Jump to content

help me plz my file are crypted by .xcrypt


raziel
 Share

Recommended Posts

40 minutes ago, GT500 said:

J'ai demandé plus d'informations à l'un de nos analystes de ransomware, mais veuillez noter que je ne trouve aucune information sur le décryptage, donc ce n'est peut-être pas possible.

ok thanks i'm waiting to hear from you then. if you can give me the name of that ransomware,

Link to comment
Share on other sites

This ransomware has been around since late 2016, however I don't think it was very common as even our ransomware analysts don't have much information on it. They'll need a copy of the ransomware itself to figure out if it's decryptable or not.

You wouldn't happen to know what malicious application encrypted your files, would you? If you do, then could you upload it to VirusTotal and send me a link to the analysis?

Link to comment
Share on other sites

32 minutes ago, GT500 said:

Ce ransomware existe depuis fin 2016, mais je ne pense pas que ce soit très courant car même nos analystes de ransomwares n'ont pas beaucoup d'informations à ce sujet. Ils auront besoin d'une copie du ransomware lui-même pour savoir s'il est déchiffrable ou non.

Vous ne sauriez pas quelle application malveillante a chiffré vos fichiers, n'est-ce pas? Si c'est le cas, pouvez-vous le télécharger sur  VirusTotal et m'envoyer un lien vers l'analyse?

I don't think so but I will look

Link to comment
Share on other sites

22 hours ago, raziel said:

I don't think so but I will look

https://mega.nz/file/JBkkkJza#WfJvhBzcS1C-2KCWVoxbrIudetAqC7vEALggcMdDJcU 

I think it's this file my son downloaded it

 

24/11/2020 11:19:59
Malware "Gen:Variant.MSILPerseus.196529 (B)" detected and blocked on behalf of chrome.exe

Link to comment
Share on other sites

  • 3 months later...
  • 4 weeks later...
12 hours ago, raziel said:

i send it to you in pm sir

Those are just encrypted files. Without the ransomware itself we can't figure out how the encryption process works.

Link to comment
Share on other sites

@raziel

The easiest way to find out when files were encrypted is to look at the file's "Properties".

Usually, the encryption is its last change and this will be the correct date. 

Properties.png.01504dbb476501a09438859c770aeb5b.png

Among the programs published in the Digest "Crypto-Ransomware", there are three ransomware that used the word "xcrypt", but only one of them used the .xcrypt extension in its pure form.

If the encryption date is closer than 2016, then it could be one of the other well-known ransomware that borrowed this extension.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...