Ransomware

Please need help for VoidCrypt files – Ransomware Help & Tech Support – BleepingComputer

Hello Friends

Yesterday ,My PC has been infected with ransomware 

all partitions have been encrypted 

and a text file name (Read-this.txt) has been posted in every folder and every partition

it says

=========================

All Your Files Has Been Encrypted
You Have to Pay to Get Your Files Back
1-Go to C:\ProgramData\ or in Your other Drives   and send us prvkey.txt.key  file  
2-You can send some file little than 1mb for Decryption test to trust us But the test File should not contain valuable data
3-Payment should be with Bitcoin
4-Changing Windows without saving prvkey.txt.key file will cause permanete Data loss
Our Email:RansomwareSupport@zohomail.com
in Case of no Answer:AppleRansomware1024@tutanota.com
=====================================
Files are encrypted with following file name pattern
file name with extension.[<email>][MJ-<id>].crypyt
for example
image-1.jpg.[RansomwareSupport@zohomail.com][MJ-NQ1234567890].crypyt

after checking with //id-ransomware.malwarehunterteam.com/  it says

==========================================================

Identified by

  • ransomnote_filename: Read-this.txt
  • sample_extension: .[<email>][MJ-<id>].crypyt

Click here for more information about VoidCrypt

==========================================================
i want to submit sample files in order if there is any hope to dycrypt as i have a lot of important files for me and friends and workers and all have been encrypted but the site not allowed me to attach
Please need help if there is any way to decrypt files
an email has been sent to hacker email and responce was as following
====================================
Text: 1. decrapting cost
MJ-NQ1234567890   <<======ID number for hacker to identify the PC
The cost of decryption is 5400$ We receive payment only in BITCOINS. (Bitcoin is a form of digital currency)
All your Remote desktop passwords hacked. Change all user passwords to more harder. Immediately!
2. Attention!
Do not rename encrypted files. 
Do not try to decrypt your data using third party software, it may cause permanent data loss. 
Do not trust anyone! Only we have keys to your files! Without this keys restore your data is impossible. 
3. Free decryption as guarantee
You can send us up to 1 file for free decryption.
Size of file must be less than 4 Mb (non archived). We dont decrypt for test DATABASE, XLS and other important files. Remember this.
4. Decryption process:
To decrypt the files, transfer money to our bitcoin wallet number: “request it from us before payment”. As we receive the money we will send you:
1. Decryption program.
2. Detailed instruction for decryption. 
3. And individual keys for decrypting your files.
5. The process of buying bitcoins:
IMPORTANT! Dont use coinbase! it take more than 2 week to make coinbase verification.
============================================================

a sample of virus file has been uploded to virustotal.com and result is in attached PDF

Any help is Appreciated, Thank you

Attached Files

Edited by maths366, Today, 01:57 PM.

Leave a Reply

Your email address will not be published. Required fields are marked *