skyyy7
This sample 3R9qG8i3Z has been used in many attacks.
Perhaps someone has already bought a decryptor...
Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.
LockBit 3.0 Black / CriptomanGizmo ([random 9 chars]; README.txt) Support Topic
Started by
tcolaco
, Dec 03 2022 04:43 AM
163 replies to this topic
#151
rivitna
-
- Security Colleague
- 220 posts
- OFFLINE
- Gender:Male
- Local time:08:45 AM
Back to top
#152
skyyy7
-
- Members
- 2 posts
- OFFLINE
Posted 08 April 2024 - 06:57 PM
How can I get it? I don't know what to do. I'm lost. Do you have a Telegram ID to communicate?
#153
rivitna
-
- Security Colleague
- 220 posts
- OFFLINE
- Gender:Male
- Local time:08:45 AM
#154
jeffjoe1979
-
- Members
- 4 posts
- OFFLINE
- Local time:02:45 AM
Posted 09 April 2024 - 08:28 AM
You're welcome!
good morning
how are you ?
Sorry to bother you with this, but could you help me and try to see if there is a way to get my files back? I don't understand anything and I don't know how to proceed. You apparently understand and I would really like it if you could talk to me about it. it would be possible ? I'm waiting, thank you.
#155
rivitna
-
- Security Colleague
- 220 posts
- OFFLINE
- Gender:Male
- Local time:08:45 AM
Posted 09 April 2024 - 08:54 AM
good morning
how are you ?
Sorry to bother you with this, but could you help me and try to see if there is a way to get my files back? I don't understand anything and I don't know how to proceed. You apparently understand and I would really like it if you could talk to me about it. it would be possible ? I'm waiting, thank you.
Hello!
I'm fine, thank you!
I have nothing to please you with.
#156
AlexVovk
-
- Members
- 3 posts
- OFFLINE
- Local time:08:45 AM
Posted 13 April 2024 - 09:41 AM
Hi All. I've been hacked and my files were encrypted 
I couldn't find Ransom Id on site. Maybe you can help me somehow...
Text File:
~~~AsiriumSquad~~~
>>>> Your data are stolen and encrypted.
>>>> What guarantees that we will not deceive you?
We are not a politically motivated group and we do not need anything other than your money.
If you pay, we will provide you the programs for decryption and we will delete your data.
Life is too short to be sad. Be not sad, money, it is only paper.
If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future.
Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment.
>>>> You need contact us to decrypt file.
buy our special
decryption software, this software will allow you to recover all of your data and remove the
ransomware from your computer.The price for the software is $300. Payment can be made in Bitcoin only.
How do I pay, where do I get Bitcoin?
Moonpay.com
Important!: your pc, your personal life, your liberty
is in danger ! take this serius if u dont pay whe Must ruin ur life otherwise no one will pay.
Payment informationAmount: 0.004 BTC
Bitcoin Address: bc1q07v4dm6q5ln5w3ac93ue8jdvcjmq8tg3tvlmlr
Contact us with Your personal DECRYPTION ID and screenshot of PAYMENT at: hackbeenswim@mail2tor.com
>>>> Your personal DECRYPTION ID: 8D9634EC6DA0FEAA61FAFE992000B909
>>>> Warning! Do not DELETE or MODIFY any files, it can lead to recovery problems!
>>>> Warning! If you do not pay the ransom we will attack your company repeatedly again!
Infected files has ending: .zpvmjd9JY
#157
quietman7
-
- Global Moderator
- 61,920 posts
- OFFLINE
Bleepin' Gumshoe
- Gender:Male
- Location:Virginia, USA
- Local time:01:45 AM
Posted 14 April 2024 - 09:12 AM
If the extension is .zpvmjd9JY....is the ransom note name zpvmjd9JY.README.txt?.
.
.
Microsoft MVP Alumni 2023, Windows Insider MVP 2017-2020, MVP Reconnect 2016-2023
Microsoft MVP Consumer Security 2007-2015 
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Retired Police Officer, Federal Agent and Coast Guard Chief
If I have been helpful & you'd like to consider a donation, click 
#158
AlexVovk
-
- Members
- 3 posts
- OFFLINE
- Local time:08:45 AM
#159
quietman7
-
- Global Moderator
- 61,920 posts
- OFFLINE
Bleepin' Gumshoe
- Gender:Male
- Location:Virginia, USA
- Local time:01:45 AM
Posted 14 April 2024 - 03:53 PM
It's a new variant of LockBit 3 Black and not decryptable as far as I am aware.
.
.
Microsoft MVP Alumni 2023, Windows Insider MVP 2017-2020, MVP Reconnect 2016-2023
Microsoft MVP Consumer Security 2007-2015
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Retired Police Officer, Federal Agent and Coast Guard Chief
If I have been helpful & you'd like to consider a donation, click
#160
AlexVovk
-
- Members
- 3 posts
- OFFLINE
- Local time:08:45 AM
Posted 14 April 2024 - 04:10 PM
Is there any chance it can be decryptable in the nearest feature?
#161
quietman7
-
- Global Moderator
- 61,920 posts
- OFFLINE
Bleepin' Gumshoe
- Gender:Male
- Location:Virginia, USA
- Local time:01:45 AM
Posted 14 April 2024 - 04:50 PM
We have no way of knowing when or if a free (or legitimate paid for) decryption solution will ever be available. The possibility of decryption depends on a variety of factors as explained here (Post #16).
In most cases, unless the keys are leaked or the criminals are arrested by the authorities and the keys are recovered, then provided to the public, there is no possibility that anyone can provide a decryption solution.
For now all you can do is backup/save your encrypted data as is and wait for a possible solution at a later time...meaning, what seems like an impossibility at the moment (decryption of your data), there is always hope someday there may be a potential solution.
When or if a free (or legitimate paid for) decryption solution is found, that information will be provided in this support topic and victims will receive notification if subscribed to it.
.
.
Microsoft MVP Alumni 2023, Windows Insider MVP 2017-2020, MVP Reconnect 2016-2023
Microsoft MVP Consumer Security 2007-2015
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Retired Police Officer, Federal Agent and Coast Guard Chief
If I have been helpful & you'd like to consider a donation, click
#162
joannes
-
- Members
- 1 posts
- OFFLINE
Posted 15 April 2024 - 07:16 PM
It happened to me, I need some light to put an end to this annoying problem.
#163
quietman7
-
- Global Moderator
- 61,920 posts
- OFFLINE
Bleepin' Gumshoe
- Gender:Male
- Location:Virginia, USA
- Local time:01:45 AM
Posted 15 April 2024 - 07:19 PM
As with most ransomware the best solution for dealing with encrypted data after an infection is to restore from backups that have been isolated (offline) to a device not always connected to the network or home computer so they are unreachable. The only reliable way to effectively protect your data and limit the loss with this type of infection is to have an effective backup strategy. Without having safely stored backups to restore from, your data most likely is lost forever.
.
.
Microsoft MVP Alumni 2023, Windows Insider MVP 2017-2020, MVP Reconnect 2016-2023
Microsoft MVP Consumer Security 2007-2015
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Retired Police Officer, Federal Agent and Coast Guard Chief
If I have been helpful & you'd like to consider a donation, click
#164
Windyy
-
- Members
- 1 posts
- OFFLINE
- Local time:08:45 AM
Posted 16 April 2024 - 03:21 AM
Hi All. I've also been hacked with the same txt file as AlexVovk.
~~~AsiriumSquad~~~
>>>> Your data are stolen and encrypted.
>>>> What guarantees that we will not deceive you?
We are not a politically motivated group and we do not need anything other than your money.
If you pay, we will provide you the programs for decryption and we will delete your data.
Life is too short to be sad. Be not sad, money, it is only paper.
If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future.
Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment.
>>>> You need contact us to decrypt file.
buy our special
decryption software, this software will allow you to recover all of your data and remove the
ransomware from your computer.The price for the software is $300. Payment can be made in Bitcoin only.
How do I pay, where do I get Bitcoin?
Moonpay.com
Important!: your pc, your personal life, your liberty
is in danger ! take this serius if u dont pay whe Must ruin ur life otherwise no one will pay.
Payment informationAmount: 0.004 BTC
Bitcoin Address: bc1q07v4dm6q5ln5w3ac93ue8jdvcjmq8tg3tvlmlr
Contact us with Your personal DECRYPTION ID and screenshot of PAYMENT at: hackbeenswim@mail2tor.com
>>>> Your personal DECRYPTION ID
>>>> Warning! Do not DELETE or MODIFY any files, it can lead to recovery problems!
>>>> Warning! If you do not pay the ransom we will attack your company repeatedly again!
with infected files has ending: .zpvmjd9JY
AlexVovk maybe you already bought a decryptor?
with infected files has ending: .zpvmjd9JY
AlexVovk maybe you already bought a decryptor?
Edited by Windyy, 16 April 2024 - 07:03 AM.
3 user(s) are reading this topic
0 members, 3 guests, 0 anonymous users
