rsa 2048 malware decryption

GFA, ASM, STOS, ...

Moderators: exxos, simonsunnyboy, Mug UK, Zorro 2, Moderator Team

User avatar
charles
10 GOTO 10
10 GOTO 10
Posts: 2000
Joined: Tue Aug 17, 2004 12:11 am
Location: ont. Canada
Contact:

rsa 2048 malware decryption

Postby charles » Fri Jan 13, 2017 12:39 am

hi , im really piffed about this
cant believe someone would stoop so low to initiate a virus ,
however something has taken control of my old computer and placed encryption on a lot of my files ,,,
mainly the Atari files I had under emulation ....

anyone ever had this happen and how do I decrypt the files into my originals...?
Last edited by charles on Fri Jan 13, 2017 2:41 am, edited 2 times in total.
atari is my lifestyle,not a hobby.
HOLD ON ! ! !,
Im printing unreadable characters ...!

User avatar
Arawn
Atari User
Atari User
Posts: 42
Joined: Thu Jun 04, 2009 12:47 pm
Location: Portugal
Contact:

Re: rso 4096 malware decryption

Postby Arawn » Fri Jan 13, 2017 1:13 am

Have a look here:

https://www.bleepingcomputer.com/news/security/teslacrypt-shuts-down-and-releases-master-decryption-key/

Edit: it seems there are several types of ransomware which use RSA4096, you will have to find out exactly what version you have.

Edit 2: See also: https://www.youtube.com/watch?v=9FrLUOC-xR0
1040STfm (Spanish), SM125 monitor, Megafile 30, 520STe (4MB), 520STfm (XtraRAM 1MB), Mega STe (4MB, 120MB HDD), Mega ST4, TT030 (4MB+64MB, 1.2GB HDD)

User avatar
charles
10 GOTO 10
10 GOTO 10
Posts: 2000
Joined: Tue Aug 17, 2004 12:11 am
Location: ont. Canada
Contact:

Re: rso 4096 malware decryption

Postby charles » Fri Jan 13, 2017 1:40 am

yes been to both sites,
no result , still looking ......

should I post an example file
for users to try to crack?

also don't have the virus on my computer....just the encypted files currently...
atari is my lifestyle,not a hobby.
HOLD ON ! ! !,
Im printing unreadable characters ...!

User avatar
EmpireAndrew
Captain Atari
Captain Atari
Posts: 391
Joined: Fri Jul 15, 2016 5:46 pm
Location: NYC, USA

Re: rsa 2048 malware decryption

Postby EmpireAndrew » Fri Jan 13, 2017 2:27 pm

Backups, backups, backups.
1977 VCS Heavy Sixxer (Boxed)
1990 Atari 1040STE, 4MB, UltraSatan, TOS 2.06, TT Touch -> Atari SC1435 Colour CRT Monitor
1991 Atari TT030, 2/64MB, Int 8GB Gigafile SCSI2CF, TOS 3.06, CaTTamaran Accelerator -> Atari TTM195 19" Mono CRT Monitor
1993 Atari Falcon030, 14MB, Int 4GB IDE2SD, TOS 4.04 -> Atari PTC1426 Color CRT Monitor
Amiga, Mac, DOS, Newton, SGI, Sun, NeXTStation and more!

User avatar
charles
10 GOTO 10
10 GOTO 10
Posts: 2000
Joined: Tue Aug 17, 2004 12:11 am
Location: ont. Canada
Contact:

Re: rsa 2048 malware decryption

Postby charles » Fri Jan 13, 2017 11:11 pm

forgive me father , for I did not backup ..
yep ...most of the valuable stuff is salvageable , just a lot of texts and diagrams destroyed..plus a lot of 'c' language files
were targeted
atari is my lifestyle,not a hobby.
HOLD ON ! ! !,
Im printing unreadable characters ...!

User avatar
wongck
Ultimate Atarian
Ultimate Atarian
Posts: 11937
Joined: Sat May 03, 2008 2:09 pm
Location: Far East
Contact:

Re: rsa 2048 malware decryption

Postby wongck » Sat Jan 14, 2017 12:39 am

These are ransomware.
Do you know where you probably got it from ? Would like to avoid it.
My Stuff: FB/Falcon CT63+CTPCI_ATI_RTL8139 14+512MB 30GB HDD CF HxC_SD/ TT030 68882 4+32MB 520MB Nova/ 520STFM 4MB Tos206 SCSI
Shared SCSI Bus:ScsiLink ethernet, 9GB HDD,SD-reader @ http://phsw.atari.org
My Atari stuff for sale - click here for list

User avatar
charles
10 GOTO 10
10 GOTO 10
Posts: 2000
Joined: Tue Aug 17, 2004 12:11 am
Location: ont. Canada
Contact:

Re: rsa 2048 malware decryption

Postby charles » Sat Jan 14, 2017 2:55 am

from what I remember it was between one->three years back.. believe it might have been something from a file sharing site,,,,
browsed , download ,opened file, ran ,,,
majority of time most my virus always came in form of mp3 or wav file ,
assuming i double clicked it to bring up its fileassioated program to run...
however its an executable rather than a music file...so it launches upon user initiation

double check every music files ....lol
atari is my lifestyle,not a hobby.
HOLD ON ! ! !,
Im printing unreadable characters ...!

User avatar
wongck
Ultimate Atarian
Ultimate Atarian
Posts: 11937
Joined: Sat May 03, 2008 2:09 pm
Location: Far East
Contact:

Re: rsa 2048 malware decryption

Postby wongck » Sat Jan 14, 2017 4:06 am

Ok thanks.
File sharing sites are a big malware infested mess.
It's bad if you lost source codes especially those you spend lots of time on.
Hope you get majority of your files back without paying. Good luck !!
My Stuff: FB/Falcon CT63+CTPCI_ATI_RTL8139 14+512MB 30GB HDD CF HxC_SD/ TT030 68882 4+32MB 520MB Nova/ 520STFM 4MB Tos206 SCSI
Shared SCSI Bus:ScsiLink ethernet, 9GB HDD,SD-reader @ http://phsw.atari.org
My Atari stuff for sale - click here for list

helmut
Captain Atari
Captain Atari
Posts: 169
Joined: Thu Jan 07, 2010 4:30 pm

Re: rsa 2048 malware decryption

Postby helmut » Sun Jan 15, 2017 5:54 pm

Let windows show all extensions. This could not happen so easy if you would see doc.pdf.exe instead of just doc.pdf in it's explorer.


Social Media

     

Return to “Coding”

Who is online

Users browsing this forum: No registered users and 1 guest