BitCryptor ransomware in the wild from the same creators as CoinVault

 

edit: never mind just looked at the phto properly, turns out you need a key...

You need a private key for pretty much every Cryptoware. Hence why someone can't just pay the ransom once and give the decrypter to everyone else. Sure, you now have the a decrypting utility for your files, but without the private key used for their encryption, it's useless.

 

No worries JCL, French is my native language as well so if you ever need something translated to English, let me know And as soon as a method to decrypt the files encrypted by BitCryptor, for free, appears, Grinler will update this thread and post a News thread about it right away.

No worries JCL, French is my native language as well so if you ever need something translated to English, let me know And as soon as a method to decrypt the files encrypted by BitCryptor, for free, appears, Grinler will update this thread and post a News thread about it right away.

Ok Aura. !

Merci pour la réponse .... :-)

This is what I would do as well, back up all the encrypted files on another storage media, and leave them be until a free decryption method is found, one day. Also, Google Chrome is actually the most secure web browser there is. If you look at the number of exploits found in them, Google Chrome always have the fewest one founds, sometimes, not even one is. So you can keep on using it. You could however strenghten it (and your security) with extesions like Web of Trust, HTTPS Everywhere, Ghostery, uBlock Origin, etc. Also, Google DNS and OpenDNS are both good DNS servers to use. Personally, I use the Google's ones, but OpenDNS ones are good as well.

good point

JCL31 -

 

It's also a good idea to have a sector-by-sector clone or backup of your hard drive, just in case decryption depends on files or registry settings that aren't easily seen. 

 

And as you now know, backup skills are a very worthwhile investment (and a very good skill to share with others).

 

Best of luck to you!

Edited by Fremont PC, 14 May 2015 - 09:17 PM.

I would recommend JCL to go for using secure DNS servers like Norton Connect safe or Comodo secure DNS for better security while browsing.
Well, more will make this discussion off topic. So, that topic can be made as a new thread in networking subforum.

Hi guys,

 

I got hit by the same virus the other day and because I have some really important files (without a backup unfortunately) it made me pay the ransom.

After that the software started to decrypt the files but unfortunately it turned out that not all the files were successfully decrypted. When open a .pdf file for example it says that it can't open because the file might be damaged.

I tried to manually decrypt the files with the key I received by the software mentioned above, but unfortunately this did not help either.

 

Does any of you have an idea how to fix this big problem?

 

Thanks in advance.

 

Kind regards,

 

Mathijs

Hi guys,

 

I got hit by the same virus the other day and because I have some really important files (without a backup unfortunately) it made me pay the ransom.

After that the software started to decrypt the files but unfortunately it turned out that not all the files were successfully decrypted. When open a .pdf file for example it says that it can't open because the file might be damaged.

I tried to manually decrypt the files with the key I received by the software mentioned above, but unfortunately this did not help either.

 

Does any of you have an idea how to fix this big problem?

 

Thanks in advance.

 

Kind regards,

 

Mathijs

Hi, I got hit by BitCryptor. I have removed it but the damage has been done. I hope there will be a solution for the encrypted files soon.

 

There were 2 malicious processes that were running in my OS:

C:\Users\<PROFILE>\AppData\Roaming\Microsoft\Windows\bitcrywin.exe

C:\Users\<PROFILE>\AppData\Roaming\Microsoft\Windows\consoleh.exe

Hi Mike

If you didn't delete these executables yet, it would be a good idea to upload them on BleepingComputer so the Security Experts here can take a look at them.

http://www.bleepingcomputer.com/submit-malware.php?channel=3

Hi, I got hit by BitCryptor. I have removed it but the damage has been done. I hope there will be a solution for the encrypted files soon.

BitCryptor encrypts files using AES 256 encryption and is unbreakable. At this time there is no fix tool and no way to retrieve the private key that can be used to decrypt your files without paying the ransom. The only other alternative is to save your data as is and wait for possible updates...meaning, what seems like an impossibility at the moment (decryption of your data) there is always hope someday there may be a breakthrough or possible solution so save the encrypted data and wait until that time.

Hi !

in my file

C : \ Users \ <PROFIL > \ AppData \ Roaming \ Microsoft \ Windows \ filelist.locklst

 

encrypted files end for True

C:\NVIDIA\DisplayDriver\331.82\Win8_WinVista_Win7_64\International\NVI2\btn_primary_180.png|True

 

Is that the word,True, means that they could have used TrueCrypt ?

 

I also found in \ AppData the file by Notepad

fingerprint=DD64-2A4B-D82B-0642-3613-6CC6-8585-8221 of May 12, 2015

 

and in

fingerprint=DD64-2A4B-D82B-0642-3613-6CC6-8585-8221 of May 13, 2015

 

Dates during which they have encrypted my files.

Is this is the public key ?

 

If it helps you.

I have send the "Bitcryptor Support" an email as I have paid and received the key.

Unfortunately as you can read in my previous post not everything got decrypted, this is the reply I received:

 

Please send us some files that didn't decrypt.
Please also fill in this form:
IP: (from whatismyipaddress.com)
Computername:
Username:
Your KEY:
Your IV:

If you can't find everything, that is no problem.
We will have a look at your problem.
--
BitCryptor Support Team

 

What do you guys think? Should I reply to this or will this make me even more vulnerable and are they never going to help someone out?

 

 

Kind regards,

M