Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    NSA shares zero-trust guidance to limit adversaries on the network

Featured Deal: Enjoy quick, compatible data transfers with this $59.99 portable SSD

Latest Buyer's Guide:    Hotspot Shield VPN review

Generic User Avatar

Encrypted files - igZ5WiJ3z.README.txt (LockBit 3 Black/CriptomanGizmo)

Started by Pet007 , Feb 23 2024 12:53 PM

  • This topic is locked This topic is locked
1 reply to this topic

#1 Pet007

Pet007

  • Avatar image
  • Members
  • 1 posts
  • OFFLINE
    •  
  • Local time:06:07 AM

Posted 23 February 2024 - 12:53 PM

Hi,

 please my files are encrypted with extension igZ5WiJ3z + there is igZ5WiJ3z.README.txt (see bottom) + attached in ZIP.

I can't find that type of Ransomware. 

 

            
                                                  YOUR FILES ARE ENCRYPTED!!!
For data recovery contact us you will need to pay us:
 
returnback24cyberfear.com
@returnback24
 
1. In the first letter, indicate your personal ID!
2. In response, we will send you instructions.
>>>> Your personal DECRYPTION ID: FD529***********************************
 
For example original file: Audio.Harness - 84bytes
 
I2C=SDA,SCL
PDM=DATA,CLK
SAI=SAI_SCKA,SAI_FSA,SAI_SDA,SAI_SDB,Audio_Int,SAI_MCKA

Encrypted  file: Audio.Harness.igZ5WiJ3z - 328 bytes

¸Ĺ‰Čť‰5]¸&**µ¬÷ŕ:¶gáúŁ·oý«1b’Cvń€âÄžßI·ŐŞĄÖŕ)羅uíČÍ—•_XhĺOńšăÚA Źy—.÷=„ľş,´€Ç/ýk™9(ŕ\ú>dRAâOÎ"UEwDˆ?Pá€5§đ㏠¸Ű6’&ĹĹx˜ß’v-QD¦SFŞŔE÷u°˝HG‹‘ł@ť•Î[=ŁŐuA)˙ë׶¸:Ů LŻ®ÚŻHÍÄdÍ-˘n ĺ-/~\®ÚűĚ°ľć±.“ťŻ¸q”:ŢF"˙m‘pţš9ŇŻq‘Ć|©óCÄÎť{QÂÎ&%Z}mśÚŰĚ“\ ˙;Fe¶ËfŃŮ'ŇM¶ą—%Eâ‰nĘČÚł]Ç>€ä`ó(Ę*܆TĐŔDŰ °ÖąQ:µ—7Ţj҇cÁôR˛X

Thanks for any help.

 

Attached Files


BC AdBot (Login to Remove)

 

#2 quietman7

quietman7

    Bleepin' Gumshoe


  • Avatar image
  • Global Moderator
  • 61,818 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:07 AM

Posted 23 February 2024 - 12:57 PM

Any files that are encrypted with LockBit 3.0 (Black) / CriptomanGizmo ransomware (used by affiliate or non-LockBit affiliates after its builder was leaked) will have a random 9 character alpha-numerical extension appended to the end of the encrypted data filename and typically will leave files (ransom notes) which include the same [random 9 character].README.txt as part of its name as explained here by Amigo-A (Andrew Ivanov). These are some examples.

.hZiV1YwzR
.3WbzmF0CC
.JxxLLpPns
hZiV1YwzR.README.txt
3WbzmF0CC.README.txt
JxxLLpPns.README.txt

 The random 9 char naming format of your README.txt ransom note and contents together with the same random 9 alpha-numerical char extension appended to your encrypted files are similar to what we have seen with this ransomware. In your case.

.igZ5WiJ3z
igZ5WiJ3z.README.txt
Some LockBit 3 Black/CriptomanGizmo ransom notes are known to include a long string of hexadecimal characters comprising a Decryption ID similar to N3ww4v3/Mimic but without an asterisk (*) and extension after the ID numbers.
Your personal DECRYPTION ID: 495927C9CC58D8A36B47827EAE1AEA72
»» Your personal DECRYPTION ID: 9FE85D4F9C7EA210F904E9BC55F74ECA
>>>> Your personal DECRYPTION ID: 8F2AC6FD69FFFB2BEF710F5010CA2763
specify your ID - 6800F4848694EC5B39B3525AF9F34521
report your ID - C7EC9516C90F63DF285
YOU LOCK-ID: 7565BD6495000673051C5B6F24EE1B30
Your ransom note contents are similar to what we have seen with this ransomware and includes a personal Decryption ID like those listed above.
>>>> Your personal DECRYPTION ID: FD529**********************************
 

There is an ongoing discussion in this topic where victims can post comments, ask questions and seek further assistance. Other victims have been directed there to share information, experiences and suggestions.

Rather than have everyone with individual topics, it would be best (and more manageable for staff) if you posted any more questions, comments or requests for assistance in the above support topic discussion...it includes experiences by experts, IT consultants, victims and company representatives who have been affected by ransomware infections. To avoid unnecessary confusion, this topic is closed.

Thanks
The BC Staff


.
.
Microsoft MVP Alumni 2023Windows Insider MVP 2017-2020, MVP Reconnect 2016-2023

Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Retired Police Officer, Federal Agent and Coast Guard Chief

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

Back to Ransomware Help & Tech Support


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Ransomware Help & Tech Support
  4. Privacy Policy
  5. Rules ·