Posted 15 February 2024 - 03:59 AM
hello is ther eany luck priivate key failing when i decrypt. this file : )
I generated this RSA key pair as an example and patched the ransomware sample :-)
is there on attacked computer possible find private key or rsa key something ?
Unfortunately, it's impossible. :-(
Bleepin' Gumshoe
Posted 15 February 2024 - 08:47 AM
The criminal's private key is needed for decryption. Without the master private key decryption is impossible.
.
.
Microsoft MVP Alumni 2023, Windows Insider MVP 2017-2020, MVP Reconnect 2016-2023
Microsoft MVP Consumer Security 2007-2015 
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Retired Police Officer, Federal Agent and Coast Guard Chief
If I have been helpful & you'd like to consider a donation, click 
Posted 19 February 2024 - 10:54 AM
Hello, I'm fairly computer savvy but I often RDP to my home computer and the password wasn't strong enough and they got in. From googling it looks like it is RCRU64 Ransomware by insomnia1441.
I'm willing to pay someone to help me recover my files. The moron was asking for $5k! That's 2 months pay! Also I don't even have a fraction of that! So, if someone will do it for a reasonable amount, please let me know.
I attached two encrypted files, but I had to add ".txt" to get them to upload.
Posted 19 February 2024 - 10:56 AM
Also if I had a copy of a file that is not affected and a copy that is affected, would that help at all?
Also is there a bruteforce program I could run? I know it may take forever, but I gotta start somewhere.
Bleepin' Gumshoe
Posted 19 February 2024 - 10:59 AM
Also is there a bruteforce program I could run? I know it may take forever, but I gotta start somewhere.
The criminal's private key is needed for decryption. Without the master private key that can be used to decrypt your files, decryption is impossible as already noted by rivitna. That usually means the key is unique (specific) for each victim and generated in a secure way (RSA, AES, Salsa20, ChaCha20, EDA2, ECDH, ECC) that cannot be brute-forced...the public key alone that encrypted files is useless for decryption.
You may want to read Ransomware Encryption: The math, time and energy required to brute-force an encryption key (Post #16).
.
.
Microsoft MVP Alumni 2023, Windows Insider MVP 2017-2020, MVP Reconnect 2016-2023
Microsoft MVP Consumer Security 2007-2015
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Retired Police Officer, Federal Agent and Coast Guard Chief
If I have been helpful & you'd like to consider a donation, click
Posted 19 February 2024 - 11:17 AM
I'm sorry for the long answer.
RCRU64 ransomware encrypts files using AES-256 GCM and RSA-2048.
RCRU64 generates a random AES key and nonce for each file.
No solution yet.
It's impossible to brute-force the AES key.
I hope that the RSA-2048 factorization solution will appear in the near future, but no one knows when it will happen.
It's also hoped that the attackers' infrastructure will be seized and the private keys will become available.
Edited by rivitna, 19 February 2024 - 11:35 AM.
Posted 21 February 2024 - 09:33 AM
yes true my friend
but one thing why happening why they trying poor people who earning daily to daily
why not they target only rich company
in chatgpt there is no answer how to crack this encryption method or something 
because revers engineering everywhere might be something we missing and possible maybe ?
but i think admin something missed on computer might be is it helpfull some of data i have ? where i can send to you rivitna ?
if something helpfull we can give free of cost all keys who happen victims we give him free those logic
may be helpfull ? some proof i have i can send and let try it together help people
i hpoe those evidence helpfull for us might be to create key file as how they bad criminals used
i am waiting your reply my friend rivitna
Posted 21 February 2024 - 01:45 PM
but one thing why happening why they trying poor people who earning daily to daily
why not they target only rich company
This group attacks small and medium-sized businesses.
The attackers most often leverage external-facing RDP to initially access.
Therefore, use strong passwords, change them as often as possible (1-2 times per month at least). Passwords should not match or be repeated on different resources.
Install 2FA wherever possible.
ut i think admin something missed on computer might be is it helpfull some of data i have ? where i can send to you rivitna ?
If this is malware, please upload it to VirusTotal
To send other information, you can use https://dropmefiles.com, https://www.sendspace.com and etc
may be helpfull ? some proof i have i can send and let try it together help people i hpoe those evidence helpfull for us might be to create key file as how they bad criminals used
Unfortunately, adversaries don't often make mistakes in cryptographic schemes
Edited by rivitna, 21 February 2024 - 01:46 PM.
0 members, 1 guests, 0 anonymous users
Back to top
