.iGZa4C file virus ransomeware removal

[Needfasthelp123]

EDIT - THIS VIRUS IS MADE BY:

http://oufkrhddoiik3xoy.onion/ransomware.htm

you must use TOR browser

[1714598541]

1714598541

[1714598541]

1714598541

[Near28]

Post the instructions here. I get a timeout all the time...

when was the data encrypted? recently?

Edit:

Unfortunately, I find no information, not in Clearnet and nothing in the deepweb (in my sources). The thing is either pretty new or not mainstream.
At first glance, I would say it's a base64 encryption.

[Near28]

Not for me. I only reach the "Enter-Page" "Welcome to our Service" enter the Gate Code - Timeout!

Got it

[Near28]

Currently, not much. I will ask a few more people. The Decryption seems to work (i have seen your .png) but otherwise 0.5BTC is pretty much, what I know about such shi* scammer is that the normaly take a 100-500$ fee but not 5K - The number of people who would pay so much is extremely low.

I think this Ransomware-shit is a bit older.

I'll stay tuned, but I'm not home until evening.

[akes2090]

@OP:

Can you do the following:

1) Assuming you are on Windows- press Crt+Alt+Del to bring up the Task Manager.
2) Click on the Processes tab and maximize the screen so that all running processes are in view.
3) Take a screenshot of the above and upload somewhere - post the link here.
4) Download Malwarebytes Anti-Malware (if you don't have it already) and update the signature/pattern database to the latest.
5) Run a full malware scan (might take an hour or 2 - depending on how big your HDD is) - post the results of the scan here.

[Rickorick]

Did you make a backup of your wallet.dat or seed phrase?

[DannyHamilton]

There are two possibilities here:

1.  Needfasthelp123 legitimately has 10.5 BTC locked up in a ransomware attack and can't afford the 0.5 BTC necessary to get the decryption completed (or is intelligently is unwilling to pay the ransom).

2.  Needfasthelp123 is a scammer that has provided a fake encrypted wallet and is trying to trick greedy people into sending him 0.5 BTC. He is hoping that someone will try to pay the ransom thinking that they will be able to decrypt the wallet and take the 10.5 BTC.  In that case, he receives the 10.5 BTC, and the fool that pays the ransom discovers that the encrypted file is not the wallet that Needfasthelp123 claims it is.

Unless you are Needfasthelp123 (or are willing to lose 0.5 BTC), DO NOT PAY THE RANSOM!
Unless you have adequate collateral (or are willing to lose 0.5 BTC), DO NOT LOAN the funds for the ransom to Needfasthelp123!

Hopefully the OP is honest, and hopefully someone can either help him crack the encryption of SELL him the necessary funds.

[Near28]

have news for you.

I think the encryption was done with the old "Enc.Module", 2014 there was a wallet.dat with the same encryption which some people wanted to crack - recently, someone has managed to crack it.
Maybe somehow I'll get it in my hands - It seems to be a "two step" encryption.


Your wallet.dat looks like this?:

https://pastebin.com/raw/TunXFaDT

[Thirdspace]

I'm a bit skeptic on this discussion.
I have some beliefs that the wallet is not his, and he just found it somewhere from the web
the wallet dated back 2014 and no transactions ever since and he just come forward today?
did it get infected by ransomware recently or a long time ago?

[cissrawk]

Try this site to detect your ransom type https://id-ransomware.malwarehunterteam.com/index.php , i want try to identify it but need more info about it such as ransom note to upload. I think you still have it.
If thats not detect as ransom, then you can Contact them and fill anything they need. AFAIK they probably can solve your problem by detect the ransom and give you the decrypt tool for free, and you can donate your bitcoin to their address. So you dont need to give your wallet to another people, just wait them to make decrypt tool for you.

[Near28]

The whole thing is pretty confused.

I tried to decrypt your private key with known master keys, but unfortunately no success.
All persons I know have never heard of it or of the Nazi story...

I'm running out of ideas, the page actually seems to be fully automatic and someone pays the server bills... So it's up to you to pay or not or try to get in touch with this guys.

[eternalgloom]

Hi
No reply from anyone at the attackers email.Just to answer more questions this Bitcoin was my savings. I heard about it , got some , and kept it.

They system they where on got infected by ransomware so I just pulled the wallet and a few other personal things off the system and formatted it.

It is my wallet I have the password. Not sure when it got infected because it was a semi old system that I never switched on much. I only used it for SEO software now and again.

Google has zero information on this problem , I tried searching every keyword I could find on that TOR page. I have got 0.1 BTC and maybe thinking about trying to crowd fund the rest ? I am running out of money fast so the BTC I have I may need to spend for food and fuel.

I see someone called ognasty is very trusted here. I could give him my wallet file and password. Do you think people would send money to him ? we can work out a deal for who gets what amount based on who donates what amount ? Does anyone know ognasty , can we call him into this thread.I am not from this community so if you guys know anyone else who I can trust with 10.5 BTC just let me know. I will trust the crowd.

any help you can offer is amazing and I thank you all so much.I am no Bitcoin expert , maybe not even a novice.

PS. There is some other accounts in the wallet.dat with bitcoin. Not sure how much but its more than 10.5 you see in the one wallet.

I'm really not buying it, I agree with what DannyHamilton said and I think it's option 2. I would really advise against giving this guy any money.
OP, if you are somehow telling the truth, you shouldn't be trying to beg for money on this forum.

For all we know, you could be the one in control of that ransomware deposit address. I'm sorry if you are being honest OP, but even then you should pay for this yourself.

[Near28]

I AM NOT BEGGING FOR MONEY ! I am offering to give wallet and password to trusted member to try sort this out. ( just 1 option )

Calm down, eternalgloom is not wrong, caution is always required. Nobody can check if the wallet is real or fake, it is fully encrypted so nobody can verify it.

Honestly, I do not think it's easy to crack, the encryption and everything around it (the site etc) looks solid, it does not look like amateurs.
No idea how you got that on your pc, apparently it was never really in circulation otherwise we would have heard of it already.

Thank you I have submitted files to them. Hoping they can help. I also have 3 other decryption sites on the go. Offering 5-7K for anyone who can do it.

That's probably the most realistic chance you have.

[Near28]

they answered you?

turn on your PNs for Newbies.

[Near28]

Turn your PNs on for "Newbies". i want to send you something.

[Nrcewker]

Hi , I have only the wallet.dat that got encrypted.

I really do not have 0.5 BTC to pay , and would not pay even if I did, the site may be non maintained ( no reply to emails )

The ransomware is from 2014 there must be a way to decrypt by now.

I don't wish anyone to send me any bitcoin , only advise and a solution.

If I get my 10.5 BTC back I will be sharing some out with the people who helped.

These where my life savings - all the BTC I have ever had.

Thanks

I would be willing to give the wallet file + password to someone very trusted on the forum if someone did want to try pay the 0.5 BTC but I am totally against giving this scumbag money . His price is from 2014 and totally unreasonable. also not 100% it would work.

just freaking out , i tried everything to get somewhere with this and failed. ZERO clues from google or any other search engine. Which is weird right ?

I was reading the pages for clues for hours

give me a try to decrypt files let me see what i can do i have solved similar cases there is no 100% success but we can

[akes2090]

Sure resembles asymmetrical encryption to me.
Can you go to the infected PC and run the following at the command prompt:

certmgr.msc

Then in the window that opens- in the left pane, click on the "Personal" folder and see what comes up (if anything) in the right pane.

My guess is that the malware created a self-signed certificate in the certificate store then used the public key to encrypt the content of files in the background.
So if you were to pay the ransom - the app sent to you would reverse the process using the private key.

Sorry to say this - but if this is the case then there is no way to get the private key used for encryption. No hacker or service can help - we don't have the quantum computing technology for this yet.

[Near28]

My guess is that the malware created a self-signed certificate in the certificate store then used the public key to encrypt the content of files in the background.

The public key is written in every file (It is the Unique-ID). The Scammer will send him the Master-Key + the Software that reverse the encryption. The chance to Crack/Brutforce what ever is is almost zero

[Near28]

Profile, than in the menu left, Personal Message Options, "allow Newbies to send you PNs".

[Nrcewker]

Turn your PNs on for "Newbies". i want to send you something.

no idea what this means




akes : The infected pc has been formatted .....

Nrcewker : https://ufile.io/sum9z  -- it was a png file of my QR code - same encryption just not my wallet if you can bring the QR code png back then u can do the same to wallet.

for complete decryption i need access to infected computer its not so easy as you think