Jump to content

Babamonkey

Members
  • Content Count

    2
  • Joined

  • Last visited

Profile Information

  • Location
    Germany

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Hello, ok thanks, i was in contact with the support. Sadly it's not possible to decode the files because of the missing private pgp key. You can close this thread.
  2. Customer was infected from blklock@airmail.cc ransomware. Too bad Eset Internet Security was not able to find it (now it is) so it encrypted all Word, Excel, PDF and stuff like this on the harddrive. I found out, it used "rar" to pack it with a unknown password. The files where encrypted and then renamed with "<originalName>.blklock@airmail.cc". The original files where deleted and the shadow copy where also deleted. I was able to follow the way from the Email (ISO File with download Script) to the Batch File and also the VBA Script which was used to encrypt everything. I also own the pgp file used to encrypt and key file from the infected PC. BUT .. i'm a total VBA noob. I understand the basics .. more or less .. but not total sure what the VBA script did in every way and how to change it to decrypt it again. I would link the files here with some samples from the encrypted pc - but no idea if i'm alowed to, because basicly its the ransomware itself and someone could change it to use it again. Would be nice if someone could help me or maybe even Eset is interessted in programming a removal tool. Greetings from Germany Nico Müller
×
×
  • Create New...