Xorist (EnCiPhErEd) Ransomware Support Topic - HOW TO DECRYPT FILES.txt

Posting this here to help with victims searching hopefully.

 

Found a new variant of Xorist that uses ".fileiscryptedhard" as extension, and the following ransom note "READ TO DECRYPTIONS_.txt".

 

 

All your data files are crypted.

To decrypt files and gain access to them,

please send 0.5 Bitcoin to adress

194DQmxsSsM4Xp2CozvxatH2WkxA7AnV1f

 

and email to fn1573917917ja@163.com proof

(screen or TransID) of your payment.

 

After receiving the money, I will send you

your password and decrypt instruction via email.

 

You can also send a single crypted file and I 

will send you the decryption for your peace of mind.

 

Fabian's decrypter works with this new variant.

Hi All,

 

Used the provided tool and an encrypted and non encrypted file to find the key.  So the tool was successful but now what do we do ?

 

Do I need to find the original executable that encrypted the files and run that ? Or is there another solution 

Regards

 

If the decrypter found a tool, it will guide you through decrypting your data using the key.

 

Do NOT run the malware again. If the decrypter doesn't work, we may need the malware for analysis. You may submit it here: http://www.bleepingcomputer.com/submit-malware.php?channel=168

Yes,  I ran the decryption tool again and once it found the key it decrypted the data. Thank you for the tool and the instructions. 

i've send my EnCiPhErEd Ransomware sample to http://www.bleepingcomputer.com/submit-malware.php?channel=168

using email contact gospirus@gmail.com

 

thank you for helping

i've send my EnCiPhErEd Ransomware sample to http://www.bleepingcomputer.com/submit-malware.php?channel=168

using email contact gospirus@gmail.com
 
thank you for helping

Have you tried this decrypter?
 
xXToffeeXx~

 

i've send my EnCiPhErEd Ransomware sample to http://www.bleepingcomputer.com/submit-malware.php?channel=168

using email contact gospirus@gmail.com
 
thank you for helping

Have you tried this decrypter?
 
xXToffeeXx~

 

 

 

hello, thank you for fasting reply..

 

ive tried decrypter

 

see this my screenshot

 

 

The screenshots don't show up. Did you select both an encrypted and its unencrypted original version at the same time and drag and dropped it onto the decrypter executable file?

The second screenshot shows for me. It shows the Xorist decrypter at about 31% - you'll need to just let it run, it may take some time as it states.

The screenshots don't show up. Did you select both an encrypted and its unencrypted original version at the same time and drag and dropped it onto the decrypter executable file?

 

 

i dont have unencrypted original version file

so i just put like this new screenshot have i uploaded to you again

 

 

 

i dont have unencrypted original version file

so i just put like this new screenshot have i uploaded to you again

That will not work. It has to be the original. I don't believe you that there is no file on your system where you can't get the original of. Examples: Files you downloaded from the internet that were encrypted, that you can simply download again to get the original, pictures that you shared with friends that they can just send you back, default wallpapers and pictures that were included with your Windows version that you can just get from another system running the same Windows version. There are plenty of ways to get an encrypted with unencrypted file pair.

The second screenshot shows for me. It shows the Xorist decrypter at about 31% - you'll need to just let it run, it may take some time as it states.

 

loading is done buddy, but when i checked again my file still not decrypt

 

 

 

 

i dont have unencrypted original version file

so i just put like this new screenshot have i uploaded to you again

That will not work. It has to be the original. I don't believe you that there is no file on your system where you can't get the original of. Examples: Files you downloaded from the internet that were encrypted, that you can simply download again to get the original, pictures that you shared with friends that they can just send you back, default wallpapers and pictures that were included with your Windows version that you can just get from another system running the same Windows version. There are plenty of ways to get an encrypted with unencrypted file pair.

 

 

Well then, I'll try to copy files image original from my mobile phone similar with that encrypt files in my harddisk, and use the software Emsisoft again

Can you upload the encrypted and unencrypted file pair you used as well as some of the files that don't decrypt properly here please? I will look into it tomorrow:

http://www.bleepingcomputer.com/submit-malware.php?channel=170

 

i dont have unencrypted original version file

so i just put like this new screenshot have i uploaded to you again

That will not work. It has to be the original. I don't believe you that there is no file on your system where you can't get the original of. Examples: Files you downloaded from the internet that were encrypted, that you can simply download again to get the original, pictures that you shared with friends that they can just send you back, default wallpapers and pictures that were included with your Windows version that you can just get from another system running the same Windows version. There are plenty of ways to get an encrypted with unencrypted file pair.

 

 

did you mean like this brother...?

http://prntscr.com/bl103b