Hello I need help with my Nas WD I have almost all files encrypted with the extension 0xxx .Could you help me with a solution?
I add the readme file !0XXX_DECRYPTION_README.TXT 559bytes 42 downloads
Edited by quietman7, 01 August 2021 - 02:52 PM.
Posted 19 June 2021 - 09:47 AM
Hello I need help with my Nas WD I have almost all files encrypted with the extension 0xxx .Could you help me with a solution?
I add the readme file !0XXX_DECRYPTION_README.TXT 559bytes 42 downloads
Edited by quietman7, 01 August 2021 - 02:52 PM.
Posted 19 June 2021 - 06:47 PM
You can submit (upload) samples of encrypted files, ransom notes and any contact email addresses provided by the malware developer to ID Ransomware (IDR) for assistance with identification and confirmation of the infection. ID Ransomware can identify ransomware which adds a prefix instead of an extension and more accurately identifies ransomware by filemarkers if applicable. Uploading both encrypted files and ransom notes together along with any email addresses provided gives a more positive match with identification and helps to avoid false detections. Please provide a link to the ID Ransomware results.
If ID Ransomware cannot identify the infection, you can post the case SHA1 it gives you in your next reply for Demonslay335 (Michael Gillespie) to manually inspect the files and check for possible file markers.
Please upload the original ransom note and samples of encrypted files (different formats - doc, png, jpg) AND its original (unencrypted) file for comparison to the following third-party file hosting service and provide a link or send a PM with a link to Amigo-A (Andrew Ivanov) so he can inspect them and possibly confirm the infection (and/or add to his database).
.
.
Microsoft MVP Alumni 2023, Windows Insider MVP 2017-2020, MVP Reconnect 2016-2023
Microsoft MVP Consumer Security 2007-2015
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Retired Police Officer, Federal Agent and Coast Guard Chief
If I have been helpful & you'd like to consider a donation, click
Posted 20 June 2021 - 08:23 AM
here I leave the encrypted files and the ransom note https://dropmefiles.com/r8NoK
This is the ransom mail iosif.lancmann@mail.ru
Please make sure you are uploading a ransom note and encrypted sample file from the same infection.
This can happen if this is a new ransomware, or one that cannot be currently identified automatically.
You may post a new topic in the Ransomware Tech Support and Help forums on BleepingComputer for further assistance and analysis.
Please reference this case SHA1: affd3bb9e56c8059e090c4a213fbb5ed294f5638
Edited by Paleskiwi, 20 June 2021 - 10:32 AM.
Posted 20 June 2021 - 09:21 AM
.
.
Microsoft MVP Alumni 2023, Windows Insider MVP 2017-2020, MVP Reconnect 2016-2023
Microsoft MVP Consumer Security 2007-2015
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Retired Police Officer, Federal Agent and Coast Guard Chief
If I have been helpful & you'd like to consider a donation, click
Posted 20 June 2021 - 01:58 PM
This seems like a new ransomware.
Self-name: 0XXX Virus
A new article in my Digest: 0XXX Ransomware
Archived files change the modification date.
Let us know when the encryption happened and what happened before this incident.
Edited by Amigo-A, 20 June 2021 - 02:44 PM.
My site: The Digest "Crypto-Ransomware" + Google Translate
Posted 21 June 2021 - 02:03 PM
We'd need the malware to properly analyze it.
Can you provide an encrypted file and its original for me to compare?
ID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]
RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]
CryptoSearch - Find Files Encrypted by Ransomware [Support Topic]
If I have helped you and you wish to support my ransomware fighting, you may support me here.
Posted 21 June 2021 - 05:54 PM
Topic title changed to reflect naming convention and direct other victims to this support topic.
.
.
Microsoft MVP Alumni 2023, Windows Insider MVP 2017-2020, MVP Reconnect 2016-2023
Microsoft MVP Consumer Security 2007-2015
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Retired Police Officer, Federal Agent and Coast Guard Chief
If I have been helpful & you'd like to consider a donation, click
Posted 10 July 2021 - 11:59 AM
News about this ransomware?
Edited by barbatrukko, 10 July 2021 - 12:05 PM.
Posted 10 July 2021 - 12:04 PM
We still need the malware in order to identify / analyze it.
ID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]
RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]
CryptoSearch - Find Files Encrypted by Ransomware [Support Topic]
If I have helped you and you wish to support my ransomware fighting, you may support me here.
Posted 10 July 2021 - 04:19 PM
.
.
Microsoft MVP Alumni 2023, Windows Insider MVP 2017-2020, MVP Reconnect 2016-2023
Microsoft MVP Consumer Security 2007-2015
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Retired Police Officer, Federal Agent and Coast Guard Chief
If I have been helpful & you'd like to consider a donation, click
Posted 14 July 2021 - 05:26 AM
same here can provide both encrypted and plain files if needed .... thanks if I can help let me know.
In my case I run ubuntu linux an all my PCs .. just have one iMac ... but no Windows device ... probably attack arrived from outside since my NAS smb ports where open to work remotely.
Edited by CKlabs, 14 July 2021 - 05:27 AM.
Posted 14 July 2021 - 06:49 AM
Hello at the end I make the decision to pay the ransom if you want I can upload the decryptor and the encrypted and original files and I think that the key they give me only decrypts my files
Posted 14 July 2021 - 07:04 AM
Anyone can give the decryptor (decoder) to Demonslay335 if they wish.
Just don't tell everyone about it. Extortionists can read this too.
My site: The Digest "Crypto-Ransomware" + Google Translate
Posted 14 July 2021 - 08:38 AM
If you have a working decryptor, you can zip and submit it here with a link to this topic along with a few encrypted files, the private key and anything else the malware writers provided or send it in a PM to Demonslay335 (Michael Gillespie).
.
.
Microsoft MVP Alumni 2023, Windows Insider MVP 2017-2020, MVP Reconnect 2016-2023
Microsoft MVP Consumer Security 2007-2015
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Retired Police Officer, Federal Agent and Coast Guard Chief
If I have been helpful & you'd like to consider a donation, click
Posted 15 July 2021 - 02:50 AM
I would like to help so if you have the decoder and any other info please share with me if possible, the encryption seems to work in blocks of 16 bytes since the spare last bytes if less then 16 are not encrypted, so AES with a 128 bit key probably.
edit:
found that on bigger files more than the last 16 bytes are still plain ... do not know if I interrupted the encryption process by putting the NAS offline.
Edited by CKlabs, 15 July 2021 - 07:47 AM.
0 members, 4 guests, 0 anonymous users