Ransomware Attack - file ext: id_fd67e254a09b4111_email_rscl @ dr.com_

djsavta

Distinguished
Oct 22, 2011
4
0
18,510
Hello dear friends,

My friends' dad has got himself to a Ransomware situation.

All of his files now have this extension: id_fd67e254a09b4111_email_rscl@dr.com_

Pictures for reference:
image.png
image.jpg


Here is the text file for the Ransomware:

NOT YOUR LANGUAGE? USE https://translate.google.com

What happened to your files ?
All of your files protected by a strong encryption with RSA-2048.
More information about the encryption keys using RSA-2048 can be found here: https://en.wikipedia.org/wiki/RSA_(cryptosystem)

How did this happen ?
!!! Specially for your PC was generated personal RSA-2048 KEY, both public and private.
!!! ALL YOUR FILES were encrypted with the public key, which has been transferred to your computer via the Internet.
!!! Decrypting of your files is only possible with the help of the private key and decrypt program , which is on our Secret Server

What do I do ?
So, there are two ways you can choose: wait for a miracle and get your price doubled, or start send email now for more specific instructions! , and restore your data easy way.
If You have really valuable data, you better not waste your time, because there is no other way to get your files, except make a payment.

For more specific instructions:
Contact us by email only, send us an email along with your ID number and wait for further instructions. Our specialist will contact you within 24 hours.
For you to be sure, that we can decrypt your files - you can send us a single encrypted file and we will send you back it in a decrypted form. This will be your guarantee.

Please do not waste your time! You have 72 hours only! After that The Main Server will double your price!
So right now You have a chance to buy your individual private SoftWare with a low price!

E-MAIL1: rscl@dr.com
E-MAIL2: rscl@usa.com

YOUR_ID: fd67e254a09b4111

https://id-ransomware.malwarehunterteam.com/ was unable to id the Ransomware type.

Can anyone help?


Thanks in advance.
 

djsavta

Distinguished
Oct 22, 2011
4
0
18,510
First of all, thanks for answering.


Are there any other methods to identify a Ransomware?

He'll probably pay the price but we need to know if anything can be done before doing that.
 

4745454b

Distinguished
Moderator
Apr 29, 2006
605
0
19,210
Some of the ransomeware can be brute forced into opening them, or even a few have a security issue that makes it easy to get in. They (claim) are using 2048bit encryption so brute force is out. And if the site can't ID the type of ransomeware then it's probably not one of the ones with the issue where it's easy. Personally I wouldn't pay. It only encourages these scum to keep trying. I understand he wants those files, but it will only give them money and hope to keep going. Format, start over.

I'd like to also point out that if he had this happen to him his system needs a bump in security. I'm guessing he's using a pirated copy of windows, and using IE. Buying windows (bet that doesn't seem expensive now does it?) and keeping it updated and running a more secure browser like Firefox or Chrome would make this much harder to do. Staying off of bad websites would also help.
 

djsavta

Distinguished
Oct 22, 2011
4
0
18,510
Bumping the security up is definitely something that will be done after we're done dealing with this situation - whatever the outcome.

Nevertheless, are we 100% sure there is nothing we can do besides paying/formatting?
 

mbarnes86

Distinguished
Sep 16, 2010
245
0
19,110
Hi

Look at kaspersky web site
They can help with some encryption malware

Usually because there is a deleted copy of the original file on the hard disk
Or possibly comparing a recovered identical file and the encrypted file enables the decryption key to be found

You need to remove the encrypting virus and then use undelete software such as
Testdisk / photo recovery
Recuva
And many other similar products

I would remove the disk from its pc and fit in a usb tray and attach to another pc
Then recover as much deleted data as possible.

If critical files are not recoverable from backups or un deleting files and kaspersky or similar anti virus specialists can not help then you may have to pay the ransom

I see that ransomware site offers one free file recovery to prove it can recover your files

In future make sure you or your friend have up to date internet security software
Make regular backups of important data

And when browsing the internet you should use a non admin account, which makes it harder for malware to attack the accounts and data of all users

Regards
Mike Barnes