Safa

Urgent: PC is infected with .zzzzzzzz Ransomware Virus

Recommended Posts

Dear Friends,

My PC is infected with .zzzzzzzz extension virus and all the files are encrypted except windows files. Here is a sample rename 2zZr4U7pAAoZwXigBHkgXr0r3lMlFOXbEqmThk.zzzzzzzz of a encrypted file. My entire personal files are encrypted with .zzzzzzzz extension and original file name is replaced with letters/numbers for each file. My recently passed away father pictures/videos encrypted, I'm really helpless. 

I have attached a sample encrypted file and below listed the text message from the hacker. Kindly help me soon. Thank you.

=========================================================

---=  Your files are now encrypted!!  =--- 

Attention!   

All your files, documents, photos, databases and other important files are encrypted 

The only method of recovering files is to purchase an unique private decryptor. Only we can give you this decryptor and only we can recover your files.

IN ORDER TO PREVENT DATA DAMAGE:

 * DO NOT MODIFY ENCRYPTED FILES
 * DO NOT CHANGE DATA BELOW
 * Do not rename encrypted files. 
 * Do not try to decrypt your data using third party software, it may cause permanent data loss.  
 * Decryption of your files with the help of third parties may cause increased price  
   (they add their fee to our) or you can become a victim of a scam.

Now you should send us email with your key identifier and version.
This email will be as confirmation you are ready to pay for decryption key.
You have to pay for decryption in Bitcoins or Dash. The price depends on how fast you write to us.
After payment we will send you the decryption tool that will decrypt all your files.

If the payment isn't made with in 5 days the cost of decrypting files will be doubled 

We can give you free decryption as guarantee!
Before paying you can send us up to 3 files for free decryption.
The total size of files must be less than 100kb (non archived), and files should not contain
valuable information (databases, backups, large excel sheets, etc.).

You can contact us in these email address: ----- [email protected] ---or--- [email protected] ------
If you don't get a reply or if the email dies, then contact us using Bitmessage.
Download it form here: https://bitmessage.org/wiki/Main_Page
Run it, click New Identity and then send us a message at BM-2cSzfawmdGKeT8ny99qtMeiGb27TcVBJXz

I don't have Bitcoin (BTC) or DASH (DSH). How can I make the payment?
 * The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 
   'Buy bitcoins', and select the seller by payment method and price: 
  https://localbitcoins.com/buy_bitcoins
 * Also you can find other places to buy Bitcoins and beginners guide here:   
  http://www.coindesk.com/information/how-can-i-buy-bitcoins
 * https://buy.bitcoin.com/
 * https://coinmonitor.io/en/
 * https://coinmama.com/
 * https://changelly.com/
 * https://payeer.com/
 * https://cex.io/

Version: 1.1

Your Key Indentifier:
+4IAAAAAAACqJ8aCHZJZA4AlBEOjZAri3vFtbTy9I4bZcqit1Xd1qbXv+FpXtZOmWxitnMqhODyLMSP0JjTfGzMKAMd7ZUvSVvq5
AXRFjuX6zYhQx3+WRZ=OXgKT2NpUgqayRy0c0fmbIDWv9mPa6inDn90ZWv8X0usbuK+2+vNbn4NqZ0+0Wt6HtUDGFEuotSq+ByJe
KDKBw6QZeQPx8vSGQ47lOy3LsxZspVGGEptPYpVCzukA9EpfYp0ZNvLqZZT6q4JfYK=iYJBuphhkHUtIDNkxdRAdEJQ1ayd8K3EE
sTUgifjkBjVWC3qiv8ibKkFAdlyI53qE3RqyRR9XWBGpe7AEvPHFphPGDtxy3qB143xQ3QBtNpEp7N1M1FZlEGTYp5MKmNR6EPc5
bPD8Xb+N1X5kM5EGEnkQZsI29gER3Q

=========================================================

2zZr4U7pAAoZwXigBHkgXr0r3lMlFOXbEqmThk.zzzzzzzz

Here is the https://id-ransomware.malwarehunterteam.com/ result

 

1 Result

Scarab

 This ransomware may be decryptable under certain circumstances.

Please refer to the appropriate guide for more information.

Identified by

  • custom_rule: Encrypted size marker [0x00 - 0x08] 0x1004000000000000

 

Click here for more information about Scarab

 

 

Share this post


Link to post
Share on other sites
11 minutes ago, stapp said:

Upload a copy of the ransom note along with an encrypted file to ID Ransomware so that we can verify which ransomware you are dealing with:
https://id-ransomware.malwarehunterteam.com/

Then paste the result here and one of our experts will look at it.

Hi stapp, Thank you for your response. I have updated the topic with the id-ransomware.malwarehunterteam.com result

Share this post


Link to post
Share on other sites
---=  Your files are now encrypted!!  =--- 

Attention!   

All your files, documents, photos, databases and other important files are encrypted 

The only method of recovering files is to purchase an unique private decryptor. Only we can give you this decryptor and only we can recover your files.

IN ORDER TO PREVENT DATA DAMAGE:

 * DO NOT MODIFY ENCRYPTED FILES
 * DO NOT CHANGE DATA BELOW
 * Do not rename encrypted files. 
 * Do not try to decrypt your data using third party software, it may cause permanent data loss.  
 * Decryption of your files with the help of third parties may cause increased price  
   (they add their fee to our) or you can become a victim of a scam.

Now you should send us email with your key identifier and version.
This email will be as confirmation you are ready to pay for decryption key.
You have to pay for decryption in Bitcoins or Dash. The price depends on how fast you write to us.
After payment we will send you the decryption tool that will decrypt all your files.

If the payment isn't made with in 5 days the cost of decrypting files will be doubled 

We can give you free decryption as guarantee!
Before paying you can send us up to 3 files for free decryption.
The total size of files must be less than 100kb (non archived), and files should not contain
valuable information (databases, backups, large excel sheets, etc.).

You can contact us in these email address: ----- [email protected] ---or--- [email protected] ------
If you don't get a reply or if the email dies, then contact us using Bitmessage.
Download it form here: https://bitmessage.org/wiki/Main_Page
Run it, click New Identity and then send us a message at BM-2cSzfawmdGKeT8ny99qtMeiGb27TcVBJXz

I don't have Bitcoin (BTC) or DASH (DSH). How can I make the payment?
 * The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 
   'Buy bitcoins', and select the seller by payment method and price: 
  https://localbitcoins.com/buy_bitcoins
 * Also you can find other places to buy Bitcoins and beginners guide here:   
  http://www.coindesk.com/information/how-can-i-buy-bitcoins
 * https://buy.bitcoin.com/
 * https://coinmonitor.io/en/
 * https://coinmama.com/
 * https://changelly.com/
 * https://payeer.com/
 * https://cex.io/

Version: 1.1

Your Key Indentifier:










I have also similar issue.and i uploaded original and encrypted file

Chris Knight.pdf

dem1yKjxILhhmyCgnU0dYkWv4fJ1KGHAitVSY6bWHZM.zzzzzzzz

Share this post


Link to post
Share on other sites
---= ^_^ Your files are now encrypted!! ^_^ =--- 

Attention!   

All your files, documents, photos, databases and other important files are encrypted 

The only method of recovering files is to purchase an unique private decryptor. Only we can give you this decryptor and only we can recover your files.

IN ORDER TO PREVENT DATA DAMAGE:

 * DO NOT MODIFY ENCRYPTED FILES
 * DO NOT CHANGE DATA BELOW
 * Do not rename encrypted files. 
 * Do not try to decrypt your data using third party software, it may cause permanent data loss.  
 * Decryption of your files with the help of third parties may cause increased price  
   (they add their fee to our) or you can become a victim of a scam.

Now you should send us email with your key identifier and version.
This email will be as confirmation you are ready to pay for decryption key.
You have to pay for decryption in Bitcoins or Dash. The price depends on how fast you write to us.
After payment we will send you the decryption tool that will decrypt all your files.

If the payment isn't made with in 5 days the cost of decrypting files will be doubled 

We can give you free decryption as guarantee!
Before paying you can send us up to 3 files for free decryption.
The total size of files must be less than 100kb (non archived), and files should not contain
valuable information (databases, backups, large excel sheets, etc.).

You can contact us in these email address: ----- [email protected] ---or--- [email protected] ------
If you don't get a reply or if the email dies, then contact us using Bitmessage.
Download it form here: https://bitmessage.org/wiki/Main_Page
Run it, click New Identity and then send us a message at BM-2cSzfawmdGKeT8ny99qtMeiGb27TcVBJXz

I don't have Bitcoin (BTC) or DASH (DSH). How can I make the payment?
 * The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 
   'Buy bitcoins', and select the seller by payment method and price: 
   https://localbitcoins.com/buy_bitcoins 
 * Also you can find other places to buy Bitcoins and beginners guide here:   
   http://www.coindesk.com/information/how-can-i-buy-bitcoins 
 * https://buy.bitcoin.com/
 * https://coinmonitor.io/en/
 * https://coinmama.com/
 * https://changelly.com/
 * https://payeer.com/
 * https://cex.io/

Version: 1.1

Your Key Indentifier:
*********************************************

 

Share this post


Link to post
Share on other sites

If this is indeed a variant of the Scarab ransomware, then Dr.Web may be able to decrypt the files. In order to request decryption service from them, they require you to have a license for their business Anti-Virus software. There's a reseller of their products (Emmanuel) who offers assistance on the BleepingComputer forums with contacting Dr.Web to see if decryption is possible. You can find more information at the following link:
https://www.bleepingcomputer.com/forums/t/651855/scarab-mich78-ransomware-scarab-scorpio-mich78usacom-support-topic/page-22#entry4516375

Note that since Emmanuel is a reseller for Dr.Web, he will make at least some money from helping you if Dr.Web can decrypt your files and you decide to purchase a license key for their software. As far as I know, you won't be charged anything just for finding out whether or not your files can be decrypted, so feel free to contact him if you would at least like to know if it's possible for Dr.Web to help you.

Share this post


Link to post
Share on other sites

Same problem with me. Looking for a decryption process that doesn't involve a paid Dr.Web assistance. Any decryption software for SCARAB ? Thanks in advance.

Share this post


Link to post
Share on other sites
Just now, shaun said:

Same problem with me. Looking for a decryption process that doesn't involve a paid Dr.Web assistance. Any decryption software for SCARAB ? Thanks in advance.

I'm currently not aware of any free decryption method for recent variants of Scarab.

Share this post


Link to post
Share on other sites

It depends on how long it takes for either someone to gain access to their servers and liberate their database of private keys, or how long it takes for someone else to figure out how Dr.Web is finding the private keys.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.