JCK

New encryption variant?

Recommended Posts

Recent had a client hit with an encryption called 'dante'.  I can't seem to find anything about it out there?  Is it new or just been renamed from something else?

 

Thanks all.  Stay safe.

Share this post


Link to post
Share on other sites

Attach to your message a ransom note and several encrypted files. 

It’s best if you put everything in the archive and attach it to your message.

Share this post


Link to post
Share on other sites

There seem to be very few reports of a ransomware using .dante as a file extension, and it does not appear to have been identified yet. Go ahead and attach copies of the ransom note and an encrypted file to a reply so that we can take a look at it.

Share this post


Link to post
Share on other sites

It's something new, note does not look familiar. We need the malware executable to analyze any further.

DANTE-INFO.txt


                                ! ATTENTION ! 

--------------------------------------------------------------------------------------------

       STRICTLY FORBIDDEN TO USE THIRD-PARTY DECRYPTION SOFTWARE - FILES WILL BE LOST 

--------------------------------------------------------------------------------------------



[email protected]



ID KEY:
[redacted 128 bytes base64]




~ L2 Protection ~
[redacted 16 bytes base64]

 

Share this post


Link to post
Share on other sites
3 hours ago, Demonslay335 said:

It's something new, note does not look familiar. We need the malware executable to analyze any further.

DANTE-INFO.txt

Still, there is a ransomware that is VERY similar to this.  👣

Share this post


Link to post
Share on other sites

@JCK

You don’t have to run around the internet looking for dubious solutions. You have already found the place where you need to stay.

Share this post


Link to post
Share on other sites

Hey DemonSlay,

  That is the client that I'm working with (DuBois).  I can get whatever files you need to analyze.

Share this post


Link to post
Share on other sites
4 hours ago, JCK said:

I can get whatever files you need to analyze.

I recommend starting with logs from FRST. You can find instructions for downloading and running FRST at the following link:
https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/

It's not digitally signed, so some security solutions will try to prevent it from running or delete it while it's checking system information for its logs, however it is safe.

 

Share this post


Link to post
Share on other sites
12 hours ago, JCK said:

I can get whatever files you need to analyze.

Attach to your message several encrypted files and an original ransom note.

Do not change anything in the original, do not try to change the extension.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.