Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 06-01-2023, 01:09
mariam3 mariam3 is offline
Friend
 
Join Date: May 2016
Posts: 24
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 34
Thanks Rcvd at 11 Times in 10 Posts
mariam3 Reputation: 0
Question i was attacked, am confused, i cant open my data

Hello, my computer system was attacked by unknown guys online iguess.

i cant open my data on the computer.

"Don't worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key."

any Help Please ?

BR
Reply With Quote
  #2  
Old 06-01-2023, 03:12
atom0s's Avatar
atom0s atom0s is offline
Family
 
Join Date: Jan 2015
Location: 127.0.0.1
Posts: 398
Rept. Given: 26
Rept. Rcvd 127 Times in 64 Posts
Thanks Given: 54
Thanks Rcvd at 737 Times in 281 Posts
atom0s Reputation: 100-199 atom0s Reputation: 100-199
That sounds more like you opened an infected program, pdf, etc. and got hit with ransomware. If you know what version/variant of ransomware you got hit with you can look around online for any known decryptor tool that was already made for it. (Typically for the shittier versions that used a similar key/code that could be determined or pulled from your system.)
__________________
Personal Projects Site: https://atom0s.com
Reply With Quote
The Following User Says Thank You to atom0s For This Useful Post:
mariam3 (06-01-2023)
  #3  
Old 06-01-2023, 04:20
blue_devil's Avatar
blue_devil blue_devil is offline
Family
 
Join Date: Dec 2011
Location: Observable Universe
Posts: 284
Rept. Given: 58
Rept. Rcvd 49 Times in 22 Posts
Thanks Given: 251
Thanks Rcvd at 392 Times in 133 Posts
blue_devil Reputation: 49
Quote:
Originally Posted by mariam3 View Post
Hello, my computer system was attacked by unknown guys online iguess.

i cant open my data on the computer.

"Don't worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key."

any Help Please ?

BR
You were hit by a ransomware attack. I am so sorry for this.

In 2015(maybe 2016) my friend's notebook was also hit by TeslaCrypt ransomware. I was able to decrypt my friend's data!

First you should define what/which ransomware (ransomware variant) you ware hit by. Then you can search for a decryptor. If you cannot find a decryptor, you then reverse the malicious binary to create a decryptor. And If you are lucky you can rip out the decryption key (if it is in binary)
Reply With Quote
The Following 2 Users Say Thank You to blue_devil For This Useful Post:
mariam3 (06-01-2023), sh3dow (06-01-2023)
  #4  
Old 06-01-2023, 13:20
sh3dow sh3dow is offline
Family
 
Join Date: Oct 2014
Posts: 158
Rept. Given: 113
Rept. Rcvd 79 Times in 24 Posts
Thanks Given: 458
Thanks Rcvd at 202 Times in 75 Posts
sh3dow Reputation: 79
As blue_devil said, identify the ransomware and search for its decryptor. Many ransomware was found with weak implementations therefor easy way to decrypt it.


Use this ID Ransomware, upload a ransom note and/or sample encrypted file to identify the ransomware that has encrypted your data.

hXXps://id-ransomware.malwarehunterteam.com

After that you will a have clue on what to search for
Reply With Quote
The Following 2 Users Say Thank You to sh3dow For This Useful Post:
blue_devil (06-02-2023), niculaita (06-03-2023)
  #5  
Old 06-01-2023, 22:10
bolo2002 bolo2002 is offline
VIP
 
Join Date: Apr 2002
Posts: 618
Rept. Given: 111
Rept. Rcvd 14 Times in 13 Posts
Thanks Given: 224
Thanks Rcvd at 238 Times in 152 Posts
bolo2002 Reputation: 14
And don't use the infected anymore directly,as said identify the ransomware,with a bootable usb key antivirus distro like Kaspersky,eset etc..and keep it even months later a decryptor can come.
I wish you'll recover data.
__________________
I like this forum!
Reply With Quote
The Following User Says Thank You to bolo2002 For This Useful Post:
niculaita (06-03-2023)
  #6  
Old 06-23-2023, 06:35
silver silver is offline
Friend
 
Join Date: May 2017
Posts: 13
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 12
Thanks Rcvd at 4 Times in 4 Posts
silver Reputation: 0
Well, it depends if your data is valuable enough.

Most modern ransomware are a part of RaaS (Randomware as a Service), and authors are relatively "trustable", so you can pay them and get your files back. Nowadays it's basically impossible to crack a ransomware, because most flaws have been fixed, and those who cannot well encrypt your files are nearly all upgraded (unless you infected from a sample during 2016-2017.

I helped a few companies solving their ransomware issue back in 2015. One case I had dealt is having its private key XORed under C:\Temp\ntuser.dat (weird name, haha). Another case I had managed to do is solved by using the dump file, because the victim is a driver developer, and the ransomware incorrectly encrypted her configuration file for the device driver, so the kernel crashed in WinDBG.

However, modern ransomware can make correct assumption of which file should be encrypted, and carefully design their key function, so low hanging fruits have gone. Nowadays, all companies claiming they can solve the file, are mostly fraud.

Good luck
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 16:15.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )