R Chin

Files encrypted to ".yxuoplln"

Recommended Posts

All picture files and microsoft office files are encrypted with extension ".yxuoplln".

Any advice or solution suggested?

Thank You

 

Share this post


Link to post
Share on other sites
Quote

Result - Magniber
custom_rule: Matching Tor address pattern (5 addresses)
ransomnote_url: http://cnj7zgrn5295jqbh9jq.norlow.pw/yxuoplln

Hello @R Chin

Yes, it could very well be Magniber Ransomware
It distributed for almost three years. The Korean company AhnLab was able to decrypt the many variants that first attacked their region, but then the ransomware switched to other countries in Southeast Asia, and then, after a successful preparation, they began to attack other countries of the world.

If you attach a ransom note and 2-3 encrypted files, I will look at it individually.

 

 

Share this post


Link to post
Share on other sites
On 8/3/2019 at 2:57 PM, Amigo-A said:

Hello @R Chin

Yes, it could very well be Magniber Ransomware
It distributed for almost three years. The Korean company AhnLab was able to decrypt the many variants that first attacked their region, but then the ransomware switched to other countries in Southeast Asia, and then, after a successful preparation, they began to attack other countries of the world.

If you attach a ransom note and 2-3 encrypted files, I will look at it individually.

 

 

Hello Amigo-A

Thank you for your reply. Enclosed are two of the encrypted files and ransom note. Thanks again for your help.

Panasonic Men Shaver.pdf.yxuoplln readme.txt 1434075493184.jpg.yxuoplln

Share this post


Link to post
Share on other sites

Yes. This is Magniber

It distributed for almost three years. The Korean company AhnLab was able to decrypt the many variants that first attacked their region, but then the ransomware switched to other countries in Southeast Asia, and then, after a successful preparation, they began to attack other countries of the world.

You can write in Ahnlab, if you want. https://global.ahnlab.com/site/main.do

 

If you will search for new information on the Internet, then take into consideration the following info: many sites that Google gives in search results make public disinformation and offer to download fake decryption tools.

Sites that provide true information and free decryption tools:
https://www.bleepingcomputer.com/forums/f/239/ransomware-help-tech-support/
https://support.emsisoft.com/forum/83-help-my-files-are-encrypted/ 
if you want, add to them those that are in my signature. :)

Share this post


Link to post
Share on other sites
22 hours ago, Amigo-A said:

Yes. This is Magniber

It distributed for almost three years. The Korean company AhnLab was able to decrypt the many variants that first attacked their region, but then the ransomware switched to other countries in Southeast Asia, and then, after a successful preparation, they began to attack other countries of the world.

You can write in Ahnlab, if you want. https://global.ahnlab.com/site/main.do

 

If you will search for new information on the Internet, then take into consideration the following info: many sites that Google gives in search results make public disinformation and offer to download fake decryption tools.

Sites that provide true information and free decryption tools:
https://www.bleepingcomputer.com/forums/f/239/ransomware-help-tech-support/
https://support.emsisoft.com/forum/83-help-my-files-are-encrypted/ 
if you want, add to them those that are in my signature. :)

Hello Amigo,

Thank you very much for your opinions. So may I ask layman questions: till this moment, no existing solutions to solve this type of "yxuoplln" magniber ransomware, right?  

Thanks again for your kind attention.

R Chin

Share this post


Link to post
Share on other sites

"yxuoplln" - This is a random element of the same version Magniber Ransomware.

It is generated randomly for the victim's PC. This is not a standalone version.

<Random {5-9}> extensions with 5th, 6th, 7th, 8th, 9th digits are added to the encrypted files.

Share this post


Link to post
Share on other sites
16 hours ago, R Chin said:

till this moment, no existing solutions to solve this type of "yxuoplln" magniber ransomware, right?

There is no way to decrypt files that have been encrypted by newer versions of the Magniber ransomware without first obtaining the private key from the criminals who made/distributed the ransomware.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.