which provide links to bogus and untrustworthy removal/decryption guides.