A "new" kind of ransomware has been spawned.
The first one http://www.bleepingcomputer.com/forums/topic446111.html
It was pwned by xilytol and some other guys,they were able to find the unlock codes etc.
But,a new variant(from the same author) has been released http://www.bleepingcomputer.com/forums/topic449398.html
The author pretenders that,there is no solution for this new variant.
Hope EP_X0FF/Xylitol is able to do something!
Btw,if you have any samples,please attach.
His words:
Hi all, and specially hello to Fabian :)
Im the author.
Guys, I have considered my previous mistakes and wrote new unbleepable version.
and im answer for some your questions:
>Unfortunately, at this time there is no method to create the passcodes, though one may be created in
the future.
Yes, may be in the future, after
~66,282,862,563,751,221,625,826,507,369,649,000,000,000,000,000,000,000,000 years
Now password wich has been sended to us has been deleted using sdelete (in previsious using simple
delete and you can recover it in some cases and then generated passcode to decrypt).
To decrypt second part of files (minimal part) here is using another password (yes, Fabian can make
generated it, but it cant help)
Trying to catch password from process monitor? :) Yes, you can but it will be second password for
minimal part of files. First Password are succesefully sended to us and SDELETED. You cant catch it
using procmon because your screen locked :) Locker is used for protect this :) After screen unlocked
there is another password (it sdelete original password after decrypt majority files, you cant catch
this moment NEVER, beacause it sdeleted from HDD before reboot(it does not matter is this cold or hot
reboot) (password is in memory when decrypting files) and to delete screen locker you must reboot in
any ways).
Also first password is generated randomly. Unable to generate same in any ways.
sample of first password: s#u_1kEWt=dGo4qLf*vkEDPdOvkvTSVHu_1rWnd2ah=TSd&(Tu
sample of second password: Fww*wrFwVFwwL$wqr*FwwL$wqr*
Your files wich has been encrypted has been deleted using Sdelete also. (and backups has been deleted
using Sdelete also).
SDelete implements the Department of Defense clearing and sanitizing standard DOD 5220.22-M, to give
you confidence that once deleted with SDelete, your file data is gone forever.
read official doc here: http://technet.microsoft.com/en-us/sysi ... s/bb897443
Im interesting how do you going to get this password? This is UNREAL :)
The password is 50 characters long using 77 sybmols including letters,numbers and special symbols.
This is 77 to 50 degrees and this is 211123345230697322404794315881e+94 combinations.
To bruteforce if your brute software brute 10000 passwords per second it will be take up to:
65687022485656026733869199236174e+86 years.
Use your brain and calc.exe if you dont believe me.
Possible when the aliens arrive, they decipher your files using the blasters :)
About: these files are not actually encrypted but are password protected RAR files.
And what encrytion using winrar? - Answer: AES. Google it.
>I'm loving the whole "Don't even try to remove this" bits. I actually giggled reading the whole thing.
You can tell (well it's obvious to me) that they've never taken a college english class their entire
life. BIG CLUE THERE!
LOL :) About my english - sorry Im from Mars. Marsians attacks :) Piu Piu :)
And im using big chain of servers to work and writing here. You will never know from wich country acctually im.
The first one http://www.bleepingcomputer.com/forums/topic446111.html
It was pwned by xilytol and some other guys,they were able to find the unlock codes etc.
But,a new variant(from the same author) has been released http://www.bleepingcomputer.com/forums/topic449398.html
The author pretenders that,there is no solution for this new variant.
Hope EP_X0FF/Xylitol is able to do something!
Btw,if you have any samples,please attach.
His words:
Hi all, and specially hello to Fabian :)
Im the author.
Guys, I have considered my previous mistakes and wrote new unbleepable version.
and im answer for some your questions:
>Unfortunately, at this time there is no method to create the passcodes, though one may be created in
the future.
Yes, may be in the future, after
~66,282,862,563,751,221,625,826,507,369,649,000,000,000,000,000,000,000,000 years
Now password wich has been sended to us has been deleted using sdelete (in previsious using simple
delete and you can recover it in some cases and then generated passcode to decrypt).
To decrypt second part of files (minimal part) here is using another password (yes, Fabian can make
generated it, but it cant help)
Trying to catch password from process monitor? :) Yes, you can but it will be second password for
minimal part of files. First Password are succesefully sended to us and SDELETED. You cant catch it
using procmon because your screen locked :) Locker is used for protect this :) After screen unlocked
there is another password (it sdelete original password after decrypt majority files, you cant catch
this moment NEVER, beacause it sdeleted from HDD before reboot(it does not matter is this cold or hot
reboot) (password is in memory when decrypting files) and to delete screen locker you must reboot in
any ways).
Also first password is generated randomly. Unable to generate same in any ways.
sample of first password: s#u_1kEWt=dGo4qLf*vkEDPdOvkvTSVHu_1rWnd2ah=TSd&(Tu
sample of second password: Fww*wrFwVFwwL$wqr*FwwL$wqr*
Your files wich has been encrypted has been deleted using Sdelete also. (and backups has been deleted
using Sdelete also).
SDelete implements the Department of Defense clearing and sanitizing standard DOD 5220.22-M, to give
you confidence that once deleted with SDelete, your file data is gone forever.
read official doc here: http://technet.microsoft.com/en-us/sysi ... s/bb897443
Im interesting how do you going to get this password? This is UNREAL :)
The password is 50 characters long using 77 sybmols including letters,numbers and special symbols.
This is 77 to 50 degrees and this is 211123345230697322404794315881e+94 combinations.
To bruteforce if your brute software brute 10000 passwords per second it will be take up to:
65687022485656026733869199236174e+86 years.
Use your brain and calc.exe if you dont believe me.
Possible when the aliens arrive, they decipher your files using the blasters :)
About: these files are not actually encrypted but are password protected RAR files.
And what encrytion using winrar? - Answer: AES. Google it.
>I'm loving the whole "Don't even try to remove this" bits. I actually giggled reading the whole thing.
You can tell (well it's obvious to me) that they've never taken a college english class their entire
life. BIG CLUE THERE!
LOL :) About my english - sorry Im from Mars. Marsians attacks :) Piu Piu :)
And im using big chain of servers to work and writing here. You will never know from wich country acctually im.
