kaylaio 0 Posted May 27, 2019 Report Share Posted May 27, 2019 My office PC is infected! Please help me! My computer had virus Ransomware, It had changed rename file .bpxgklpx extension Thanks!! Quote Link to post Share on other sites
Amigo-A 136 Posted May 27, 2019 Report Share Posted May 27, 2019 This is random extension. Many different encryptors use randomly generated extensions. For example, GandCrab, Magniber and anothers. Upload a ransom note and one encrypted file to the site ID-Ransomware to identify the encryptor who encrypted your files. Also upload a ransom note and 2-3 different encrypted files (jpg, png, txt, doc) in your next message so that we can verify and confirm the identification. Quote Link to post Share on other sites
kaylaio 0 Posted May 27, 2019 Author Report Share Posted May 27, 2019 22 minutes ago, Amigo-A said: This is random extension. Many different encryptors use randomly generated extensions. For example, GandCrab, Magniber and anothers. Upload a ransom note and one encrypted file to the site ID-Ransomware to identify the encryptor who encrypted your files. Also upload a ransom note and 2-3 different encrypted files (jpg, png, txt, doc) in your next message so that we can verify and confirm the identification. Hi Thank you for your reply. Could you please help me confirm the following information? 1.The file that displays the ransom and payment information.......readme.txt 2.A file which has been encrypted, and cannot be opened......22480_41.doc.fbpxgklpx、107.docx.fbpxgklpx、pta_1464_5141132_03854.xlsx.fbpxgklpx readme.txt 107.docx.fbpxgklpx 22480_41.doc.fbpxgklpx pta_1464_5141132_03854.xlsx.fbpxgklpx Quote Link to post Share on other sites
GT500 873 Posted May 27, 2019 Report Share Posted May 27, 2019 ID-Ransomware says it's Magniber:https://id-ransomware.malwarehunterteam.com/identify.php?case=11b5f83b27883b1c675edebca56623fa7f5026d3 I'll ask our malware analysts if it's correct. Quote Link to post Share on other sites
GT500 873 Posted May 27, 2019 Report Share Posted May 27, 2019 It's been confirmed as Magniber. Unfortunately the only free decrypter was last updated over a year ago, so it won't be able to decrypt files from newer infections. Quote Link to post Share on other sites
kaylaio 0 Posted May 28, 2019 Author Report Share Posted May 28, 2019 59 minutes ago, GT500 said: It's been confirmed as Magniber. Unfortunately the only free decrypter was last updated over a year ago, so it won't be able to decrypt files from newer infections. Thank you for you reply. If there is any solution in the future, please let us know. tks Quote Link to post Share on other sites
Amigo-A 136 Posted May 28, 2019 Report Share Posted May 28, 2019 kaylaio The fact that this Magniber can be seen by ransom note. No one else has that does not have this text. Description Magniber Ransomware (in the title there is a link to English from Google) The early attack was aimed only at Korea. Korean antivirus company AhnLab was able to collect variants and released a decoder. Later, the attack was redirected to other countries of South-East Asia, and then to other countries. No one else tried to decrypt files after the attack of Magniber. No one tried !!! Quote Link to post Share on other sites
kaylaio 0 Posted May 28, 2019 Author Report Share Posted May 28, 2019 3 hours ago, Amigo-A said: kaylaio The fact that this Magniber can be seen by ransom note. No one else has that does not have this text. Description Magniber Ransomware (in the title there is a link to English from Google) The early attack was aimed only at Korea. Korean antivirus company AhnLab was able to collect variants and released a decoder. Later, the attack was redirected to other countries of South-East Asia, and then to other countries. No one else tried to decrypt files after the attack of Magniber. No one tried !!! Amigo-A So sad...... Thanks anyway.😂 Quote Link to post Share on other sites
Amigo-A 136 Posted May 28, 2019 Report Share Posted May 28, 2019 kaylaio But this does not mean that it is impossible to decipher. It is important for you to leave the data provided by the extortionists and collect the encrypted files in a separate a place. Do not change the location of the files - let them be in the same folders, as now. Experience shows that sometimes it matters. Quote Link to post Share on other sites
GT500 873 Posted May 28, 2019 Report Share Posted May 28, 2019 38 minutes ago, Amigo-A said: It is important for you to leave the data provided by the extortionists and collect the encrypted files in a separate a place. Do not change the location of the files - let them be in the same folders, as now. Experience shows that sometimes it matters. Yes, keeping a backup of the encrypted files and any ransom notes is a very good idea. 11 hours ago, Amigo-A said: No one else tried to decrypt files after the attack of Magniber. No one tried !!! Well, nothing was published publicly about anyone trying. That's not quite the same as no one trying at all, even though the end results may be the same. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.