Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: NSA shares zero-trust guidance to limit adversaries on the network

Featured Deal: Enjoy quick, compatible data transfers with this $59.99 portable SSD

Latest Buyer's Guide: Hotspot Shield VPN review

Ransom detected, anyone for reverse?

Started by 4n6_4u , Feb 13 2024 08:52 AM

Please log in to reply

1 reply to this topic

#1 4n6_4u

Members
3 posts
OFFLINE

Local time:09:08 AM

Posted 13 February 2024 - 08:52 AM

Hello for all.

We have detected a new ransomware as DLL. It has been run under C:\Windows\ProgramData\Microsoft. DLL file's size is about 6 KB. We have TXT and HTML ransom notes. There are no ID that has been detected before. We have already checked this from https://id-ransomware.malwarehunterteam.com/identify.php

I may share the password of the attaached RAR file which includes ransom.dll and ransom notes. I do not know if i can share this link as password protected or not, i do not know the rulse of this website about sharing ransomware to solve it. If admins or experinced users inform me, i would apply the right way.

(Only purpose of sharing of this ransomware is to help victims and stop the attackers. The one who misuse this file is responsible for any misusage of files. )

It is possible to pay a little mount of money to whom solves and produce a decrypter.

Please send me message to have the password.

Thank you very much.

Edited by quietman7, 13 February 2024 - 11:58 AM.

Back to top"> Back to top

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 quietman7

Bleepin' Gumshoe

Global Moderator
61,818 posts
OFFLINE

Gender:Male
Location:Virginia, USA
Local time:12:08 AM

Posted 13 February 2024 - 11:54 AM

Is .DLL the full extension appended to the end of the encrypted data filename or is there an .[email], an ID number with random characters (.id-A04EBFC2, .id[4D21EF37-2214]), an ID number with an email address (.id-BCBEF350.[<email>], .id[7A9B748C-1104].[<email>]) or just a series of random characters (.8SLV8GMp-hjqo9v3s) preceding the extension?

Phobos has been known to use the .Dll extension.

.id[06FB70EE-2989].[fastway@tuta.io].DLL
.id[4667A0C2-2875].[xgen@tuta.io].DLL
.id[1CBEEAAA-2275].[zgen@tuta.io].DLL

What is the actual name of the ransom note?
Can you provide (copy & paste) the ransom note contents in your next reply?

In addition to coping & pasting the ransom note...please attach the original (unedited) ransom note and several samples of encrypted files (different formats - doc, png, jpg) AND its original (unencrypted) file in a "zip file" for comparison so our crypto malware experts can manually inspect them and possibly identify/confirm the infection if they see this topic. To attach files....Click the More Reply Options button in the bottom right corner of the Board Editor, then click the Choose File button under Attach Files.

.
.
Microsoft MVP Alumni 2023, Windows Insider MVP 2017-2020, MVP Reconnect 2016-2023

Microsoft MVP Consumer Security 2007-2015
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Retired Police Officer, Federal Agent and Coast Guard Chief

If I have been helpful & you'd like to consider a donation, click