Hey anons

Hey anons,
This happened to my friend and he asked for help. I never had something like this and clueless as for where did he get it from. The onion links lead to a site that asks for money in exchange for decrypting the files.
The files are indeed encrypted or at least it seems that way. I was trying to screenapture this message - no problem. But when I was saving it in Paint, it was blocking all image formats. Fortunatelly, Photoshop Elements was untouvhd and sucssfulysa saved the JPEG I am aaching to this thread.

The file types are all documents and images... so far what we noticed.

Please help :o

Other urls found in this thread:

geocities.co.jp/Playtown-Yoyo/6130/notes/virus-ransomware-cryptxxx.htm
blog.kaspersky.com.cn/kaspersky-free-decryptor-for-teslacrypt-victims/4316/
twitter.com/SFWRedditGifs

reinstall windows

If the file are encrypted then they will stay encrypted even after windows reinstall.

Any other solutions?

>If the file are encrypted then they will stay encrypted even after windows reinstall.

if you reinstall it you will lose all files anyways but atleast you could use your computer again.

use dban and wipe the harddrive then install a fresh windows OS. any personal info you had on that computer should be changed like accounts and passwords.

I am looking at this solution now:
geocities.co.jp/Playtown-Yoyo/6130/notes/virus-ransomware-cryptxxx.htm

But it is in Japanese and google translate doesn't help much.
Can anyone please have a look and give simple instructions in English

I want to keep the files and formatting the drive is the last resort.
As far as I could read with google translate, Kasperksy has some kind of a decryption tool.

So check the kaspersky site. You'll be lucky if they do - most cryptowall style malware doesn't leave you with something you can decrypt without paying for the key. If your files are important and you can't find a tool, you might just have to pay them.

I downloaed the RannohDecryptor.zp from their site. Now I am figuring out gow se it.
It seems to be based on a aring mei mbetween an infected version and a healthy veron of the same file - once the p knows the rule of encryption it can start decrypng the rest of the files.

Anyone speaks Japanese here?

This one is the latest...
doesnt fix my problem *.crypt1 is not supported there yet

blog.kaspersky.com.cn/kaspersky-free-decryptor-for-teslacrypt-victims/4316/

Maybe your friend shouldn't be downloading CP?

lol... bro... you have no idea what you are talking about. He is an old dude who hardly knows how to use the computer.
The thing is that the encryption tool became public knowledge on February. Since then some variations of the tool spread and the decryption key has changed. Thats why I cant find an up to date tool to help him.

Can you boot in safe mode? If they are only disguising them as encrypted then you should be able to locate the process that is running in the background. What can and can't you do right now? Download, etc.?

Or if you can download files you can at least figure out what is encrypting the currently new files you are adding onto your pc

it is a virus called system32. you need to delete it.

The same thing happened in my work. And my colleague are 60 year old womans

I don't think OP is asking for a cleaning of his comp from whatever encrypted files may be from the onion site but only asking for methods on decryption of the files.

I can restart in safe mode... but now I know that they are infact encrypted... so it won't change anything

I downloaded some files, but they were not encrypted yet - maybe will happen later idk

Thank you anons for trying helping me.
I guess I will wait several days for Kaspersky to release an up to date tool - their most recent tool from 3 days ago is not recent enough :(

If it is actually encrypted then you're fucked. Only thing I can think of is hopefully finding a removal tool (which I still doubt would work) or just reformatting the PC. If it was just bullshitting you than there's a few different things you could try. I've never really dealt with randsomware.

Ok, it must encrypt files after a restart. Damn, I thought it had already encrypted them as it was running. Could have gotten rid of it before it had the chance to run on a restart.

the only way to decrypt the files is to have the key which usually they use extremely long keys for these things. it is most likely encrypted with AES so his only hope to use the computer again is to wipe and restart. if he copies up the encrypted files to an external hard drive he might be able to figure out the key later but it is very unlikely.

I've got an older laptop that I used to open suspected files and one of the partitions got this type of crap on it. I can still use the other one. I'm gonna try this stuff out on it sometime this weekend.