WaifuClub Ransomware ( [[AYspF0Nd]].[[backup@waifu.club]].svh )

Good morning,

This week a virus entered my server but I was unsuccessful in finding a solution for it.

I would like if you could help me please

because it encrypted all my files and database :/

I'm sending a sample of what appears to me, it's a virus with extension


file.xlsx.[[AYspF0Nd]].[[backup@waifu.club]].svh

Good morning,

This week a virus entered my server but I was unsuccessful in finding a solution for it.

I would like if you could help me please

because it encrypted all my files and database :/

I'm sending a sample of what appears to me, it's a virus with extension


file.xlsx.[[AYspF0Nd]].[[backup@waifu.club]].svh

This is not a variant of Press Ransomware
 
Did you find any ransom notes? If so, what is the actual name of the ransom note?
Can you provide (copy & paste) the ransom note contents in your next reply?
 
In addition to coping & pasting the ransom note...please attach the original (unedited) ransom note and several samples of encrypted files (different formats - doc, png, jpg) AND its original (unencrypted) file in a "zip file" for comparison so our crypto malware experts can manually inspect them and possibly identify/confirm the infection if they see this topic. To attach files....Click the More Reply Options button in the bottom right corner of the Board Editor, then click the Choose File button under Attach Files.

Since this is not a variant of Press Ransomware, I have split away your posting into it's own topic.

Thanks,


I'm new to the forum, sorry

I'll see if I can get a photo and post it here

Ok.

I'm sending a sample of what appears to me, it's a virus with extension

 

Where is the ransom note file and samples of encrypted files?

Edited by Amigo-A, 06 April 2024 - 01:27 PM.

Good afternoon,

I was only able to add the files today.

I couldn't find the rescue file anywhere

I will give you what I have files because I know that you are the best to solve


I suspect that the virus came from these files in the "Maintenance" folder

https://sendgb.com/HPGiMI2L7zN

Inside it there is a file written keys.dat

and the .exe file inside the "apps" folder indicated as a virus


Inside "archive.rar" there is an infected and non-infected file for testing

Thanks for all your help

Good afternoon,

I was only able to add the files today.

I couldn't find the rescue file anywhere

I will give you what I have files because I know that you are the best to solve


I suspect that the virus came from these files in the "Maintenance" folder

https://sendgb.com/HPGiMI2L7zN

Inside it there is a file written keys.dat

and the .exe file inside the "apps" folder indicated as a virus


Inside "archive.rar" there is an infected and non-infected file for testing

Thanks for all your help

sorry, I sent it twice

I think the file that is 20mb was not uploaded, I added it to the link

https://sendgb.com/SQIYZHorJLX

Edited by gambiarra, 08 April 2024 - 11:23 AM.

Edited by Amigo-A, 08 April 2024 - 12:46 PM.

This is the file inside the .exe "app" folder

As Amigo-A said....you should submit (upload) a sample of any malicious executable that you suspect was involved in causing the infection to VirusTotal for analysis and provide a link here to the results...this is the safest way of sharing malware since only vetted researchers can access it. Doing that may be helpful with any of the following: analyzing, investigating, identification of the ransomware and possibly finding a flaw which could be useful for decryption of encrypted data.

As quietman7 said...

Yes. We need a link to the analysis result.

Of course, can distinguish some letters and numbers SHA-256, but the font in the screenshot is too small.

Edited by Amigo-A, 09 April 2024 - 10:38 AM.