[Inactive] files are encrypted with rsa 2048 and AES 128 cyphers!
Results 1 to 8 of 8

Thread: [Inactive] files are encrypted with rsa 2048 and AES 128 cyphers!

Hybrid View

  1. #1
    Join Date
    Jan 2017
    Posts
    3

    [Inactive] files are encrypted with rsa 2048 and AES 128 cyphers!

    I am a total newbie to this process so be gentle. Believe infected on 12/25/2016. tried to transfer files to external drive, all files corrupted. is there any way to correct or is my laptop fried?

  2. #2
    Join Date
    Feb 2000
    Location
    Idaho Falls, Idaho, USA
    Posts
    18,063
    First, you need to remove the malware from your system. After that there are some free tolls that may be able to decrypt the files. If you do get your files decrypted, then it is time to start a regular backup program for future protection.

    Our resident malware removal expert will be along to assist you in removing the malware.

    Decryption links:

    https://noransom.kaspersky.com/

    http://www.zdnet.com/article/remove-...se-free-tools/

  3. #3
    Join Date
    Jan 2017
    Posts
    3

    Osiris ransomware

    Quote Originally Posted by rosemaryholt View Post
    I am a total newbie to this process so be gentle. Believe infected on 12/25/2016. tried to transfer files to external drive, all files corrupted. is there any way to correct or is my laptop fried?
    I believe the ransomware is Osiris, if that helps.

  4. #4
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550

  5. #5
    Join Date
    Jan 2017
    Posts
    3
    Quote Originally Posted by Broni View Post
    I wanted to paste reply from this link: https://www.bleepingcomputer.com/for.../#entry4143606
    looks like saving the encrypted files and waiting for a solution is my only option.
    Thanks for your help.

  6. #6
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    For whatever reason I can't post my reply here.
    When I do I'm getting this error:

    Sadly, you’ve reached a page that can’t be displayed.

    We’ve logged this action, so we are aware there is an issue!

    At this time, please hit your browser’s back button or simply close this page!

    The incident ID is: N/A.

  7. #7
    Join Date
    Sep 1999
    Location
    Largo, Fl.
    Posts
    22,322
    EDIT: I was able to post the following without error:



    Any files that are encrypted with the Locky (.Osiris) ransomware variant will be renamed with random alpha-numerical characters and have the .siris extension appended to the end of the encrypted data filename (i.e. 11111111--1111--1111--FC8BB0BA--5FE9D9C2B69A.osiris) and leave files (ransom notes) named DesktopOSIRIS.bmp, DesktopOSIRIS.htm, OSIRIS-[4_numbers].htm, OSIRIS-[4_numbers].htm as explained here.

    Unfortunately, there is no known way at this time to decrypt files encrypted by Locky variants regardless of the extension without paying the ransom.

    There is an ongoing discussion in this topic where you can post comments, ask questions and seek further assistance. Other victims have been directed there to share information, experiences and suggestions.
    Locky Ransomware (Zepto) Support and Help Topic - _HELP_instructions.html
    When or if a solution is found, that information will be provided in this support topic and you will receive notification if subscribed to it. In addition, a news article most likely will be posted on the BleepingComputer front page.

    Rather than have everyone with individual topics, it would be best (and more manageable for staff) if you posted any more questions, comments or requests for assistance in the above support topic discussion...it includes experiences by experts, a variety of IT consultants, end users and company reps who have been affected by ransomware infections. To avoid unnecessary confusion, this topic is closed.
    If you're happy and you know it......it's your meds.

  8. #8
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    If you don't have any recent healthy backup that would be your only option.
    I'm sorry.

    @Steve
    Possibly some links in my quote were triggering some board security.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •