Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Generic User Avatar

HowDecrypt or CryptorBit Encrypting Ransomware - $500 USD Ransom Topic


  • Please log in to reply
1763 replies to this topic

#1756 quietman7

quietman7

    Bleepin' Gumshoe


  •  Avatar image
  • Global Moderator
  • 62,051 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:03 AM

Posted 04 April 2023 - 04:39 PM

There is still nothing new to report that I am aware of.


.
.
Microsoft MVP Alumni 2023Windows Insider MVP 2017-2020, MVP Reconnect 2016-2023

Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Retired Police Officer, Federal Agent and Coast Guard Chief

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif


BC AdBot (Login to Remove)

 


#1757 paths

paths

  •  Avatar image
  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:03 AM

Posted 14 April 2023 - 03:31 PM

There is still nothing new to report that I am aware of.

 

 

 

Any way to Brute force it after all this time or anyone that helps for a price or something ? 



#1758 paths

paths

  •  Avatar image
  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:03 AM

Posted 14 April 2023 - 03:34 PM

Looking to see if anyone still on here or reading this thread ever  reached out to jrtvor or anyone else later on and got help ? I saw at least one post about where he was able to help them. He no longer seems active.. would appreciate any help  from anyone at this point. 



#1759 quietman7

quietman7

    Bleepin' Gumshoe


  •  Avatar image
  • Global Moderator
  • 62,051 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:03 AM

Posted 14 April 2023 - 04:05 PM

Any way to Brute force it after all this time or anyone that helps for a price or something ?

Brute forcing a decryption key is not possible (not a feasible option) with current technology and quantum computers capable of running Shor's algorithm, due to how the keys are generated using complicated math operations, an infinite number of possibilities to try and the length of time required to break a private encryption key. Some ransomware will use a unique AES-256 encryption key per file which is then encrypted with a bundled RSA-4096 public encryption key unique to each victim. Experts believe we are 20-30+ years away from using quantum computers to break encryption.
 
Ransomware Encryption: The math, time and energy required to brute-force an encryption key

Without the criminal's master private encryption key that can be used to decrypt your files, decryption is impossibleThat usually means the key is unique (specific) for each victim and generated in a secure way (i.e. RSA, AES, Salsa20, ChaCha20, ECDH, ECC) that cannot be brute-forced...the public key alone that encrypted files is useless for decryption. In most cases, unless the keys are leaked or the criminals are arrested by the authorities and the keys are recovered, then provided to the public, there is no possibility that anyone can provide a decryption solution.


.
.
Microsoft MVP Alumni 2023Windows Insider MVP 2017-2020, MVP Reconnect 2016-2023

Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Retired Police Officer, Federal Agent and Coast Guard Chief

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif


#1760 ctigga

ctigga

  •  Avatar image
  • Members
  • 204 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:03 AM

Posted 15 April 2023 - 05:38 AM

Looking to see if anyone still on here or reading this thread ever  reached out to jrtvor or anyone else later on and got help ? I saw at least one post about where he was able to help them. He no longer seems active.. would appreciate any help  from anyone at this point. 

 

Never give up on your encrypted files (unless they're of no use after a particular date);

I believe the possibility of decrypting any encrypted file is very real IF you retain them.

Progress can take time, but we never know what tomorrow will bring.

Hang in there!



#1761 jrtovar

jrtovar

  •  Avatar image
  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:03 PM

Posted 16 April 2023 - 11:17 PM

The tool I had only worked for v1. I believe V1 was the first 512 bytes mangled, but v2 and above was 1024.



#1762 paths

paths

  •  Avatar image
  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:03 AM

Posted 05 May 2024 - 10:09 PM

Does anyone know if the people that did this are still around? I am to the point I would be willing to take a chance on about anything including them still being around having a key. I thought I got hit with version 2 but no longer recall exactly.

#1763 jrtovar

jrtovar

  •  Avatar image
  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:03 PM

Posted 06 May 2024 - 01:06 AM

If you have 1 original and one mangled file, you can check to see if the 1st 512 bytes or 1st 1024 bytes are messed up. That would help determine v1 vs V2 or above.



#1764 ctigga

ctigga

  •  Avatar image
  • Members
  • 204 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:03 AM

Posted 06 May 2024 - 06:23 AM

If you have an encrypted file that you wouldn't mind sharing, I'd be interested in taking a look.  (If you also have an unencrypted copy of the exact same file I'd  be interested in that too)

 

No guarantees I'll be able to do anything, but I'm curious what the original/encrypted files look like.






2 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users


    Bing (1)