HowDecrypt or CryptorBit Encrypting Ransomware - $500 USD Ransom Topic

Hello! So I've been following the thread on here called 'Cryptolocker Hijack program' and someone posted a link to here.

Now, I don't speak this language that well so I haven't been able to follow exactly what you guys have been saying here, but am I to believe that there's a way to look at the encoding of the encrypted file and figure out a way to decrypt it?

If so then please teach me how! I was infected back on September 11 (of all days, right?) and I have tried ShadowExplorer (which I know someone on here suggested) but I didn't have a date going back far enough to find unencrypted files.

Early on in this thread it was mentioned that you need to compare the encrypted file with the same file that was saved somewhere else that was not encrypted and I DO have that so can someone help please? Thanks so much!!

Oh, and I had the $300 version but I know this thread says $500. Don't know if this changes my prospects that much...

hi, before 20 days i submitted the exe files of this infector as was asked......has anyone looked at them? is there any interest in someone to help?

hi, before 20 days i submitted the exe files of this infector as was asked......has anyone looked at them? is there any interest in someone to help?

The chat seems to have just died. I want some answers too!!

As mentioned elsewhere the city I work for has been hit by this.

Unfortunately, I still have not been able to get a sample of the installer for this infection.

Someone had posted in the CryptoLocker thread showing the screen for HowDecrypt. This screen now has the title of Cryptorbit.

Hello,

Its been awhile since I have posted on bleepings fourms. Prob. back when Decrypt Protect was out.

Any who, i work at a tech company that handles thousands of calls a day and i am the Lead programmer at this company.

My absolute favorite thing to do though is reverse any malware that encrypts. So  i figured i would let you know that i am working closely with 3 clients that have this infection. At the moment i have a handful of encrypted pictures and documents of which im checking the headers of currently. 

To the point, later today i will be remoteing into a clients PC to get the Crytorbit installer among other files which i would be glad to share to figure out if this thing really uses RSA or not.

I also have a EXE my crawler picked up that it seems its pay load is related to Cryptobit, but i have yet to get it deployed correctly. Its quite interesting to see the actions it preforms under Procmon. Currently i only have a very small amount of it reversed as, like i said, its corrupted and i have been waiting for the one from my client.

Please let me know if you would like the one my crawler picked up in between the time my client lets me grab his.

Thanks. 

The sample has been submitted, and hopefully my client will contact me soon.

Happy hunting ;)

Hello all

I'm from italy i have the same problem virus cryptorbit ransomware

I have a factory in italy and all my documenti .doc ecc...il decripted.... I want to pay for have the key but now I have seen your forum, do you think is possible in the future have the key for decript all my document or is 99% lost all

I have the work of 30 yars. Please help me

I don't whant put  500$ for this criminal 

Same problem (cryptorbit) today here.

This is what I found out after I noticed my files were encrypted :

- At about 11:19 MS Security Essentials detected a Trojan (Trojan:Win32/Necurs.gen!A).

- At about 11:29 the encrypting was started

- From about 11:00 till 11:30 I have been reading mails (work mail, LinkedIn and others), visited  facebook (playing CC and responded on some messages) and an online shop (visite that shop ofter).

I remember some weird message when I opened a link in a LinkedIn email, but can remember what message.

Hope this might help you


 

Hello

I have some files in xls that have problem to open but I have some ods file that have problem to open and some one ods that work fine, I don't now if this information can help you for decript file

Hello,

i have a file encrypt and the same file not encrypt (recovery) if this information can help you for decrypt file

thanks

Hello,

Its been awhile since I have posted on bleepings fourms. Prob. back when Decrypt Protect was out.

Any who, i work at a tech company that handles thousands of calls a day and i am the Lead programmer at this company.

 

My absolute favorite thing to do though is reverse any malware that encrypts. So  i figured i would let you know that i am working closely with 3 clients that have this infection. At the moment i have a handful of encrypted pictures and documents of which im checking the headers of currently. 

 

To the point, later today i will be remoteing into a clients PC to get the Crytorbit installer among other files which i would be glad to share to figure out if this thing really uses RSA or not.

 

I also have a EXE my crawler picked up that it seems its pay load is related to Cryptobit, but i have yet to get it deployed correctly. Its quite interesting to see the actions it preforms under Procmon. Currently i only have a very small amount of it reversed as, like i said, its corrupted and i have been waiting for the one from my client.

 

Please let me know if you would like the one my crawler picked up in between the time my client lets me grab his.

 

Thanks. 

Okay.. This is great news!. Please don't drop out.. keep us informed with your findings. And foremost, thanks for your involvement.

I have successfully restored 15 jpgs, and 14 docs. The method is actually quiet simple and is not RSA or any type of encryption. Is there anyway i can get a few of the corrupted files from victims here so i can test this 100% and release an app? if i can get some tonight, ill have a app to fix these files tomorrow.

I have successfully restored 15 jpgs, and 14 docs. The method is actually quiet simple and is not RSA or any type of encryption. Is there anyway i can get a few of the corrupted files from victims here so i can test this 100% and release an app? if i can get some tonight, ill have a app to fix these files tomorrow.

What do you need and how can I get them to you? Do you want a sampling of different files because I have JPEGs and Microsoft Word/Excel/PowerPoint that are encrypted and would be happy to send you a couple of each if need be. 

I'll help however I can so people can get their files back and I'm just happy there are people like you who know how to do this sort of thing!

Oh, I should mention that I got hit with the $300 USD version back in September, not the $500 like the threat title says. I don't know whether or not that will make much of a difference. But still, maybe my files can help solve at least one of the two variants!

Edited by Arlothia, 29 January 2014 - 12:06 AM.