TorrentLocker Support and Discussion Thread (CryptoLocker copycat)

Thanks, earlier this year someone was trying to help me, and they suggested I keep in touch with you.  Just thought I'd ask.

Thanks again for your response.

I just submitted some files (key in DECRYPT txt is Nz5zSGopV58J6RwztmDBgVLQ5RxnSSKSv) for analysis to see if its' possible to figure out which ransomware it is. It's a ".crypted" extension, though I've tried both "decrypt_xorist.exe" and "decrypt_nemucod.exe" but only get the error "No key found - The decrypter could not determine a valid key for your system. Please drag and drop both an encrypted file as well as its unencrypted counterpart onto the decrypter to determine the correct key. Files need to be at least 510 bytes long." Yes, I am dragging both the encrypted and unencrypted version onto both files with the same error. I have submitted a request to Dr Web as well. Appreciate any help!

I just submitted some files (key in DECRYPT txt is Nz5zSGopV58J6RwztmDBgVLQ5RxnSSKSv) for analysis to see if its' possible to figure out which ransomware it is. It's a ".crypted" extension...

• Nemucod Ransomware (.crypted - Decrypt.txt) Support & Help Topic

Mine had been renamed *.doc.encrypted     (no idea which particular ransomware it is.

Mine had been renamed *.doc.encrypted     (no idea which particular ransomware it is.

Thanks

Crypt0l0cker encrypted unmapped network shares?

This week we received an alert that the crypt0locker ransomware (according the ransome note) encrypted files (.enc extension) on a computer. The proces responsible for the encryption was a file with the extension tmp. Soon after we received alerts from other computers but this time the proces was system:remote. After analyzing the alert from the first computer we noticed that the proces encrypted files on network shares which were not mapped to a netwerk drive. Besides encrypted files in folders on the c:, d: and M: (mapped nework drive) there were files encrypted on the path \\computer\share\folder.

According to the page http://www.bleepingcomputer.com/virus-removal/torrentlocker-crypt0l0cker-ransomware-information#shares the torrentlocker-crypt0l0cker ransomware only encrypts files on mapped network shares. Is there a new variant active?

P.S. We reinstalled the infected computer and removed all the ransomware files and restored most files from a backup.

All,

Is there already a decrypt software for this ransom software? I was able to delete the ransom/trojan but my files are still encrypted and need to decrypt.

All,

Is there already a decrypt software for this ransom software? I was able to delete the ransom/trojan but my files are still encrypted and need to decrypt.

I bought the decrypt tool from Dr. Web to decrypt all files. This was the only solution I found. As far as I know a free decryption tool isn't out yet.

...Is there already a decrypt software for this ransom software?...

• How to submit a request to Doctor Web's support service
• Submit a request

Crypt0l0cker encrypted unmapped network shares?

 

This week we received an alert that the crypt0locker ransomware (according the ransome note) encrypted files (.enc extension) on a computer. The proces responsible for the encryption was a file with the extension tmp. Soon after we received alerts from other computers but this time the proces was system:remote. After analyzing the alert from the first computer we noticed that the proces encrypted files on network shares which were not mapped to a netwerk drive. Besides encrypted files in folders on the c:, d: and M: (mapped nework drive) there were files encrypted on the path \\computer\share\folder.

 

According to the page http://www.bleepingcomputer.com/virus-removal/torrentlocker-crypt0l0cker-ransomware-information#shares the torrentlocker-crypt0l0cker ransomware only encrypts files on mapped network shares. Is there a new variant active?

 

P.S. We reinstalled the infected computer and removed all the ransomware files and restored most files from a backup.

Again we had one computer with the crypt0l0cker ransomware which encrypted files on other computers with a shared folder. Before reinstalling this computer we saved the ransomware, the note files and two encrypted files. The ransomware was uploaded to virus total (https://www.virustotal.com/en/file/18398ed5c38dbacd97ce2d4fc9a4fc28c22ae68d37a263e5c3cdd77d7bbf597f/analysis/) but the file was already known. According to the comments the file was also analyzed by Deepviz analysis and hybrid analysis. On these websites you can download a sample for your own analysis.

Hello... what kind of ransomware is this kind of filename?  Attendance.pdf.id-3438022203_[x3m-pro@protonmail.com]_[x3m@usa.com].x3m

Thanks......

Hello... what kind of ransomware is this kind of filename?  Attendance.pdf.id-3438022203_[x3m-pro@protonmail.com]_[x3m@usa.com].x3m