hernandez.pep

Member
  • Content Count

    2
  • Joined

  • Last visited

Community Reputation

0 Neutral

About hernandez.pep

  • Rank
    New Member
  1. Ok, here they are. Hope it helps. Thank you, Pep Restore-My-Files.txt nd for fz2000.txt.DOCX
  2. Hi everyone. Another victim from this ransomware here, thought I would join the conversation and add something that I haven't seen mentioned. All my files got encrypted and the extensions changed to .docx two days ago. It's a nightmare really... When I first visited the onion site, I realized that there already was activity in three areas that I understand should be unique to the the login of each victim. I mean, the code in the ransom note should be unique to each person if these people are to have any control about who is paying and who is not, who gets the decrypter and who doesn't, and it should also be unique for the decrypter not to be able to decrypt other victims files. Well, first thing I noticed was that the time counter (there's a two day counter until the ransom price doubles) was already quite lower than 48 hours left. Second thing, on the "Free decrypt" tab where you can upload one file to get decrypted for free as a proof, a message said that a file was uploaded and in 12 hours max the decypted file would be available there for downloading. In fact I later downloaded the decrypted file, it was a txt file from someone, not mine. And third thing, there's a "Messages" tab for chatting with these people. When I entered the chat, there was already a conversation going on there. A victim was asking questions to the "admin" and saying he doesn't have the money to pay the ransom. The victims name on the chat is "You". Well some time later I also wrote a message to the attacker (also appeared as "You"). There is where I realized that if some other person was in the chat and had uploaded a file for free decrypting, he had to have the same code in his ransom note that I have on mine. The truth is that at that point I was so angry that I wrote another message to the attacker laughing about the shitty system he had set, where more than one victims have the same decryption code. I told to the other victim that if one of us pay, it should work for the both of us. I'm from Spain, this other guy is from Portugal he said. We didn't say our names or give any other personal data obviously. The attacker first didn't believe we where two different people, he even said, "it's impossible". When I was thinking we were three people in the chat, we realized some of the messages were from a third victim from Morocco, as he made us know so. It all seemed like a really bad joke, we had our own darknet party chat for ourselves! At some point the Portuguese guy said he found a solution for his files and bye. And I reacted saying "Wait! Please help us too". I suppose it must have been one of the shadow copies recovery way or something like that (which doesn't work for me anyway). At that moment I was logged out of the site. Now when I enter again, the chat is gone, it's empty. Just wanted to share this, because supposedly from what I've been reading, each victims decrypt key should be unique and random, and while there might me many different keys, at least not all of them are. Something isn't working as it should for these attackers. I don't know how many victims pay the ransom, but their decryptor might work for some other victims. Maybe it could be a good idea to post the decryptors somewhere? or make a database of everyones ransom note data code used for login? Hope the experts will find a solution for this thing. Thank you.