Posted 05 September 2023 - 03:06 AM
help pls, my computer has been attacked by loki ransomware
!!!All of your files are encrypted!!!
To decrypt them send e-mail to this address: lokiloki@mailfence.com
In case of no answer in 24h, send e-mail to this address: Lokisupp0rt@yandex.com
All your files will be lost on Wednesday, October 4, 2023 6:15:51 PM.
Your SYSTEM ID : E2964AD5
!!!Deleting "Cpriv.Loki" causes permanent data loss.
Bleepin' Gumshoe
Posted 05 September 2023 - 06:13 AM
.
.
Microsoft MVP Alumni 2023, Windows Insider MVP 2017-2020, MVP Reconnect 2016-2023
Microsoft MVP Consumer Security 2007-2015 
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Retired Police Officer, Federal Agent and Coast Guard Chief
If I have been helpful & you'd like to consider a donation, click 
Posted 15 September 2023 - 07:01 PM
System ID is the serial number of your system volume.
You should not allow the destruction of your data after 30 days!!!
LokiLocker (but not BlackBit) may contain a Meterpreter payload, be carefull!
Affiliates usually give a decryptor, one decryptor per host. It doesn't cost a lot of money, but I am categorically against paying a ransom.
The RSA session key is either downloaded from the Internet (usually BlackBit) or generated on the host (usually LokiLocker), but decryption is not possible without it.
If Cpriv.* exists (and string "!!!Deleting "Cpriv.*" causes permanent data loss." in a ransom note) , the session key is generated on the host.
I have 7 sets of LokiLocker / BlackBit RSA public keys, BlackBit uses only one key set.
Protect your public RDP! Good luck!
Edited by rivitna, 15 September 2023 - 07:15 PM.
Posted 19 October 2023 - 03:21 PM
howdy
ive been hit with the blackbit malware on my server at home... so annoying.
ive tried malwarebytes, eset cleaner, combo cleaner and none of them work as expected...
malwarebytes and eset picked up a lot of malware files which seemed to relate to blackbit and it did quarantine them all.. but files are still encrypted.
it sounds like theres no way to clean this up... so im going to need to reinstall my OS from scratch.
ahhh i reckon my NAS got infected as well.. would mean all my data is screwed
Edited by RogerDingo, 19 October 2023 - 03:23 PM.
Bleepin' Gumshoe
Posted 19 October 2023 - 03:29 PM
If you need individual assistance from our experts ONLY with removing the malware infection, (not decryption of your data), there are advanced tools which can be used to investigate but they are not permitted in this forum. Please follow the instructions in the Malware Removal and Log Section Preparation Guide. When you have done that, start a new topic and post your FRST logs in the Virus, Trojan, Spyware, and Malware Removal Logs Forum, NOT here, for assistance by the Malware Response Team.
.
.
Microsoft MVP Alumni 2023, Windows Insider MVP 2017-2020, MVP Reconnect 2016-2023
Microsoft MVP Consumer Security 2007-2015
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Retired Police Officer, Federal Agent and Coast Guard Chief
If I have been helpful & you'd like to consider a donation, click
Bleepin' Gumshoe
Posted 27 December 2023 - 08:50 PM
There is nothing new to report that I am aware of.
.
.
Microsoft MVP Alumni 2023, Windows Insider MVP 2017-2020, MVP Reconnect 2016-2023
Microsoft MVP Consumer Security 2007-2015
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Retired Police Officer, Federal Agent and Coast Guard Chief
If I have been helpful & you'd like to consider a donation, click
Posted 29 March 2024 - 06:47 PM
Edited by lagm-cl, 29 March 2024 - 06:58 PM.
0 members, 1 guests, 0 anonymous users
Back to top
