All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 3 posts ] 
Author Message
 Post subject: Help to Identify Ransomware Website
PostPosted: June 7th, 2016, 11:53 
Offline
User avatar

Joined: April 3rd, 2011, 0:19
Posts: 2003
Location: Providence, RI
I have a client hit with a ransomware virus that encrypted all his data and converted it all to the following format:

(filename)-BAA14811.bitcoinrush@aol.com.xtbl

I know this is a Russian virus, and I know that the BAA14811 part is the unique infection ID. However I've been unable to find the HTML files it generates upon completion. Perhaps the virus never completed its work. Anyway, the client's entire law firm is stored on this drive, all backups failed, so they are willing to pay.

Anyone know where the website to pay this ransom is? Or have a sample HTML file from one like this?

Many thanks!

_________________
Data Medics - Hard Drive, SSD, and RAID Data Recovery Service Company


Top
 Profile  
 
 Post subject: Re: Help to Identify Ransomware Website
PostPosted: June 8th, 2016, 1:11 
Offline
User avatar

Joined: September 8th, 2009, 18:21
Posts: 15462
Location: Australia
Google searches seem to suggest that there are READMEnn.TXT files.

Depending on your version of Windows, you could select Start -> Find -> Files or Folders and specify a date range.

_________________
A backup a day keeps DR away.


Top
 Profile  
 
 Post subject: Re: Help to Identify Ransomware Website
PostPosted: June 8th, 2016, 4:38 
Offline
User avatar

Joined: January 28th, 2009, 10:54
Posts: 3452
Location: Greece
It's Troldesh :(
There are numerous reports that even people that have paid the ransom were unable to decrypt their files.

We have found some way to brute force *some* of these variants, so there *might* be a way to decrypt.
If you're interested, I can take a look. Send me one or two infected files (it is important that they're untouched) and I will analyze them for you.

_________________
http://www.northwind.gr
SandForce SSD Recovery
Ransomware Reverse Engineering - NoMoreRansom! partners


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 9 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group