Wundi

(.corona-lock) files, CAN NOT FIND DECRYPTOR

Recommended Posts

I uploaded the setup exe (in txt format), which infected my computer, I hope it is helpful.
I dont have any experience in decrypting files, so I am asking for your help.
This virus encrypted some of my important files and I am begging to you to help me.

If anyone can help me, I would thank that.

WARNING: THE EXE FILE CONTAINS VIRUS

Edited by GT500
Removed link to malicious file.

Share this post


Link to post
Share on other sites
30 minutes ago, Amigo-A said:

Attach several encrypted files and a ransom note to message. 

So I attached the original and the encrypted files as well. I deleted the virus before the ransom note, so it did not appear.  I hope these sources are enough. (.docx, .jpg)

Thanks for your help.

(Do not criticize my German:DD)

Adjektivdeklination_WB.jpg
Download Image

Adjektivdeklination_WB_2.jpg
Download Image

Adjektivdeklination_WB.jpg.corona-lock Adjektivdeklination_WB_2.jpg.corona-lock Familie und oder Karriere_grundprüfung.docx Familie und oder Karriere_grundprüfung.docx.corona-lock BacteriaVSVirus.docx BacteriaVSVirus.docx.corona-lock

Share this post


Link to post
Share on other sites
13 hours ago, Wundi said:

WARNING: THE EXE FILE CONTAINS VIRUS

Please don't leave links to malicious files in publicly accessible sections of our forums. People will download them, and infect their computers.

As for the encrypted files, I'll ask our malware analysts to take a look at them.

Share this post


Link to post
Share on other sites

 #############################################################
################# YOUR FILES WERE ENCRYPTED #################
############ AND MARKED BY EXTENSION .corona-lock ###########
#############################################################
--
DON'T WORRY! YOUR FILES ARE SAFE! ONLY MODIFIED :: ChaCha + AES
WE STRONGLY RECOMMEND you NOT to use any Decryption Tools.
These tools can damage your data, making recover IMPOSSIBLE.
Also we recommend you not to contact data recovery companies.
They will just contact us, buy the key and sell it to you at a higher price.
If you want to decrypt your files, you have to get RSA private key.
--
To get RSA private key you have to contact us via email to:
---------------------------->> [email protected] <<
and send us your id: >> xxxxxxxxxxx <<
--
HOW to understand that we are NOT scammers?
You can ask SUPPORT for the TEST-decryption for ONE file!
--
#############################################################
################## LIST OF ENCRYPTED FILES ##################
-------------------------------------------------------------
C:\found.001\file0000.chk    0
C:\found.001\file0001.chk    0
C:\Intel\Logs\IntelCPHS.log    0
C:\Program Files\XTab\conf    187

Ohnmar Kyi.jpg.corona-lock

Edited by John Poet
(.corona-lock) files, CAN NOT FIND DECRYPTOR

Share this post


Link to post
Share on other sites
4 hours ago, GT500 said:

Please don't leave links to malicious files in publicly accessible sections of our forums. People will download them, and infect their computers.

As for the encrypted files, I'll ask our malware analysts to take a look at them.

This is why I wrote it into txt...

Share this post


Link to post
Share on other sites

It was called BigLock Ransomware according to the first version, which began to spread 2-3 days ago.
He added the .biglock extension to the files
After 1-2 days, the .corona-lock extension began to be used

VT-link to BigLock >>  - Encryptor  

AnyRun-link >> - Encryptor

VT-link to file from 1 post >>  Downloader 

Share this post


Link to post
Share on other sites

Due to the novelty, this malware is still being studied.

So, you do not need to look for a decryptor, anywhere. Otherwise you can run into another viral attack.
'ID Ransomware' already defines it according to two well-known versions.

I will prepare a description BigLock Ransomware in my Digest soon. 
I noticed some familiar elements that we know from previous ransomware.

Most likely, this is a new version of one of them. But now it is considered new anyway. 

Encrypted files are recommended to be kept and to monitor updates.

  • Upvote 1

Share this post


Link to post
Share on other sites
19 hours ago, Amigo-A said:

You need to put the malicious file in the archive with the password 'infected' and upload it to the share site, for example, such
https://dropmefiles.com/

Password protected archives work, as long as the password isn't posted with the link.

Personally I prefer malicious files to be uploaded to VirusTotal and the link to the analysis posted, as we can download from VirusTotal but the average person who comes across our forums can't. Just keep in mind that all it takes to be allowed to download from VirusTotal is a premium account there, so technically anyone can get access to download files and thus you don't want to upload anything confidential there.

 

18 hours ago, Amigo-A said:

Due to the novelty, this malware is still being studied.

We've started an analysis on it as well, however I don't think our malware analysts have had a chance to finish yet. I'll pass your links on in case they come in handy.

  • Like 2

Share this post


Link to post
Share on other sites
5 hours ago, GT500 said:

Personally I prefer malicious files to be uploaded to VirusTotal and the link to the analysis posted, as we can download from VirusTotal but the average person who comes across our forums can't.

I also can’t access the file because need to pay VT every month. For me, this amount is very large. I need live files.

I can get files if they are shared through the services HybridAnalysis, AnyRun, Triage.

Share this post


Link to post
Share on other sites
 
I had exactly the same problem on my working computer..all my files got corona-lock 
I could not decrypt it with free decryptors.

i paid to get decryptor  to my id. 

But decryptor autodeleted.  after decrypting my files.

If i will find it i will post it here , maybe if it can help to you

  • Upvote 1

Share this post


Link to post
Share on other sites
13 hours ago, ShahkoKhan said:

i paid to get decryptor  to my id. 

But decryptor autodeleted.  after decrypting my files.

If i will find it i will post it here , maybe if it can help to you

We can take a look at it if you find it again, however it's more than likely that each computer will require a different private key to decrypt files, and thus the decrypter will only work on a specific computer.

  • Like 2

Share this post


Link to post
Share on other sites
14 minutes ago, Ahmed Ashry said:

My laptop was infected by corona-lock virus. I can't open important files. What is the solution please?

There is no free decryptor yet.
All you can do now is buy the key. 

Share this post


Link to post
Share on other sites
18 hours ago, Ahmed Ashry said:

My laptop was infected by corona-lock virus. I can't open important files. What is the solution please?

We're still analyzing it. If it's possible to make a decrypter then we'll do so, however analysis takes time.

  • Thanks 1

Share this post


Link to post
Share on other sites
On 5/25/2020 at 11:55 AM, GT500 said:

We can take a look at it if you find it again, however it's more than likely that each computer will require a different private key to decrypt files, and thus the decrypter will only work on a specific computer.

Please Let me know decrypter name

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.