Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

identifying the ransomware file encryption

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

identifying the ransomware file encryption

Unread postby rysiek » November 29th, 2016, 5:56 pm

Hi I have a problem to recognize ransomware that encrypted my files.
I have already used ID Ransomware (but it didn't answer my question) : https://id-ransomware.malwarehunterteam.com/
I have scaned all files by Malwarebytes and as a result it have found:

- Cerber
- Cerber.NSIS
- Locky

But the behavior of ransomware that encrypted my files is not similar to Cerber and Locky so I still don't know what to use to decrypt my files.
So, can you help me to identify which ransomware encrypted my files?

Behavior that I have noticed:
- no file names, and extensions have been changed
- on each disk and on desktop i have found text files: Your "files are locked !.txt", "files are locked !!.txt", "files are locked !!!.txt", "files are locked !!!!.txt", "files are locked !!!!!.txt"
- content of "files are locked !.txt":

Support e-mail: suppcop@india.com suppcop@yandex.ru

Your personal files encryption produced on this computer: photos, videos, documents, etc.
Encryption was produced using a unique public key RSA-2048 generated for this computer.

To decrypt files you need to obtain the private key.

The single copy of the private key, which will allow to decrypt the files,
located on a secret server on the Internet; the server will destroy the key after 120 hours.

After that nobody and never will be able to restore files.

To obtain the private key for this computer, you need pay 0.2 Bitcoin (~145 USD)


I have no idea how should I identify what ransomware has encrypted my files, because this behaviour, as I read, is not common for Cerber and Locky.
Please help me
rysiek
Active Member
 
Posts: 2
Joined: November 29th, 2016, 5:28 pm
Advertisement
Register to Remove

Re: identifying the ransomware file encryption

Unread postby Gary R » November 30th, 2016, 2:42 am

If you have uploaded a sample of one of your encrypted files to ... https://id-ransomware.malwarehunterteam.com/ ... and it has failed to identify the variant that has infected your files, it is unlikely we will be able to help you identify it.

The real specialists in this type of work can be found at ... http://www.bleepingcomputer.com/forums/ ... h-support/ ... and I suggest you post details of your problem there.

However, if you do not have backups of your files, it is very probable that there will not be a decryptor available, and recovery them may not be an option.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 111 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware