CKWS

Member
  • Content Count

    4
  • Joined

  • Last visited

Community Reputation

1 Neutral

About CKWS

  • Rank
    New Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Would be interesting how this company did it. Do they have a decrypter or do they just pay the ransom (which is less than what they receive from you) and keep the rest? If they have a working decrypter it would be worth considering their service. If they only act as "man in the middle" and criminals still get paid it is worthless.
  2. Hi Brian and the rest of victims out there! Have had some time today and took a look at the "unlock.exe" file (namely the one from here: https://www.dropbox.com/s/rdiqwrp4zarrfzd/unlock_gebdp3k7bolalnd4.onion.zip?dl=0 ) with a Debugger (Ollydbg) and a Decompiler (IDR, kb2014 knowledge base). I'm not THAT skilled with such things but I think I found two hints that maybe can be used by professionals to maybe speed up things a little. First one: Address of the "Unlock One" Button Click Event: 5CBD64 Second one: Private Key may be "BqdmQNCK1v8acZ12" Would be great if someone would be able to check what happens at this Click Event and maybe sees how the encrypt/decrypt routine actually works.
  3. Did anyone of the "skilled" people already take a look at the "unlocker" posted at https://www.bleepingcomputer.com/forums/t/635859/crypton-ransomware-support-help-topic-id-number-x3m-locked-r9oj/page-9#entry4229430 ? Password has been posted in #126 Maybe there is some clue on how to decrypt these 10kb encrypted files? My Assembler skills are way too bad to understand what happens in there.
  4. The last 4 bytes seem to be constant for YOUR specific computer in all files. I assume it has something to do with the unique ID you identify yourself to the hackers or is part of the unique encryption key.