Jump to content

Cry9 - Invalid CRYPTON file pair


Recommended Posts

About JPEG files recovery, I have been able to recover nearly 90% of my pics with the tool I created.

<LINK TO UNAUTHORIZED SOFTWARE REMOVED>

Another news, the onion ressource is no more available. It is redirected to fgb45ft3pqamyji7.onion and we are able to chat to the bad guys!

Edited by Kevin Zoll
  • Upvote 1
Link to comment
Share on other sites

On 06.05.2017 at 9:10 AM, GeorgeB said:

Same problem here. After a short view files are crypted in blocks of 32 bytes. If file is larger than 320 bloks of 32 bytes (10kb) rest of file remain uncrypted. At end of file 36 bytes is added, first byte differ from file to file and rest of 35 bytes are the same (00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 EF 52 5E A0). If file size does not divide exactly to 32 then last block of less than 32 bytes remain uncrypted.

samples.rar

Analyzing small files I noticed it encrypts on blocks of 16 bytes.
Example:

files.thumb.jpg.e69b55607aee967229c418c49465fd88.jpg

  • Upvote 1
Link to comment
Share on other sites

Dear all,

  I had no choice but to pay the ransom for Cry36 yesterday and got almost all my files back.

  The negotiation was long and tiring, and the payment was made via BitCoin.

  I paid twice, for I was infected twice.

  Just for your reference.

  Thanks for all your attention and time.

  Case closed.

Sincerely,

[email protected]

  • Upvote 1
Link to comment
Share on other sites

Of course I am willing to do my part to relieve all the other victims of suffering, especially I have two sets of keys to Cry36.

However, I don't know how and what to do.

I also wrote a lot to them to dissuade them from doing this after I decrypted almost all my files.

  • Upvote 1
Link to comment
Share on other sites

6 hours ago, JimmyJAPA said:

Dear all,

  I had no choice but to pay the ransom for Cry36 yesterday and got almost all my files back.

  The negotiation was long and tiring, and the payment was made via BitCoin.

  I paid twice, for I was infected twice.

  Just for your reference.

  Thanks for all your attention and time.

  Case closed.

Sincerely,

[email protected]

Talk about "taking one for the team" (two, actually)! 

Link to comment
Share on other sites

10 hours ago, Geng said:

@JimmyJAPA I've heard reports of the decrypter.exe files they send you contains viruses. Can you confirm or deny this?

Hello, Geng,

I am aware of the possibility and I scanned the decryptor immediately after downloading it, using Microsoft Security Essentials.

There was no virus in it.  I checked it again just now since you asked.  Still no virus.

My system is always clean after every reboot.

For your reference.

10 hours ago, LeonardCaldwell said:

Talk about "taking one for the team" (two, actually)! 

I am not quite sure about your question, sorry.

Could you elaborate?

Link to comment
Share on other sites

Kevin, though I am well aware that the decryption keys are case specific, the method of decryption is not. By examining and comparing multiple decryption keys there may be a way of identifying a pattern within them that could point to how to reengineer the decryption engine itself. 

Or perhaps you have a more effective approach in mind, in which case please do be sure to let us all know about it as there are a large number of people out there who would like to recover their files and the sooner the better.

  • Upvote 1
Link to comment
Share on other sites

It's been over a month. They can't crack this one.

I suggest if you want your files back to try the Proven Data Recovery company as someone mentioned earlier in this thread.

Please report back with your experiences with them.

 

  • Downvote 1
Link to comment
Share on other sites

I have studied the behavior of the decryption program (unlock.exe) and have noticed some aspects of the decryption key structure.
To match ID and KEY:
1) At the beginning of the key is the ID in HEX followed by the character "_" (0x5F)
2) The last byte must be 0x00
3) If any byte is changed in the range between 0x5F and 0x00, the key is accepted.
4) If you delete bytes from this interval (shorten the key) the key is accepted.

Considering these I produced a fake key corresponding to Id 1:
ID: 1
KEY HEX
        315F00
KEY ASCII
        1_ (null)
When we click on the "Unlock One" button, the error "Access violation at address 005CC02E in module" unlock.exe "is displayed. From here I have concluded that a
minimum length is required.

Let's extend the key and test it:
ID: 1
KEY HEX
        315F0000
KEY ASCII
        1_(null) (null)

When we click the "Unlock One" button, the key is accepted and we are invited to choose the encrypted file (whose original name we modified to match the id 1:
testfile.txt.id_1_gebdp3k7bolalnd4.onion._)
The content of the file is modified (decrypted with a wrong key), the extension is modified correctly in testfile.txt but the last 36 bytes from the end of the
encrypted file are not deleted.

The next test is the incremental addition of bytes in the key. From successive increments we reached the following key contents:
ID: 1
KEY HEX
315F + 48x (0X00) + 2 * (0X00)
315F
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
0000

KEY ASCII
1_ + 48 x (null) + 2 x (null)
This key is accepted and this time in the decrypted file the last 36 bytes are also removed, but obviously with the fake key the decryption is incorrect.


I do not know if what I have exposed is helpful but I hope to help and encourage those more experienced than me.
 

  • Upvote 1
Link to comment
Share on other sites

We know everything there is to know about the format and how these keys are created. It is because we know exactly how those keys are generated and used that we know we can't do anything at least for the time being. While an attack is still possible, it simply would take too long to be feasible (we are talking many years here).

Link to comment
Share on other sites

So Fabian, please don't take this the wrong way and also know that your efforts have been greatly appreciated, but it stands to reason that if you knew everything there was to know about this encryption then you would also know how to undo it.

Realize I'm flogging a dead horse here but any method of encryption by design has to have an equal decryption method or else these morally defunct a-holes would have trouble keeping the money rolling in and likewise if it were some insurmountable feat to decrypt it the slightly less morally defunct but equally greedy a-holes from services like the aforementioned Proven Data Recovery wouldn't be able to fix people's files (for an astronomical price). 

It seems from GeorgeB's posts (massive kudos to GeorgeB btw) that he has been making a fair amount of progress so maybe some benefit could be reached from collaboration and openly sharing findings and results. It's also goes without saying that any positive discoveries can help fundamentally to build defenses against future threats as these guys are not starting from scratch every time they come out with something new. Yep.

Link to comment
Share on other sites

9 hours ago, MTG Joel said:

So Fabian, please don't take this the wrong way and also know that your efforts have been greatly appreciated, but it stands to reason that if you knew everything there was to know about this encryption then you would also know how to undo it.

We know both how to encrypt and decrypt. They use standard AES-256 and RC4. What most people don't understand, you included, is that for modern encryption it is irrelevant whether you know how a file is encrypted or decrypted. Quite frankly, any encryption algorithm worth anything will have been thoroughly analysed, scrutinised and discussed publicly, often for years, before they are used in production. They are designed in a way so that without the key the algorithm and the knowledge what the ransomware does with the key and the data isn't worth anything.

Quote

Realize I'm flogging a dead horse here but any method of encryption by design has to have an equal decryption method or else these morally defunct a-holes would have trouble keeping the money rolling in and likewise if it were some insurmountable feat to decrypt it the slightly less morally defunct but equally greedy a-holes from services like the aforementioned Proven Data Recovery wouldn't be able to fix people's files (for an astronomical price). 

What these companies do is pay the ransomware authors to get the keys, then sell you those keys with a markup. Nothing else.

Quote

It seems from GeorgeB's posts (massive kudos to GeorgeB btw) that he has been making a fair amount of progress so maybe some benefit could be reached from collaboration and openly sharing findings and results. 

Openly sharing findings and results just leads to ransomware authors fixing the underlying flaws.

Link to comment
Share on other sites

My pc was attacked by a BE87R and all my files were encrypted with this extension. Can somebody help me? These are some of the files I could recover from a backup.

*** ALL YOUR WORK AND PERSONAL FILES HAVE BEEN ENCRYPTED ***

To decrypt your files you need to buy the special software – «Nemesis decryptor»
You can find out the details / buy decryptor + key / ask questions by email: [email protected]

Your personal ID: XXXXXXXXX

Using the Cry128, Cry9, decrypt_Amnesia,decrypt_Amnesia2 decryptor, it doesn't recognize anything.

THANK YOU

Ventas 1.0 CompEnLinea exceldiario (1).xlsx

Ventas 1.0 CompEnLinea exceldiario (1).xlsx.id-3914712426_[[email protected]].be87r

Ventas 2.0 exceldiario (1).xlsx

Ventas 2.0 exceldiario (1).xlsx.id-3914712426_[[email protected]].be87r

GRUPO linkedin.docx

GRUPO linkedin.docx.id-3914712426_[[email protected]].be87r

Link to comment
Share on other sites

On 2017-6-5 at 4:52 AM, GeorgeB said:

I have studied the behavior of the decryption program (unlock.exe) and have noticed some aspects of the decryption key structure.
To match ID and KEY:
1) At the beginning of the key is the ID in HEX followed by the character "_" (0x5F)
2) The last byte must be 0x00
3) If any byte is changed in the range between 0x5F and 0x00, the key is accepted.
4) If you delete bytes from this interval (shorten the key) the key is accepted.

Considering these I produced a fake key corresponding to Id 1:
ID: 1
KEY HEX
        315F00
KEY ASCII
        1_ (null)
When we click on the "Unlock One" button, the error "Access violation at address 005CC02E in module" unlock.exe "is displayed. From here I have concluded that a
minimum length is required.

Let's extend the key and test it:
ID: 1
KEY HEX
        315F0000
KEY ASCII
        1_(null) (null)

When we click the "Unlock One" button, the key is accepted and we are invited to choose the encrypted file (whose original name we modified to match the id 1:
testfile.txt.id_1_gebdp3k7bolalnd4.onion._)
The content of the file is modified (decrypted with a wrong key), the extension is modified correctly in testfile.txt but the last 36 bytes from the end of the
encrypted file are not deleted.

The next test is the incremental addition of bytes in the key. From successive increments we reached the following key contents:
ID: 1
KEY HEX
315F + 48x (0X00) + 2 * (0X00)
315F
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
0000

KEY ASCII
1_ + 48 x (null) + 2 x (null)
This key is accepted and this time in the decrypted file the last 36 bytes are also removed, but obviously with the fake key the decryption is incorrect.


I do not know if what I have exposed is helpful but I hope to help and encourage those more experienced than me.
 

 

Dude, could you send me this program? I need to do some testing because everything I've tried so far has not worked. Thank you.

[email protected]

Link to comment
Share on other sites

You accepted Rebeatus's request.
Mike
who sent ya?
Rebeatus Ghoste
 
Rebeatus
I look all over to assist people
Mike
cry36
lost everything
dont see getting it back
question being how do you know i got hit?
i keep my circle small
i run anti govt site and radio sattion so only straight up criminals would have targeted me anyway
Mike
m sure you can understand my suspicion
if you are a whitehat
Rebeatus Ghoste
 
Rebeatus
Go search .onion on Facebook and you will see your post among all
Mike
so is there a decryption solution?
so far not
Rebeatus Ghoste
 
Rebeatus
so you tried it all
Seen by Rebeatus Ghoste at 2:39pm
Mike
yep
36 is a very badly formed piece of crap
and you cant even con tact the criminals that do it becasu eit was built so badly
id never pay em but id like to get a few of the files back mostly just music library
the rest of the stuff was usless replacable or backed up
i use linux for the importent stuff
if your whte hat jump in and assist i guess
the two systems that got hit already went thru the grinder and i tool the encrypted files a put em away in case a key comes up
Link to comment
Share on other sites

On 2017-05-17 at 4:53 PM, Frank chen said:

Can we know how the progress of cry128 36b variant decrypter is now? I am about to graduate in 1 month and all my matlab code is encrypted. I am not sure if I should pay or wait for you guys to save me. @Kevin Zoll  May god bless u 

share your mathlab file here, we can try look into it

Link to comment
Share on other sites

No, I do not work with the development of the decryption tools.  However, unless someone that is associated with Emsisoft tells you that a method is safe to use then do not use it.  Everything that has been posted by non-Emsisoft personnel, with the exception of Demonslay335, that advice should be ignored. For all, you know it could be the malware author posting misinformation with the intent to cause further damage.

Also, I know enough about cryptography to know what was suggested will not work.

  • Upvote 1
Link to comment
Share on other sites

My name is GeorgeB and I'm not a cybercriminal.
Also I'm not a victim of this ransom virus. I want to help someone that ignored my advice about real backup solution. When he lost all data he wanted to pay ransom. My advice was: "Do not pay for ransom!". 
While we are debating that is right or not to share knowledbe about how this ransom works autors build new versions, becouse they share their knowledge each others. 
I think that is nothing wrong to study and share. Great discoveries have come from people who do not know that one thing is impossible.

Link to comment
Share on other sites

I really wanted a solution to my problem, I just asked if you are part of development area because I wanted to know if there is anyone trying to develop something to descryptografar my files, I saw that there are several tools that descryptografam other types of ransowware and I understand that someone should create A tool that will do it for my files.

Link to comment
Share on other sites

People need to understand that this forum is hosted by Emsisoft, a company selling anti-malware tools etc. They cannot endorse anything as a solution to this ransomware other than their software (or perhaps some other application from a digitally verified source), if for no other reason than corporate liability. No offense to anyone here trying to help, but if you want to "go rogue", I suggest starting a thread on Bleeping Computer. Knowledge sharing is always welcome though.

Sounds to me like the folks here have done all they can with the info at hand. All we can do now is wait and hope people stop paying the ransom so the criminals get bored or something and leak info.

Link to comment
Share on other sites

I do not actually have the conditions to pay the ransom, and particularly had the backup of most of my files, but we always lost a few. I have entered this discussion to try to understand how file decryption works, since it's such a common process nowadays. I'll be waiting to see if anyone develops any tools that can decrypt the files that I don't have backup for the ransom payment, I have no intention of paying.

Link to comment
Share on other sites

Paying is not an option. In my case they asked me for 12btc. The cybersecurity companies in my country advised me to pay but I will not.

I shared the case with antivirus companies and I see more progress in finding the solution. I will keep you informed

Link to comment
Share on other sites

Fabian, is it useful to you guys to get encrypted and unencrypted file pairs for cry36?  One of our lab computers was infected at the end of April and some of the files were backed up so I have several dozen pairs of files.  Also we did have important scientific data on the machine that was not backed up and we'd love to decrypt it without resorting to paying criminals.  Is there any chance of eventually releasing a decryptor like you have for cry9 or cry128?

Link to comment
Share on other sites

Hello to you all,

l don't know how some of you are going to react to my post but the end is what matters.

On Friday morning we (company) where infected from the Cry36 Virus(Ransom).

Our Server 2008R2 was with anti-virus and with Windows Update..  up to date..

At the time we had a external Hard drive connected to the server (the only one we had) since we didn't have a duplicate due the second one failed on us.

Due to hard times here in Greece we thought that one hard drive was enough.

Since our server was under repair with a raid problem we had an live backup.

All our files where encrypted.. Most you will probably understand.

We called local Police, Internet Crime Center Greece and Interpol.

We had support for a number o techs, antivirus profs in Greece and around the world.

We had no choice but to gamble with the hackers.

They asked for $800 in bit coin.

We had nearly every day email exchange with them.

The process to obtain bit coin was a long and stressing time. The amount of money we where loosing day by day was nightmare.

After 8 days we had the bit coin, we transferred them to the people responsible and in 15min we had the unlock.exe we our ID and a password from Greece to US.

They even gave us instructions and warnings not to damage the files.

We got all our files back!!!!!!!!!!!!!!

Yes we did the wrong thing and payed.

In the end we lost a lot of money and lived 10 days of hell!!!!!

The virus was infected from a personal email...

 

 

  • Upvote 2
Link to comment
Share on other sites

1 hour ago, Fabian Wosar said:

You can try this decrypter:

http://media.kaspersky.com/utilities/VirusUtilities/EN/rakhnidecryptor.zip

Kaspersky got their hands on some of the keys for Cry36/Nemesis. So that may work. Make sure the version is 1.21.2.0 or later.

Hi Fabian,

In some cases it works. In my case it does not support the 830s7 extension type.

Regards

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...