Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Generic User Avatar

TargetCompany/Mallox Ransomware (.tohnichi, .mallox, .xollam) Support Topic


  • Please log in to reply
294 replies to this topic

#16 caohaiwang

caohaiwang
  • Topic Starter

  •  Avatar image
  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 02 December 2021 - 03:22 AM

I think there may be two file encryption algorithms, BlowFish and AES, 56 bytes is the IV value of AES encrypted with BlowFish, and the last 32 bytes is the AES-256 key.



BC AdBot (Login to Remove)

 


#17 Demonslay335

Demonslay335

    Ransomware Hunter


  •  Avatar image
  • Security Colleague
  • 4,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:07 PM

Posted 03 December 2021 - 04:03 PM

Nope. It's ChaCha20, AES-128, and Curve25519.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#18 Demonslay335

Demonslay335

    Ransomware Hunter


  •  Avatar image
  • Security Colleague
  • 4,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:07 PM

Posted 03 December 2021 - 06:02 PM

@everyone

 

If you have been encrypted by this ransomware, please DM me with the following information:

  • *1-2 encrypted files
  • A copy of your ransom note
  • Whether you are a home user or if this affected a business

 

* Simply use any third-party sharing site (SendSpace, Mega, Dropbox, GDrive, etc...) to give me a link to the files.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#19 caohaiwang

caohaiwang
  • Topic Starter

  •  Avatar image
  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 07 December 2021 - 05:56 AM

Nope. It's ChaCha20, AES-128, and Curve25519.

roger .is there a more detailed analysis of the cryptographic algorithm?thank you sir



#20 caohaiwang

caohaiwang
  • Topic Starter

  •  Avatar image
  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 08 December 2021 - 02:45 AM

@everyone

 

If you have been encrypted by this ransomware, please DM me with the following information:

  • *1-2 encrypted files
  • A copy of your ransom note
  • Whether you are a home user or if this affected a business

 

* Simply use any third-party sharing site (SendSpace, Mega, Dropbox, GDrive, etc...) to give me a link to the files.

:thumbup2:​  :thumbup2:​  :thumbup2:​  :thumbup2:​  :thumbup2:​  :thumbup2:​  :thumbup2:​  :thumbup2:​  :thumbup2:​  :thumbup2:​  :thumbup2:​  :thumbup2:​  :thumbup2:​  :thumbup2:​  :thumbup2:​  :thumbup2:​  :thumbup2:​ 



#21 Amigo-A

Amigo-A

    Security specialist and Ransomware expert


  •  Avatar image
  • Members
  • 3,049 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Bering Strait
  • Local time:10:07 AM

Posted 07 February 2022 - 01:10 PM

Free Decryptor

 

https://decoded.avast.io/threatresearch/decrypted-targetcompany-ransomware/

https://www.bleepingcomputer.com/news/security/free-decryptor-released-for-targetcompany-ransomware-victims/


My site: The Digest "Crypto-Ransomware"  + Google Translate 

 


#22 xuedj

xuedj

  •  Avatar image
  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 20 February 2022 - 07:11 PM

Hello, according to the tutorial of your website, after the third part, I have to enter the password of the previous decrypter to proceed to the next step, but I have not decrypted it before, what should I do

 




#23 xuedj

xuedj

  •  Avatar image
  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 20 February 2022 - 07:51 PM

  I used the "avast_decryptor_targetCompany64" tool to decrypt it. After the third step, I have to enter a password to proceed to the next step, but I have not decrypted it before, so there is no password,



#24 quietman7

quietman7

    Bleepin' Gumshoe


  •  Avatar image
  • Global Moderator
  • 61,818 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:07 AM

Posted 20 February 2022 - 08:34 PM

Did you submit (upload) samples of encrypted files, ransom notes and any contact email addresses provided by the cyber-criminals to ID Ransomware (IDR) for assistance with identification and confirmation of the infection?


.
.
Microsoft MVP Alumni 2023Windows Insider MVP 2017-2020, MVP Reconnect 2016-2023

Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Retired Police Officer, Federal Agent and Coast Guard Chief

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif


#25 quietman7

quietman7

    Bleepin' Gumshoe


  •  Avatar image
  • Global Moderator
  • 61,818 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:07 AM

Posted 20 February 2022 - 08:44 PM

 
Can you provide (copy & paste) the ransom note contents in your next reply?

.
.
Microsoft MVP Alumni 2023Windows Insider MVP 2017-2020, MVP Reconnect 2016-2023

Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Retired Police Officer, Federal Agent and Coast Guard Chief

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif


#26 cybercynic

cybercynic

  •  Avatar image
  • Members
  • 2,073 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:07 AM

Posted 20 February 2022 - 09:35 PM

Are you sure the encrypted file extension is .avast? 

 

The TargetCompany ransomware  has several variants - .avast doesn't appear to be one of them. 


 


#27 xuedj

xuedj

  •  Avatar image
  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 20 February 2022 - 09:48 PM

Are you sure the encrypted file extension is .avast? 

 

The TargetCompany ransomware  has several variants - .avast doesn't appear to be one of them. 

Yes, the suffix is. Avast. Can I send you a ransom file and a ransom note



#28 xuedj

xuedj

  •  Avatar image
  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 20 February 2022 - 09:50 PM

 

 
Can you provide (copy & paste) the ransom note contents in your next reply?

 

YOUR FILES ARE ENCRYPTED !!!
 
TO DECRYPT, FOLLOW THE INSTRUCTIONS:
 
To recover data you need decrypt tool.
 
To get the decrypt tool you should:
 
1.In the letter include your personal ID! Send me this ID in your first email to me!
2.We can give you free test for decrypt few files (NOT VALUE) and assign the price for decryption all files!
3.After we send you instruction how to pay for decrypt tool and after payment you will receive a decryption tool! 
4.We can decrypt few files in quality the evidence that we have the decoder.
 
CONTACT US:
mallox@tutanota.com
recohelper@cock.li
 
YOUR PERSONAL ID: XXXXXXXXXXXX


#29 quietman7

quietman7

    Bleepin' Gumshoe


  •  Avatar image
  • Global Moderator
  • 61,818 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:07 AM

Posted 20 February 2022 - 09:53 PM

Follow the instructions I provided in your other topic.

.
.
Microsoft MVP Alumni 2023Windows Insider MVP 2017-2020, MVP Reconnect 2016-2023

Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Retired Police Officer, Federal Agent and Coast Guard Chief

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif


#30 xuedj

xuedj

  •  Avatar image
  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 20 February 2022 - 09:57 PM

Did you submit (upload) samples of encrypted files, ransom notes and any contact email addresses provided by the cyber-criminals to ID Ransomware (IDR) for assistance with identification and confirmation of the infection?

It's been submitted, but it's possible to decrypt it under certain conditions






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users