Hi everyone! I have trouble - recive babyk malware.
Found in google link to the Avast decryption tool for babuk v 1.0.0.815
But its doesn’t work for me. What i can do? Maybe someone can help?
And i want to upload files with that virus, but i am new one and can not to do this…
disk(.)yandex(.)ru/d/LDNfg32bUpzXWw
First, I’m an Avast user and not an Avast Team member.
Even if you weren’t a new member it isn’t wise or allowed to upload suspect/infected files to the publicly available forum. So the post should be modified and the URL broken or otherwise should be removed.
@DavidR Thank you for answer! I can’t edit the message now, so I’ll write a completely new one in this thread.
There’s a problem. They’ve infiltrated and encrypted all the data on the servers.
The encrypted files have the format “filename”.babyk, for example, ChangeLog.babyk.
After searching online, I realized it was most likely the Babuk ransomware and found a decryptor from Avast. I downloaded versions 1.0, 0.815. When I try to decrypt any file, I get the message “The specified file is encrypted and cannot be decrypted by this user.”
Moreover, I ran it with administrator rights on different PCs (all Windows), and the result is the same.
I have a theory that it’s not Babuk, but sEXi.
I’m asking for help…
A file called “How To Restore Your Files.txt” is left everywhere.
It contains the following information:
.’ __ __ ______
|||||| / .-. \ .–. _ .–. .–. ||||||
__ __ ______ | | | |/ .‘\ \[ '/'\ ( (\] ______ ______ ______ |______||______||______| \ -’ /| _. | | _/ | '.'. |______||______||______| ..’ '..’ | ;./ [__) )
[_|
=====================================================================================
What Happened to My Computer?
Your important files are encrypted.
Many of your documents, photos, videos, databases and other files are no longer
accessible because they have been encrypted. Maybe you are busy looking for a way to
recover your files, but do not waste your time.
=====================================================================================
Can I Recover My Files?
Sure. We guarantee that you can recover all your files safely and easily. But you have
not so enough time.if you want to decrypt all your files, you need to pay.
You only have 3 days to submit the payment. After that the price will be doubled.
Also, if you don’t pay in 7 days, you won’t be able to recover your files forever.
=====================================================================================
How Do I Pay?
Your Encryption ID:Ypv6Q0mxBrAUSGJffjXTK2zqNSFYE8jVJwsndToKLcWYpmKS
Payment is accepted in BTC only. If you don’t know what’s BTC, please Google for
information on how to buy and pay for BTC.
Send $5000 worth of BTC to this address:
bc1qsz9jth9skf05exj7wlz2pn3k2f90nc4jsxgpxt
After the payment is completed, Please send your encryption ID and proof of payment to our email.
We will reply to the decryption program to your email address.
=====================================================================================
How to Contact Us?
=====================================================================================
*Warning: Don’t try to decrypt by yourself, you may permanently damage your files.
First, this is outside of my personal experience if the old tool that Avast had many years ago didn’t work (or as you are thinking isn’t for the same encryption).
This really is something for companies that specialise in this kind of decryption and google searches for companies that specialise in decryption in your location may bring results.
Personally for $5000 you could start over with a brand new computer for less and have change left over rather than pay crooks, who put you in this position and ‘trust’ that they would honour the statement they made (guarantee).
I can only presume that you haven’t been doing regular system and data backups to an off-line source or SSD drive or this wouldn’t have been so serious.
Despite having been asked not to post active links you have posted email addresses, this really isn’t pertinent to the problem.
Unfortunately this ‘user baser’ forum doesn’t provide this kind of support. A long time ago there were people who specialised in malware removal, but even that isn’t close to breaking the encryption and restoring your files to an unencrypted state. This is a specialist task (the crooks already have the key) where decryption companies/specialists don’t they have experience in this kind of task.
This I’m sure isn’t something that you want to hear but that is the reality and what these crooks rely on, to get you to pay. Even after payment, what guarantee that they will do this or not up the price.