Hello Sir,
We got compromised since all data has been encrypted below attaching the file format if you can decrypted I will be thankful.
Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.
353a66e3004269-README.txt ransomware (HsHarada/Rapture)
Started by
FerasNSR
, Feb 06 2024 01:33 AM
-
This topic is locked
15 replies to this topic
#1
FerasNSR
-
- Members
- 7 posts
- OFFLINE
- Local time:08:08 AM
Back to top
#2
rivitna
-
- Security Colleague
- 185 posts
- OFFLINE
- Gender:Male
- Local time:08:08 AM
Posted 06 February 2024 - 03:20 AM
Please upload the ransom note.
I don't know this ransomware.
Unfortunately, I think the files cannot be decrypted without the private key.
The files are probably encrypted using a symmetric encryption algorithm and RSA-2048, since the encrypted files are 256 bytes larger than the original ones.
#3
FerasNSR
- Topic Starter
-
- Members
- 7 posts
- OFFLINE
- Local time:08:08 AM
Posted 06 February 2024 - 05:29 AM
#4
FerasNSR
- Topic Starter
-
- Members
- 7 posts
- OFFLINE
- Local time:08:08 AM
Posted 06 February 2024 - 05:34 AM
#5
quietman7
-
- Global Moderator
- 61,818 posts
- OFFLINE
Bleepin' Gumshoe
- Gender:Male
- Location:Virginia, USA
- Local time:12:08 AM
Posted 06 February 2024 - 06:56 AM
I'm having a problem accessing the link to your files...please attach the original (unedited) ransom note and several samples of encrypted files (different formats - doc, png, jpg) AND its original (unencrypted) file in a "zip file" to your next reply.
.
.
Microsoft MVP Alumni 2023, Windows Insider MVP 2017-2020, MVP Reconnect 2016-2023
Microsoft MVP Consumer Security 2007-2015 
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Retired Police Officer, Federal Agent and Coast Guard Chief
If I have been helpful & you'd like to consider a donation, click 
#6
FerasNSR
- Topic Starter
-
- Members
- 7 posts
- OFFLINE
- Local time:08:08 AM
Posted 06 February 2024 - 07:45 AM
#7
quietman7
-
- Global Moderator
- 61,818 posts
- OFFLINE
Bleepin' Gumshoe
- Gender:Male
- Location:Virginia, USA
- Local time:12:08 AM
Posted 06 February 2024 - 07:50 AM
That link is still not working for me....attach the original (unedited) ransom note and several samples of encrypted files (different formats - doc, png, jpg) AND its original (unencrypted) file in a "zip file" to your next reply.
To attach files....Click the More Reply Options button in the bottom right corner of the Board Editor, then click the Choose File button under Attach Files.
.
.
Microsoft MVP Alumni 2023, Windows Insider MVP 2017-2020, MVP Reconnect 2016-2023
Microsoft MVP Consumer Security 2007-2015
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Retired Police Officer, Federal Agent and Coast Guard Chief
If I have been helpful & you'd like to consider a donation, click
#8
rivitna
-
- Security Colleague
- 185 posts
- OFFLINE
- Gender:Male
- Local time:08:08 AM
Posted 06 February 2024 - 08:05 AM
Here are the ransom note and the encrypted files
Attached Files
-
1659c9d5e3c476-README.txt 2.39KB
6 downloads
-
DropMeFiles_9DbLV.zip 306.82KB
9 downloads
#9
rivitna
-
- Security Colleague
- 185 posts
- OFFLINE
- Gender:Male
- Local time:08:08 AM
Posted 06 February 2024 - 08:08 AM
Here are other ransom notes that I found
Attached Files
-
353a66e3004269-README.txt 2.39KB
1 downloads
-
xxxxxxxxxxxxxx-README.txt 2.39KB
0 downloads
Edited by rivitna, 06 February 2024 - 08:09 AM.
#10
quietman7
-
- Global Moderator
- 61,818 posts
- OFFLINE
Bleepin' Gumshoe
- Gender:Male
- Location:Virginia, USA
- Local time:12:08 AM
Posted 06 February 2024 - 08:26 AM
Ransom notes contents are similar to some other notes I have seen but extension looks new.
!!! ATTENTION !!!Your network is hacked and files are encrypted.Including the encrypted data we also downloaded other confidential information:Data of your employees, customers, partners, as well as accounting andother internal documentation of your company.All data is stored until you will pay.After payment we will provide you the programs for decryption and we will delete your data.If you refuse to negotiate with us (for any reason) all your data will be put up for sale.What you will face if your data gets on the black market:1) The personal information of your employees and customers may be used to obtain a loan orpurchases in online stores.2) You may be sued by clients of your company for leaking information that was confidential.3) After other hackers obtain personal data about your employees, social engineering will beapplied to your company and subsequent attacks will only intensify.4) Bank details and passports can be used to create bank accounts and online wallets throughwhich criminal money will be laundered.5) You will forever lose the reputation.6) You will be subject to huge fines from the government.You can learn more about liability for data loss here:Courts, fines and the inability to use important files will lead you to huge losses.The consequences of this will be irreversible for you.Contacting the police will not save you from these consequences,but will only make your situation worse.You can get out of this situation with minimal lossesTo do this you must strictly observe the following rules:DO NOT Modify, DO NOT rename, DO NOT copy, DO NOT move any files.Such actions may DAMAGE them and decryption will be impossible.DO NOT use any third party or public decryption software, it may also DAMAGE files.DO NOT Shutdown or Reboot the system this may DAMAGE files.DO NOT hire any third party negotiators (recovery/police, etc.)You need to contact us as soon as possible and start negotiations.Your custom ID : pgAeE4KO8PlaQ6XwLjjkRxyer2nl6_vAmc4aTg| Your RANSOM : USD 30000|Our email|Lockhelp1998@skiff.com|retryit1998@tutamail.comRemember to send your ID when contacting us
.
.
Microsoft MVP Alumni 2023, Windows Insider MVP 2017-2020, MVP Reconnect 2016-2023
Microsoft MVP Consumer Security 2007-2015
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Retired Police Officer, Federal Agent and Coast Guard Chief
If I have been helpful & you'd like to consider a donation, click
#11
FerasNSR
- Topic Starter
-
- Members
- 7 posts
- OFFLINE
- Local time:08:08 AM
Posted 06 February 2024 - 09:35 AM
Dear Sir,
Any hope or luck to retrieve the data.
Thank you.
#12
quietman7
-
- Global Moderator
- 61,818 posts
- OFFLINE
Bleepin' Gumshoe
- Gender:Male
- Location:Virginia, USA
- Local time:12:08 AM
Posted 06 February 2024 - 10:17 AM
Not without obtaining the private encryption keys from the criminals who created the ransomware The private key is needed for decryption. Without the criminal's master private key, decryption is impossible. That usually means the key is unique (specific) for each victim and generated in a secure way (RSA, AES, Salsa20, ChaCha20, EDA2, ECDH, ECC) that cannot be brute-forced.
As with most ransomware your best defense is backing up data on a regular basis and the best solution for dealing with encrypted data after an infection is to restore from backups that have been isolated (offline) to a device not always connected to the network or home computer so they are unreachable. The only reliable way to effectively protect your data and limit the loss with this type of infection is to have an effective backup strategy.
.
.
Microsoft MVP Alumni 2023, Windows Insider MVP 2017-2020, MVP Reconnect 2016-2023
Microsoft MVP Consumer Security 2007-2015
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Retired Police Officer, Federal Agent and Coast Guard Chief
If I have been helpful & you'd like to consider a donation, click
#13
rivitna
-
- Security Colleague
- 185 posts
- OFFLINE
- Gender:Male
- Local time:08:08 AM
Posted 11 February 2024 - 07:26 AM
This is a new version of the HsHarada ransomware
https://github.com/rivitna/Malware/tree/main/HsHarada
#14
FerasNSR
- Topic Starter
-
- Members
- 7 posts
- OFFLINE
- Local time:08:08 AM
Posted 11 February 2024 - 09:24 AM
Dear Sir,
From where I can get the private encryption key. Kindly advise.
With Respect,
Feras
#15
FerasNSR
- Topic Starter
-
- Members
- 7 posts
- OFFLINE
- Local time:08:08 AM
Posted 11 February 2024 - 09:26 AM
This is a new version of the HsHarada ransomware
Dear Sir,
Can I try this decryption with my encrypted files.
I'm in a bad situation.
Please help.
Thank you,
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
