Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Microsoft just killed the Windows 10 Beta Channel again

Featured Deal: Study ethical hacking in this comprehensive $40 course bundle deal

Latest Buyer's Guide:    PureVPN review: How good is it in 2024?

Generic User Avatar

ransomware with loader crash contact chinaobd2@protonmail.com extension

Started by Assile , Oct 29 2024 01:22 PM

  • Please log in to reply
17 replies to this topic

#16 quietman7

quietman7

    Bleepin' Gumshoe


  • Avatar image
  • Global Moderator
  • 62,740 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:15 AM

Posted 06 November 2024 - 04:49 PM

After our experts have examined submitted files, they typically will only reply about the submission if they can assist or need further information. If not, then the submissions were not helpful. Although they try, our crypto malware experts simply do not have the time to respond to individual topics which is why we use one support topic for each ransomware and everything related to it.
 
As such, I don't know if more file samples will be of any benefit.


.
.
Microsoft MVP Alumni 2023Windows Insider MVP 2017-2020, MVP Reconnect 2016-2023

Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Retired Police Officer, Federal Agent and Coast Guard Chief

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

BC AdBot (Login to Remove)

 

#17 rivitna

rivitna

  • Avatar image
  • Security Colleague
  • 411 posts
  • ONLINE
    •  
  • Gender:Male
  • Local time:04:15 PM

Posted 06 November 2024 - 05:04 PM

The first mention of this ransomware was in 2022:
https://mhhauto.com/Thread-Rosstech-has-now-introduced-ransomware-virus-in-its-latest-versions-Vcds--346228?page=4

 

I need several encrypted files of the same type, as well as encrypted/unencrypted pairs.


Edited by rivitna, 06 November 2024 - 05:05 PM.

#18 Amigo-A

Amigo-A

    Security specialist and Ransomware expert


  • Avatar image
  • Members
  • 3,119 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Bering Strait
  • Local time:06:15 PM

Posted 07 November 2024 - 03:56 AM

Yes, this discrediting has been going on for more than two years.

The name and the ransom email-login is based on legit software and hardware https://www.chinaobd2.com/

 

The fact that Russian information sites of some companies were hacked for some time directly indicates who was the initiator of this extortion campaign.

 

Distribution vector - via downloaded files, look for malicious files and archives in your downloads. Upload they to VT.

Insert result-link to message. So it will be clear, is this an new campaign or the remains of an old one. 


Edited by Amigo-A, 07 November 2024 - 04:10 AM.

My site: The Digest "Crypto-Ransomware"  + Google Translate 

 

Back to Ransomware Help & Tech Support


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users


  1. BleepingComputer Forums
  2. Security
  3. Ransomware Help & Tech Support
  4. Privacy Policy
  5. Rules ·