NEW PIPIKAKI RANSOMWARE

[sanchomdv]

Hello,

This night one of my computers has been encrypted with a ransomware that rename all the files in te format correctfilename.correctfileextension.[5391F333][email protected]

a note was showed in my desktop and in all folders with the title: WE CAN RECOVER YOUR DATA.txt

the note start with this text:
=========================================================
Hello my dear friend

Unfortunately for you, a major IT security weakness left you open to attack, your files have been encrypted
If you want to restore them,write to our skype - Pipikaki Decryption
Also you can write ICQ live chat which works 24/7 @PIPIKAKI
Install ICQ software on your PC https://icq.com/windows/ or on your mobile phone search in Appstore / Google market ICQ
Write to our ICQ @PIPIKAKI https://icq.im/PIPIKAKI
If we not reply in 6 hours you can write to our mail but use it only if previous methods not working - [email protected]
==========================================================

I suspect thas has been a brute force attack against a rdp user with a weak password

i submit to you a zip file contaning the note, a encripted txt file and his decrypted versión pair

https://www.dropbox.com/s/azysnd4zutzvkcq/pipikakifilessamples.zip?dl=0

Curiously all the encryped files ended with the chain 5391F333MONSTER where 5391F333 is the apparently description key in every encrypted file name

I come here from emsisoft forum where they give me this code: 900364e587f4c56c9c582c28cabe143add9d3ce31651145281

CAn you help me?

Thanks a lot
sanchomdv
Barcelona (SPAIN)

pipikakifilessamples.zip

[Amigo-A]

Hello.

Add a few more different encrypted files.

[Amigo-A]

https://www.bleepingcomputer.com/forums/t/771463/

I got your files from the BC forum. In that case, let's continue there.

[ShadowPuterDude]

Thread Closed