notsoavgjoe

I think I have a new kind of ransomware

Recommended Posts

I have been searching the anti ransomware sites and no site seems to carry a decryptor for this .FAZFNYA file type. I have attached examples of files that have become encrypted and the ransom letters that exist on my computer.

I think my computer got this malware a long time ago but i didnt notice because it was only holding ransom my older files but now it has encroached on some newer files and im worried its spreading. Especially because I am creating new photoshop projects on this computer regularly. 

 Any help with this would be greatly appreciated. 

- Joe

MW_Proj1_Franky_ DSC01664.JPG.fazfnya

MW_Proj1Ruger_ DSC01613.JPG.fazfnya

Decrypt All Files fazfnya.bmp

Decrypt All Files fazfnya.txt

Share this post


Link to post
Share on other sites

It's CTB-Locker:
https://id-ransomware.malwarehunterteam.com/identify.php?case=85dd562ca70bebe937a7703a62c2772b455897ec
https://www.bleepingcomputer.com/virus-removal/ctb-locker-ransomware-information

Unfortunately there's no known way to decrypt files that have been encrypted by CTB-Locker without first obtaining the private key from the criminals who made/distributed the ransomware.

Share this post


Link to post
Share on other sites

thank you for your reply, 

So I mainly just want to stop the spread. I can forgo the lost files but I don't want new ones getting infected. Is there a course of action I should take? 

Share this post


Link to post
Share on other sites
23 minutes ago, GT500 said:

It's CTB-Locker:
https://id-ransomware.malwarehunterteam.com/identify.php?case=85dd562ca70bebe937a7703a62c2772b455897ec
https://www.bleepingcomputer.com/virus-removal/ctb-locker-ransomware-information

Unfortunately there's no known way to decrypt files that have been encrypted by CTB-Locker without first obtaining the private key from the criminals who made/distributed the ransomware.

is there anything I can do to prevent the spread of the program? any good software? 

Share this post


Link to post
Share on other sites
On 2/7/2019 at 3:24 PM, notsoavgjoe said:

is there anything I can do to prevent the spread of the program? any good software?

If you mean that you want to prevent reinfection, then we recommend Emsisoft Anti-Malware. Its Behavior Blocker is fairly good at preventing ransomware infections, even when there are no Anti-Virus signatures to detect them.

If you want to make sure that a system isn't currently infected, then we recommend following the instructions at this link to post in our Help, my PC is infected! section.


Also, if you use Remote Desktop (RDP) or have any other ports open in your firewall, then here are some basic steps for getting started preventing systems from being compromised by vulnerable system services exposed to the Internet:

First I recommend temporarily disabling all port rules in your firewall (closing all open ports) until you can do a full audit of your firewall configuration and determine which ports need to remain open. There are some basic recommendations below to help get you started with the port audit.

If you are managing a company network, then some form of IPS/IDS is highly recommended to monitor the network for intrusions. If you already have such a system in place, then I recommend a full audit of any rules you have configured to make sure that the device is providing adequate monitoring. It is also recommended to have someone with penetration testing experience verify that the IPS/IDS is properly alerting when there are intrusion attempts.

Also, quickly change all passwords on any workstations and/or servers that are connected to the same network as the compromised system. Also be sure to change passwords on any online accounts, as well as any routers or switches (or other devices that have network-accessible administration functions).

I recommend that every account have a different password, that passwords be no shorter than 25 characters and be made up of a random combination of uppercase letters, lowercase letters, numbers, and symbols. Obviously passwords like that are difficult (if not impossible) to remember, so a password manager may be required in order to aid in managing passwords. KeePass is probably the simplest password manager, and stores password databases locally instead of on some "cloud" server. If something capable of automatically filling in passwords (or sharing passwords between multiple devices/users) is necessary then there are reasonable passwords managers from LastPass, bitwarden, 1Password, Dashlane, etc. Note that unlike KeePass, these password managers work as extensions added to web browsers (or apps on mobile phones), and they store password databases online.

When auditing your firewall configuration and preparing to reopen ports, I recommend never opening ports globally unless absolutely necessary. I also recommend requiring anyone who needs access to sensitive services (RDP, Windows Networking, etc) to connect to the network via a VPN so that you don't have to open ports for those services in the firewall, and then only open the VPN port in the firewall for IP addresses that need access to it. If someone who needs access has a dynamic IP, then many firewalls these days support something like Single Packet Authorization or Port Knocking to dynamically open ports for unknown IP addresses.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.