Bitcoin Forum
May 21, 2018, 11:54:26 AM *
News: Latest stable version of Bitcoin Core: 0.16.0  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: 1 2 3 [All]
  Print  
Author Topic: DELETE ME PLEASE  (Read 769 times)
Needfasthelp123
Newbie
*
Offline Offline

Activity: 1
Merit: 0


View Profile
March 07, 2018, 09:01:19 AM
 #1

delete thread please
1526903666
Hero Member
*
Offline Offline

Posts: 1526903666

View Profile Personal Message (Offline)

Ignore
1526903666
Reply with quote  #2

1526903666
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1526903666
Hero Member
*
Offline Offline

Posts: 1526903666

View Profile Personal Message (Offline)

Ignore
1526903666
Reply with quote  #2

1526903666
Report to moderator
Near28
Jr. Member
*
Offline Offline

Activity: 39
Merit: 9


View Profile
March 07, 2018, 09:53:30 AM
 #2

Post the instructions here. I get a timeout all the time...

when was the data encrypted? recently?

Edit:

Unfortunately, I find no information, not in Clearnet and nothing in the deepweb (in my sources). The thing is either pretty new or not mainstream.
At first glance, I would say it's a base64 encryption.



Near28
Jr. Member
*
Offline Offline

Activity: 39
Merit: 9


View Profile
March 07, 2018, 10:29:27 AM
 #3

Not for me. I only reach the "Enter-Page" "Welcome to our Service" enter the Gate Code - Timeout!

Got it
Near28
Jr. Member
*
Offline Offline

Activity: 39
Merit: 9


View Profile
March 07, 2018, 12:28:41 PM
 #4

Currently, not much. I will ask a few more people. The Decryption seems to work (i have seen your .png) but otherwise 0.5BTC is pretty much, what I know about such shi* scammer is that the normaly take a 100-500$ fee but not 5K - The number of people who would pay so much is extremely low.

I think this Ransomware-shit is a bit older.

I'll stay tuned, but I'm not home until evening.
akes2090
Jr. Member
*
Offline Offline

Activity: 56
Merit: 4


View Profile
March 07, 2018, 01:08:02 PM
 #5

@OP:

Can you do the following:

1) Assuming you are on Windows- press Crt+Alt+Del to bring up the Task Manager.
2) Click on the Processes tab and maximize the screen so that all running processes are in view.
3) Take a screenshot of the above and upload somewhere - post the link here.
4) Download Malwarebytes Anti-Malware (if you don't have it already) and update the signature/pattern database to the latest.
5) Run a full malware scan (might take an hour or 2 - depending on how big your HDD is) - post the results of the scan here.

Rickorick
Jr. Member
*
Offline Offline

Activity: 31
Merit: 1


View Profile
March 07, 2018, 02:21:40 PM
 #6

Did you make a backup of your wallet.dat or seed phrase?
DannyHamilton
Legendary
*
Offline Offline

Activity: 2156
Merit: 1352



View Profile
March 07, 2018, 02:44:26 PM
 #7

There are two possibilities here:

1.  Needfasthelp123 legitimately has 10.5 BTC locked up in a ransomware attack and can't afford the 0.5 BTC necessary to get the decryption completed (or is intelligently is unwilling to pay the ransom).

2.  Needfasthelp123 is a scammer that has provided a fake encrypted wallet and is trying to trick greedy people into sending him 0.5 BTC. He is hoping that someone will try to pay the ransom thinking that they will be able to decrypt the wallet and take the 10.5 BTC.  In that case, he receives the 10.5 BTC, and the fool that pays the ransom discovers that the encrypted file is not the wallet that Needfasthelp123 claims it is.

Unless you are Needfasthelp123 (or are willing to lose 0.5 BTC), DO NOT PAY THE RANSOM!
Unless you have adequate collateral (or are willing to lose 0.5 BTC), DO NOT LOAN the funds for the ransom to Needfasthelp123!

Hopefully the OP is honest, and hopefully someone can either help him crack the encryption of SELL him the necessary funds.

Near28
Jr. Member
*
Offline Offline

Activity: 39
Merit: 9


View Profile
March 07, 2018, 03:57:04 PM
 #8

have news for you.

I think the encryption was done with the old "Enc.Module", 2014 there was a wallet.dat with the same encryption which some people wanted to crack - recently, someone has managed to crack it.
Maybe somehow I'll get it in my hands - It seems to be a "two step" encryption.


Your wallet.dat looks like this?:

https://pastebin.com/raw/TunXFaDT
Thirdspace
Hero Member
*****
Offline Offline

Activity: 616
Merit: 542


Mixing reinvented for your privacy | chipmixer.com


View Profile
March 07, 2018, 11:54:11 PM
 #9

I'm a bit skeptic on this discussion.
I have some beliefs that the wallet is not his, and he just found it somewhere from the web
the wallet dated back 2014 and no transactions ever since and he just come forward today?
did it get infected by ransomware recently or a long time ago?

cissrawk
Sr. Member
****
Offline Offline

Activity: 490
Merit: 283


Do you believe a world of happy ending?


View Profile WWW
March 08, 2018, 01:20:59 AM
 #10

Try this site to detect your ransom type https://id-ransomware.malwarehunterteam.com/index.php , i want try to identify it but need more info about it such as ransom note to upload. I think you still have it.
If thats not detect as ransom, then you can Contact them and fill anything they need. AFAIK they probably can solve your problem by detect the ransom and give you the decrypt tool for free, and you can donate your bitcoin to their address. So you dont need to give your wallet to another people, just wait them to make decrypt tool for you.

Near28
Jr. Member
*
Offline Offline

Activity: 39
Merit: 9


View Profile
March 08, 2018, 09:33:34 AM
 #11

The whole thing is pretty confused.

I tried to decrypt your private key with known master keys, but unfortunately no success.
All persons I know have never heard of it or of the Nazi story...

I'm running out of ideas, the page actually seems to be fully automatic and someone pays the server bills... So it's up to you to pay or not or try to get in touch with this guys.
eternalgloom
Legendary
*
Offline Offline

Activity: 1218
Merit: 1053


Crypto-Games.net: Multiple coins, multiple games


View Profile
March 08, 2018, 11:51:01 AM
 #12

Hi
No reply from anyone at the attackers email.Just to answer more questions this Bitcoin was my savings. I heard about it , got some , and kept it.

They system they where on got infected by ransomware so I just pulled the wallet and a few other personal things off the system and formatted it.

It is my wallet I have the password. Not sure when it got infected because it was a semi old system that I never switched on much. I only used it for SEO software now and again.

Google has zero information on this problem , I tried searching every keyword I could find on that TOR page. I have got 0.1 BTC and maybe thinking about trying to crowd fund the rest ? I am running out of money fast so the BTC I have I may need to spend for food and fuel.

I see someone called ognasty is very trusted here. I could give him my wallet file and password. Do you think people would send money to him ? we can work out a deal for who gets what amount based on who donates what amount ? Does anyone know ognasty , can we call him into this thread.I am not from this community so if you guys know anyone else who I can trust with 10.5 BTC just let me know. I will trust the crowd.

any help you can offer is amazing and I thank you all so much.I am no Bitcoin expert , maybe not even a novice.

PS. There is some other accounts in the wallet.dat with bitcoin. Not sure how much but its more than 10.5 you see in the one wallet.





I'm really not buying it, I agree with what DannyHamilton said and I think it's option 2. I would really advise against giving this guy any money.
OP, if you are somehow telling the truth, you shouldn't be trying to beg for money on this forum.

For all we know, you could be the one in control of that ransomware deposit address. I'm sorry if you are being honest OP, but even then you should pay for this yourself.


▄▄▄████████▄▄▄
▄██████████████████▄
▄██████████████████████▄
██████████████████████████
████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
████████████████████████████
██████████████████████████
▀██████████████████████▀
▀██████████████████▀
▀▀▀████████▀▀▀
   ███████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
███████
BTC  ◉PLAY  ◉XMR  ◉DOGE  ◉BCH  ◉STRAT  ◉ETH  ◉GAS  ◉LTC  ◉DASH  ◉PPC
     ▄▄██████████████▄▄
  ▄██████████████████████▄        █████
▄██████████████████████████▄      █████
████ ▄▄▄▄▄ ▄▄▄▄▄▄ ▄▄▄▄▄ ████     ▄██▀
████ █████ ██████ █████ ████    ▄██▀
████ █████ ██████ █████ ████    ██▀
████ █████ ██████ █████ ████    ██
████ ▀▀▀▀▀ ▀▀▀▀▀▀ ▀▀▀▀▀ ████ ▄██████▄
████████████████████████████ ████████
███████▀            ▀███████ ▀██████▀
█████▀                ▀█████
▀██████████████████████████▀
  ▀▀████████████████████▀▀ 
✔️DICE           
✔️BLACKJACK
✔️PLINKO
✔️VIDEO POKER
✔️ROULETTE     
✔️LOTTO
Near28
Jr. Member
*
Offline Offline

Activity: 39
Merit: 9


View Profile
March 08, 2018, 01:24:25 PM
 #13

Quote
I AM NOT BEGGING FOR MONEY ! I am offering to give wallet and password to trusted member to try sort this out. ( just 1 option )
Calm down, eternalgloom is not wrong, caution is always required. Nobody can check if the wallet is real or fake, it is fully encrypted so nobody can verify it.

Honestly, I do not think it's easy to crack, the encryption and everything around it (the site etc) looks solid, it does not look like amateurs.
No idea how you got that on your pc, apparently it was never really in circulation otherwise we would have heard of it already.

Quote
Thank you I have submitted files to them. Hoping they can help. I also have 3 other decryption sites on the go. Offering 5-7K for anyone who can do it.
That's probably the most realistic chance you have.

Near28
Jr. Member
*
Offline Offline

Activity: 39
Merit: 9


View Profile
March 08, 2018, 05:29:19 PM
 #14

they answered you?

turn on your PNs for Newbies.
Near28
Jr. Member
*
Offline Offline

Activity: 39
Merit: 9


View Profile
March 08, 2018, 07:29:17 PM
 #15

Turn your PNs on for "Newbies". i want to send you something.
Nrcewker
Copper Member
Hero Member
*****
Offline Offline

Activity: 665
Merit: 500


Geek UAV Pilot


View Profile WWW
March 08, 2018, 07:37:39 PM
 #16

Hi , I have only the wallet.dat that got encrypted.

I really do not have 0.5 BTC to pay , and would not pay even if I did, the site may be non maintained ( no reply to emails )

The ransomware is from 2014 there must be a way to decrypt by now.

I don't wish anyone to send me any bitcoin , only advise and a solution.

If I get my 10.5 BTC back I will be sharing some out with the people who helped.

These where my life savings - all the BTC I have ever had.

Thanks

I would be willing to give the wallet file + password to someone very trusted on the forum if someone did want to try pay the 0.5 BTC but I am totally against giving this scumbag money . His price is from 2014 and totally unreasonable. also not 100% it would work.

just freaking out , i tried everything to get somewhere with this and failed. ZERO clues from google or any other search engine. Which is weird right ?

I was reading the pages for clues for hours


give me a try to decrypt files let me see what i can do i have solved similar cases there is no 100% success but we can

                     ▓█████████████▓                       
                 ▓███▓██  █████████▓███▓▒                 
              ▓██▓▒▓█▓▒ ▒▒▓▓████████████▓██               
            ▓██▓▒  ▒█▓▓▓██████████████▓▒▒▒▓█▓             
           ███▓█▒▓█▓▒▒▓▓█████████████████  ███             
         ▓█▓▒▒▒█▓▓   ▓█▓█▓█████████████      ███           
        ▓█▒▒▒▒  █▓███▒▒▒▒▓▓█▓██████████       ███         
        ██▒▒▒▒   ▓██▓▒▒▓█▓▒▒▒▒▓▒▓▒█▒▓▒     ██▓ ▒█         
       ██▒▒▓▓▒     ▒▒▒▓▓▓▓▒▓▒▒▒▒▒▒▒▒▒           ▓█         
       █▓▒▒▓▓▒     ▒█▒▓▓▒▓▒▓▒▒▓▒▓▒▒▓▒▓         ▒▒█         
      ▓█▓█         █▓████████████████▓        ████▓       
      ▓█▓█       ███▓████████████████▓       █████▓       
       █▓█      ████▓████████████████▓     █▓▓████         
       ▓██ █████████▓████████████████▓▓▓  ██▓███▓█         
        ██ ▓█▓██████▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓█▓▓▓███████▓█         
         ██  ████████▓▓▓▓▓▓▓███████████▓██▓██████         
          █▓██████████████████ ██▓██   ███▓██▓█▓           
           ██████████████████    ▓▓█▓▓█████▓██▓           
            ▓███████▓██████       ███▓██████▓             
               ██▓██████████▓▓██    ██▓███▓               
                 ▓███▓██████     ██▓███▓█                 
                     ▓████████████▓▓                       
 
►  Telegram
►  Twitter
►  Facebook
akes2090
Jr. Member
*
Offline Offline

Activity: 56
Merit: 4


View Profile
March 08, 2018, 07:38:01 PM
 #17

Sure resembles asymmetrical encryption to me.
Can you go to the infected PC and run the following at the command prompt:

certmgr.msc

Then in the window that opens- in the left pane, click on the "Personal" folder and see what comes up (if anything) in the right pane.

My guess is that the malware created a self-signed certificate in the certificate store then used the public key to encrypt the content of files in the background.
So if you were to pay the ransom - the app sent to you would reverse the process using the private key.

Sorry to say this - but if this is the case then there is no way to get the private key used for encryption. No hacker or service can help - we don't have the quantum computing technology for this yet.
Near28
Jr. Member
*
Offline Offline

Activity: 39
Merit: 9


View Profile
March 08, 2018, 08:17:20 PM
 #18

Quote
My guess is that the malware created a self-signed certificate in the certificate store then used the public key to encrypt the content of files in the background.

The public key is written in every file (It is the Unique-ID). The Scammer will send him the Master-Key + the Software that reverse the encryption. The chance to Crack/Brutforce what ever is is almost zero



Near28
Jr. Member
*
Offline Offline

Activity: 39
Merit: 9


View Profile
March 08, 2018, 08:30:57 PM
 #19

Profile, than in the menu left, Personal Message Options, "allow Newbies to send you PNs".
Nrcewker
Copper Member
Hero Member
*****
Offline Offline

Activity: 665
Merit: 500


Geek UAV Pilot


View Profile WWW
March 08, 2018, 09:05:23 PM
 #20

Turn your PNs on for "Newbies". i want to send you something.

no idea what this means




akes : The infected pc has been formatted .....

Nrcewker : https://ufile.io/sum9z  -- it was a png file of my QR code - same encryption just not my wallet if you can bring the QR code png back then u can do the same to wallet.

for complete decryption i need access to infected computer its not so easy as you think

                     ▓█████████████▓                       
                 ▓███▓██  █████████▓███▓▒                 
              ▓██▓▒▓█▓▒ ▒▒▓▓████████████▓██               
            ▓██▓▒  ▒█▓▓▓██████████████▓▒▒▒▓█▓             
           ███▓█▒▓█▓▒▒▓▓█████████████████  ███             
         ▓█▓▒▒▒█▓▓   ▓█▓█▓█████████████      ███           
        ▓█▒▒▒▒  █▓███▒▒▒▒▓▓█▓██████████       ███         
        ██▒▒▒▒   ▓██▓▒▒▓█▓▒▒▒▒▓▒▓▒█▒▓▒     ██▓ ▒█         
       ██▒▒▓▓▒     ▒▒▒▓▓▓▓▒▓▒▒▒▒▒▒▒▒▒           ▓█         
       █▓▒▒▓▓▒     ▒█▒▓▓▒▓▒▓▒▒▓▒▓▒▒▓▒▓         ▒▒█         
      ▓█▓█         █▓████████████████▓        ████▓       
      ▓█▓█       ███▓████████████████▓       █████▓       
       █▓█      ████▓████████████████▓     █▓▓████         
       ▓██ █████████▓████████████████▓▓▓  ██▓███▓█         
        ██ ▓█▓██████▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓█▓▓▓███████▓█         
         ██  ████████▓▓▓▓▓▓▓███████████▓██▓██████         
          █▓██████████████████ ██▓██   ███▓██▓█▓           
           ██████████████████    ▓▓█▓▓█████▓██▓           
            ▓███████▓██████       ███▓██████▓             
               ██▓██████████▓▓██    ██▓███▓               
                 ▓███▓██████     ██▓███▓█                 
                     ▓████████████▓▓                       
 
►  Telegram
►  Twitter
►  Facebook
BitMaxz
Legendary
*
Offline Offline

Activity: 1064
Merit: 1019

Happy Mother's day...


View Profile
March 08, 2018, 10:59:06 PM
 #21

I experienced to remove encrypted files or infected PC with ransomware before I use 2 types of tools, one is kaspersky ransomware decryptor and the other one is Hiren's Proteus, which is paid version. I don't know if the free version of hiren's can remove the latest ransomware but you can try.

Try this first https://noransom.kaspersky.com/

There are different tools of decryptor in kaspersky and try them 1 by 1 because we don't know what type of ransomware you have.

You can try the hiren's for scanning your pc on bootable built in os and scan using avira and you must choose clean or fix only Do this at your own risk because if you choose to delete/remove some of your system files could be deleted that can affect your pc boot up.

You can download the free version of hiren's here https://www.hiren.info/pages/bootcd

But you need an extra usb flashdrive or cd to burn hiren's bootcd.

This tool is for technician only, but if you wanted to repair and remove viruses and malware to your pc this tool could help.

Honestly, I am using the hiren's proteus version which includes premium tools than a free version. However, you can try the free version.

grafich
Newbie
*
Offline Offline

Activity: 2
Merit: 0


View Profile
March 09, 2018, 06:30:17 PM
 #22

your encrypted file is only qr code of your address? LOL

https://prnt.sc/ip088v
akes2090
Jr. Member
*
Offline Offline

Activity: 56
Merit: 4


View Profile
March 09, 2018, 07:52:16 PM
 #23

@OP: There's something odd here - how were you notified by the attacker of the ransomware and receive instructions for payment?  Huh Undecided
It's highly improbable that you were sent an email. So what method was used to inform you??
Cryptohasher76
Jr. Member
*
Offline Offline

Activity: 34
Merit: 0


View Profile
March 09, 2018, 08:01:53 PM
 #24

I might be able to help.   shoot me an email cryptohasher76@gmail.com, I need additional information.
Thirdspace
Hero Member
*****
Offline Offline

Activity: 616
Merit: 542


Mixing reinvented for your privacy | chipmixer.com


View Profile
March 09, 2018, 10:40:16 PM
 #25

if only you've made several copies of your wallet.dat, this won't be happening
make multiple copies, rename them and store them in different places
or dump private keys in a text, zip encrypt it, hide it with inconspicuous name
anything could've helped you gain control back of your fund without paying the ransom

BitMaxz
Legendary
*
Offline Offline

Activity: 1064
Merit: 1019

Happy Mother's day...


View Profile
March 09, 2018, 11:13:17 PM
 #26

Don't deal with anyone or newbie except for higher ranks with neutral or positive trust.

Could you try this method?

First, you must show hidden files and folders by opening folder option,

Folder option can be found here, click start>use the search bar>type "folder option" without quote>click view tab

Now, change the "hidden files and folders" to show hidden files, folders and drive-off

Then scroll down and look for "Hide protected operating system files" then uncheck.

Now go to  C:\Users\admin\AppData\Roaming\Electrum\wallets

inside the folder, it must be your wallet.dat but the attributes still are hidden you can use the unhide tool.

Copy that wallet.dat into USB and use this tool http://ccm.net/download/download-24190-usb-show

open USB show then locate your USB to unhide the file.

Now you should have the wallet.dat unhide,

Note you must use a clean computer where you wanted to import your wallet.dat for safety purposes.

Hope this time your problem solve.

If not let me try to solve your problem via chrome remote desktop just pm me.

Rickorick
Jr. Member
*
Offline Offline

Activity: 31
Merit: 1


View Profile
March 10, 2018, 12:01:25 AM
 #27

If this is the encryption used here, then i think you don't have a problem

https://imgur.com/a/1KX1j
Rickorick
Jr. Member
*
Offline Offline

Activity: 31
Merit: 1


View Profile
March 10, 2018, 12:53:31 AM
 #28

If you do it pm me your email address

PM sent.
Near28
Jr. Member
*
Offline Offline

Activity: 39
Merit: 9


View Profile
March 10, 2018, 09:50:15 AM
 #29

You should provide a file that is not allready cracked and downloadable for each one on the .onion site.
Each dork can download the decrypted .png file (http://igza4c6icqzboodb.onion/tmpdwn/Q7Lh4Rqr.png.iGZa4C.decrypt) and claim he has cracked it.

just my 2 cents.


cr4ckheaD
Newbie
*
Offline Offline

Activity: 1
Merit: 0


View Profile
March 10, 2018, 11:38:54 AM
 #30

I can help you. The encryption on this is weak. Email me at fremantal@protonmail.com
kahc
Member
**
Offline Offline

Activity: 210
Merit: 10


View Profile
March 10, 2018, 09:28:19 PM
 #31

May I ask why you didn't use the offered one free decrypt on your wallet?
Instead you upload a QR image? Huh
grafich
Newbie
*
Offline Offline

Activity: 2
Merit: 0


View Profile
March 10, 2018, 09:46:02 PM
 #32

can you upload more encrypted files except your wallet without renamed it (3 or 5 encrypted files)
Cdjaw2016
Newbie
*
Offline Offline

Activity: 1
Merit: 0


View Profile
March 11, 2018, 04:23:12 AM
 #33

Hi just went through ur post mayb I can help u . But not here start with email and on email we will share our numbers then we will start decrypting
Regards
Chandan
cd.jaw2016@gmail.com
bitcoinpeddler
Newbie
*
Offline Offline

Activity: 11
Merit: 5


View Profile
March 11, 2018, 05:22:43 AM
 #34

It seems you have a lot of people professing they can solve your problem but the fact of the matter is that most ransomware viruses generate special keys per infected user usually something like (public key + master key) = decrypt files. most of the time the time these ransomware programs are impossible to decrypt unless there keys have been confiscated by authorities. I was surprised that google showed virtually nothing for igza4c as this seems to be there file extension. do you recall anything else around the time of infection such as a screen locker any relevant pictures or even a brand such as (coinvault) ?
imjustagirl
Jr. Member
*
Offline Offline

Activity: 102
Merit: 3


View Profile WWW
March 11, 2018, 09:39:06 AM
 #35

I haven't tried breaking ransomeware before, sounds challenging.
A question though ,would it not be easier to run something like Recuva on the HD to try to recover the old unencrypted wallet.dat instead of trying to decrypt the new one?
This would be your decoded QR file, right?
https://imgur.com/a/uR1lN

MUNcoin ❱❭ When outstanding features meet perfect development team (http://muncoin.net/)
bob123
Sr. Member
****
Offline Offline

Activity: 560
Merit: 409



View Profile
March 11, 2018, 10:09:27 AM
 #36

I haven't tried breaking ransomeware before, sounds challenging.
A question though ,would it not be easier to run something like Recuva on the HD to try to recover the old unencrypted wallet.dat instead of trying to decrypt the new one?

Ransomware is coded to encrypt the whole HD (somtimes: except from a few directories to still show desktop, ransom notice, etc.. ).
Usually there are no unencrypted files anywhere on the hard drive left.

Since recuva is a software to restore deleted[1] files, this unfortunately can't work out.


[1] deleted in terms of removed from the trash bin, but not yet overwritten on the HD.

imjustagirl
Jr. Member
*
Offline Offline

Activity: 102
Merit: 3


View Profile WWW
March 11, 2018, 10:24:14 AM
 #37

So basically if the guy at some point moved - duplicated - deleted to trashcan one copy of wallet.dat - emptied the trashcan, Recuva would work to recover it even if the HD is encrypted, since the ransomware would not encrypt that deleted file. Wow, that's a good reason to create a copy of your wallet.dat, delete it to trashcan and empty it, just in case you ever get ransomware. Interesting way to back up a wallet.dat  Grin

MUNcoin ❱❭ When outstanding features meet perfect development team (http://muncoin.net/)
bob123
Sr. Member
****
Offline Offline

Activity: 560
Merit: 409



View Profile
March 11, 2018, 10:47:02 AM
 #38

So basically if the guy at some point moved - duplicated - deleted to trashcan one copy of wallet.dat - emptied the trashcan, Recuva would work to recover it even if the HD is encrypted, since the ransomware would not encrypt that deleted file.

Never heared from such an idea  Grin

I think this depends on how the ransomware is coded. It might be the case that the ransomware is going to encrypt the whole HD (not just all files, but all sectors of the hard drive).
In this case this wouldn't work, unfortunately.

Additionally it also depends on whether the deleted files already got overwritten.
Assuming HDD (because recovery is extremely difficulty on SSD's):
If you move your file into the trashcan and empty it, the file is not really 'deleted'. The space (where the file was) is being released.
Depending on how much space your HD has and how much you are writing onto your HD, the timeframe in which the file is still available varys heavily.
For example: If you 'fill' your harddrive completely, your file is no longer available on your HD, for sure.



Wow, that's a good reason to create a copy of your wallet.dat, delete it to trashcan and empty it, just in case you ever get ransomware. Interesting way to back up a wallet.dat  Grin

At least that could work in such a case Grin
But i'd still recommend a 'standard' backup (e.g. move to USB's) instead of deleting a copy in the hope of being able to recover it someday Cheesy

preshpr1nce
Member
**
Offline Offline

Activity: 154
Merit: 54


View Profile
March 11, 2018, 03:44:21 PM
 #39

It's a shame you formatted the computer and lost the malware/virus that did this, cracking a key on a strong encryption is going to be pretty well impossible, your best bet would of been to try reverse engineer the executable that encrypted your wallet.dat and find the key this way, good chance they're using a mainstream encryption like AES, getting the key from the executable was really your only hope.

If you can some how get it back through a file recovery tool, assuming you identified it first, I'll give it a go.

But not backing up wallet.dat and formatting the machine seems a bit suspicious.

BLOCKPORT
Hybrid exchange with decentralised wallets | FIAT purchases | Cross exchange architecture | Social trading | ICO sold out in 12 minutes
preshpr1nce
Member
**
Offline Offline

Activity: 154
Merit: 54


View Profile
March 12, 2018, 09:49:08 AM
 #40

Have got no where with this.

Going to have to pay this asshole !!

Do you think there is any the encryption password is the ID # ?

ID:#Ez9Sfk6BsgKnnq9E0E8fdtiMpt2BcbYG#

if this was the case could one of these programs maybe unlock the files ?

http://listoffreeware.com/list-best-free-file-encryption-software/

i'm struggling Sad

What is uniquePass? if that's your wallet password then I would avoid going through with this, in that case it's most likely he has your wallet.dat and is using this to try get your password so he can take over your wallet, probably takes the wallet, assigns an ID, waits for you to hand over your pass phrase then you're screwed, you'll lose what ever you send him + your wallet.

BLOCKPORT
Hybrid exchange with decentralised wallets | FIAT purchases | Cross exchange architecture | Social trading | ICO sold out in 12 minutes
preshpr1nce
Member
**
Offline Offline

Activity: 154
Merit: 54


View Profile
March 12, 2018, 10:33:37 AM
 #41

Have you googled his email or contact method?
I would be careful expecting a result from a person doing this back in 2014.

BLOCKPORT
Hybrid exchange with decentralised wallets | FIAT purchases | Cross exchange architecture | Social trading | ICO sold out in 12 minutes
preshpr1nce
Member
**
Offline Offline

Activity: 154
Merit: 54


View Profile
March 12, 2018, 11:01:02 AM
 #42

googled everything!  Angry

Its like it never existed until it got me. All google results now there because of me and this thread.

Do you have his wallet address? have you looked it up?

BLOCKPORT
Hybrid exchange with decentralised wallets | FIAT purchases | Cross exchange architecture | Social trading | ICO sold out in 12 minutes
cissrawk
Sr. Member
****
Offline Offline

Activity: 490
Merit: 283


Do you believe a world of happy ending?


View Profile WWW
March 12, 2018, 11:16:06 AM
 #43

I cant find good information about this encrypted file on that site. I posted it on facebook group too but they dont know what is this ransom or how to decrypt it  Undecided .

preshpr1nce
Member
**
Offline Offline

Activity: 154
Merit: 54


View Profile
March 12, 2018, 12:26:56 PM
 #44

All the info in first post , you should go look at TOR address. Very interesting stuff despite being a f**k**g nightmare.

Address is a new one generated just for me.

Would rather not go on to a tor website just to get his wallet address, can you post it here?

BLOCKPORT
Hybrid exchange with decentralised wallets | FIAT purchases | Cross exchange architecture | Social trading | ICO sold out in 12 minutes
preshpr1nce
Member
**
Offline Offline

Activity: 154
Merit: 54


View Profile
March 12, 2018, 01:42:20 PM
 #45

The website is the most interesting part and I think the clues are there somewhere. If your too lazy to check the site then I don't see this going well at all.

The issue now isn't about recovering your wallet through cracking it, I think your chances here are pretty well impossible without even knowing the ransomware responsible and the little information we have to go on.

The issue now is, do you waste $5000 for nothing, providing the wallet address means you can do a lookup, see when it was last active etc.

Right now, I'm thinking your $5000 will go to complete waste.

BLOCKPORT
Hybrid exchange with decentralised wallets | FIAT purchases | Cross exchange architecture | Social trading | ICO sold out in 12 minutes
Near28
Jr. Member
*
Offline Offline

Activity: 39
Merit: 9


View Profile
March 13, 2018, 11:07:10 AM
 #46

Quote
Lets just see what happens now , but I am 100% not paying ! If I lose 10.5 BTC its not the end of the world. Even tho just 10K is alot of money to me. People need to learn that BTC crime wont pay.

You are in a really shitty situation, I do not know how I would react. as I have already told you: I also talked to them and I do not think that's scam.
I also offered to send him 0.35BTC (Of course I would not have sent it to him, I just wanted to see how he reacted) but he refused with the same explanation he give you, everything is automated.
No idea, if all was fraud, he would have safely accepted the 0.35BTC.

I hope for you that you still find someone who can crack that - but unfortunately I see little to no chance.
kahc
Member
**
Offline Offline

Activity: 210
Merit: 10


View Profile
March 13, 2018, 02:16:24 PM
 #47

There are two possibilities here:

1.  Needfasthelp123 legitimately has 10.5 BTC locked up in a ransomware attack and can't afford the 0.5 BTC necessary to get the decryption completed (or is intelligently is unwilling to pay the ransom).

2.  Needfasthelp123 is a scammer that has provided a fake encrypted wallet and is trying to trick greedy people into sending him 0.5 BTC. He is hoping that someone will try to pay the ransom thinking that they will be able to decrypt the wallet and take the 10.5 BTC.  In that case, he receives the 10.5 BTC, and the fool that pays the ransom discovers that the encrypted file is not the wallet that Needfasthelp123 claims it is.

Unless you are Needfasthelp123 (or are willing to lose 0.5 BTC), DO NOT PAY THE RANSOM!
Unless you have adequate collateral (or are willing to lose 0.5 BTC), DO NOT LOAN the funds for the ransom to Needfasthelp123!

Hopefully the OP is honest, and hopefully someone can either help him crack the encryption of SELL him the necessary funds.

SCAM alert!
You are right, I'm certain this is a scam.


There are just too many signs that point to scam:
 
1. How convenient that this http://www.fixallthreats.com/help-get-rid-igza4c-file-virus/ suddenly appears on search engine.
Lol, check their removal methods for all their malwares/viruses listed on their page,  the same fucking screenshots.

2. TS had the chance to decrypt one file for free and chooses to decrypt a QR image instead of his wallet.dat .

3. iGZa4C isn't mentioned anywhere before, because the name was recently made up by TS.

4. TS tries to play innocent and offers to send his wallet and password to the trusted escrow ognasty, and that anyone willing to give 0.1 BTC would get 0.25 BTC after the wallet is decrypted.
However an escrow wouldn't be of much help in this case, since the wallet.dat most probably is empty/fake.

5. http://igza4c6icqzboodb.onion got indexed 08.03.2018. (image  provided)
TS thought people would not notice since they can't do a whois-lookup?

Rickorick
Jr. Member
*
Offline Offline

Activity: 31
Merit: 1


View Profile
March 13, 2018, 03:01:52 PM
 #48

There are two possibilities here:

1.  Needfasthelp123 legitimately has 10.5 BTC locked up in a ransomware attack and can't afford the 0.5 BTC necessary to get the decryption completed (or is intelligently is unwilling to pay the ransom).

2.  Needfasthelp123 is a scammer that has provided a fake encrypted wallet and is trying to trick greedy people into sending him 0.5 BTC. He is hoping that someone will try to pay the ransom thinking that they will be able to decrypt the wallet and take the 10.5 BTC.  In that case, he receives the 10.5 BTC, and the fool that pays the ransom discovers that the encrypted file is not the wallet that Needfasthelp123 claims it is.

Unless you are Needfasthelp123 (or are willing to lose 0.5 BTC), DO NOT PAY THE RANSOM!
Unless you have adequate collateral (or are willing to lose 0.5 BTC), DO NOT LOAN the funds for the ransom to Needfasthelp123!

Hopefully the OP is honest, and hopefully someone can either help him crack the encryption of SELL him the necessary funds.

SCAM alert!
You are right, I'm certain this is a scam.


There are just too many signs that point to scam:
 
1. How convenient that this http://www.fixallthreats.com/help-get-rid-igza4c-file-virus/ suddenly appears on search engine.
Lol, check their removal methods for all their malwares/viruses listed on their page,  the same fucking screenshots.

2. TS had the chance to decrypt one file for free and chooses to decrypt a QR image instead of his wallet.dat .

3. iGZa4C isn't mentioned anywhere before, because the name was recently made up by TS.

4. TS tries to play innocent and offers to send his wallet and password to the trusted escrow ognasty, and that anyone willing to give 0.1 BTC would get 0.25 BTC after the wallet is decrypted.
However an escrow wouldn't be of much help in this case, since the wallet.dat most probably is empty/fake.

5. http://igza4c6icqzboodb.onion got indexed 08.03.2018. (image  provided)
TS thought people would not notice since they can't do a whois-lookup?



Kahc, you're one smart ass motherfucka, nice one.
kahc
Member
**
Offline Offline

Activity: 210
Merit: 10


View Profile
March 13, 2018, 05:19:43 PM
 #49


Near28 : offered the guy on the email 0.35 BTC and he declined it !! what scammer does that !!!!

I just seem to be the only person on the planet stuck with this shitty .igza4c crap on my wallet.

now that all your points are mute -    HELP ME PLEASE !!!! SERIOUSLY IV LOST 10.5 BTC !!!!!!!!!


Is it possible you have the skillz to download a whole TOR site ?

THIS IS NOT A SCAM - IF IT WAS I WOULD SEND THE WALLET FILE EVERYWHERE I COULD !

I DO NOT WANT ANYONE'S BTC - I JUST WANT HELP !!!!!!!!!!


This is exactly what caught my attention to investigate.

Either Near28 is you alt-account or you are actually the guy behind the proton email-address replying him.
You trying so hard to act like you are the victim backfired.

Good luck with your scamming.
cissrawk
Sr. Member
****
Offline Offline

Activity: 490
Merit: 283


Do you believe a world of happy ending?


View Profile WWW
March 14, 2018, 10:36:29 AM
 #50

Here is my reply from the proton mail address :


This ransomware should be dead, very weird... I'm really sorry about the situation but If we cooperate, I want to know a few things.
First I want to know who you are, then I want to know what exactly happened? I want to know the coordinates of the computer and the exact time of the activation of the ransomware.
I also want to see the value of this registry keys WinService on this path:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
The value looks like this: "C:\Windows\System32\FOLDERNAME\HuhHuh.exe"
I need to know the NAME of the folder in which the HuhHuh.exe file is located.
These details are important to me, so I'll know if you're a friend or an enemy. I don't need your money and if you're on the right side I'll help you free. if you're an enemy, fuck yourself, your money works against my people and my help would be contradictory.
I hope I was clear, that's fair! I'm sorry but I have a lot of work. Please be clear in the response if you want help.
Salute


any idea what some of this means ? any clues ?
This mean for pc that still infected with ransomware which "??.exe" is ransom software that active on your pc background.

Near28
Jr. Member
*
Offline Offline

Activity: 39
Merit: 9


View Profile
March 14, 2018, 02:56:16 PM
 #51

Quote
This is exactly what caught my attention to investigate.

Either Near28 is you alt-account or you are actually the guy behind the proton email-address replying him.
You trying so hard to act like you are the victim backfired.

Good luck with your scamming.

Thanks for the accusation but next time let it be if you have no proof and only suspect because.. because of what?
If you had read the whole thread, you would have seen that the whole story looks strange to me as well - That's why I sent an email to the operator of the onion site - to see how he reacts.

However, I can not help the TS - So I stay away from the thread before the next "investigator" comes and suspects me for no reason.
kahc
Member
**
Offline Offline

Activity: 210
Merit: 10


View Profile
March 14, 2018, 04:23:24 PM
 #52

Quote
This is exactly what caught my attention to investigate.

Either Near28 is you alt-account or you are actually the guy behind the proton email-address replying him.
You trying so hard to act like you are the victim backfired.

Good luck with your scamming.

Thanks for the accusation but next time let it be if you have no proof and only suspect because.. because of what?
If you had read the whole thread, you would have seen that the whole story looks strange to me as well - That's why I sent an email to the operator of the onion site - to see how he reacts.

However, I can not help the TS - So I stay away from the thread before the next "investigator" comes and suspects me for no reason.


You are welcome, the whole story doesn't looks strange to me, it looks exactly like a scam attempt.
You are just too blind to see.

What did you accomplish by sending that email? Let me tell you, nothing at all.
TS is the one behind that email and playing you like a fool.


You know what, what about you bet with me?
A symbolic amount of 0.1BTC, of course we will use a trusted escrow for that.

If TS can't provide a signed message from his address 13Lo5aZDZuEm4qVF478KfWJUvi9JCDngAx within 3 months time, I win.
Otherwise you win.


imjustagirl
Jr. Member
*
Offline Offline

Activity: 102
Merit: 3


View Profile WWW
March 14, 2018, 04:42:00 PM
 #53

Seriously, if the guy was legit, he would just post his encrypted wallet.dat file instead of his qr code.
He claims the wallet file is password protected, so I see no reason not to give it to anyone who wants to crack this type of encryption. There is a password protected file with 1 BTC in it, which nobody has cracked, so this is safe.

MUNcoin ❱❭ When outstanding features meet perfect development team (http://muncoin.net/)
Near28
Jr. Member
*
Offline Offline

Activity: 39
Merit: 9


View Profile
March 14, 2018, 06:20:10 PM
 #54

Quote
You are welcome, the whole story doesn't looks strange to me, it looks exactly like a scam attempt.
You are just too blind to see.

What did you accomplish by sending that email? Let me tell you, nothing at all.
TS is the one behind that email and playing you like a fool.

You know what, what about you bet with me?
A symbolic amount of 0.1BTC, of course we will use a trusted escrow for that.

If TS can't provide a signed message from his address 13Lo5aZDZuEm4qVF478KfWJUvi9JCDngAx within 3 months time, I win.
Otherwise you win.

I do not care what you think, I never defended the TS. Your allegations against him are not my problem.

And now I'll explain it in detail because you are too blind to see it.

Quote
Thanks for the accusation but next time let it be if you have no proof and only suspect because.. because of what?

refers only to that:

Quote
Either Near28 is you alt-account....


Roger that? Because slowly it gets annoying.

kahc
Member
**
Offline Offline

Activity: 210
Merit: 10


View Profile
March 14, 2018, 07:09:57 PM
 #55


I do not care what you think, I never defended the TS. Your allegations against him are not my problem.

And now I'll explain it in detail because you are too blind to see it.

Quote
Thanks for the accusation but next time let it be if you have no proof and only suspect because.. because of what?

refers only to that:

Quote
Either Near28 is you alt-account....


Roger that? Because slowly it gets annoying.



You clearly are blind.
Did you notice the "Either Near28 is you alt-account OR you are actually the guy behind the proton email-address replying him", that makes you a suspect at best.

I accused TS, and suddenly you make it all about you, so you are TS after all?
kahc
Member
**
Offline Offline

Activity: 210
Merit: 10


View Profile
March 14, 2018, 08:05:20 PM
 #56

Can some like admin not look at see who is who and get the guy tuned quick lol

I just got home gimmie a few mins will get the wallet posted

Lucky as this crap makes ppl read the thread from the start !! go now if you ended up here lol

The more people see this, less people fall for your scam.

Looking forward to that day you send a signed message from this address 13Lo5aZDZuEm4qVF478KfWJUvi9JCDngAx .
akes2090
Jr. Member
*
Offline Offline

Activity: 56
Merit: 4


View Profile
March 15, 2018, 08:59:54 AM
 #57

@OP: Let me be very frank and honest with you:

Anyone here who will mention that they can decrypt the files - is talking shit purely because they 1) just want to get your wallet.dat hoping that they can get lucky, or, 2) have no idea what they are talking about.
You can quote me on this: no-one, and I repeat NO-ONE will be able to decrypt your files. You can try to prove me wrong - but before that go take a primer in basic cryptography, specifically asymmetrical encryption to see why it is impossible to decrypt a message without having the signing private key. Unfortunately for you- the only person/people having this private key are those who have written the malware/ransomware. So basically - if you cannot get at least the latter (i.e.: actual ransomware app used for encryption) for someone to reverse engineer and extract the private key used for signing - I am afraid you are solely at the mercy of the people that have created the ransomware.

For anyone else now who will be able to claim that they can decrypt the OP's wallet.dat - please send me a PM, I will make you famous for being able to do the impossible.

@OP: If you someday can find the actual ransomware app - let me know, I am a Certified Ethical Hacker, and have reverse engineering skills. I make no promises of being able to extract the private key (assuming it is embedded therein without heavy code obfuscation) but will do it for you for free - I don't expect remuneration for helping someone.
Pages: 1 2 3 [All]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!