You are welcome to discuss various security topics with our professional team and other users like you!
Read our Registration Agreement and create your FREE account here!

« previous next »
Pages: [1]   Go Down
*

Execute

  • *****
  • 388
  • +55/-0
  • Your friendly neighbourhood IT guy
      • View Profile
Help Decrypt Files Encrypted by hairullah@inbox.lv
« on: October 14, 2015, 11:24:59 am »
There is a new Ransomware Trojan that popped up a few days ago. It is called "hairullah@inbox(.)lv". It is distributed like most ransomwares do - through email attachments with malicious content, aggressive spam or through websites hosting exploit kits.

If you get infected, the Trojan will stay hidden for a while until it scans your system seeking to exploit files with the following extensions: txt, zip, rar, pdf, jpg, msi, iso, xml, inf, dwg, rtf, csv, avi, doc, xlx, db. After such files are found, they will be encrypted with the extension “id-0123456789_hairullah@inbox(.)lv”, where the numbers in the extension may vary. After the encryption the user will be asked to pay a ransom to unlock his files via a message that can re-appear after every restart of the machine.

Some researchers believe that this particular Ransomeware targets files only on a computer’s data storage that have been mapped and assigned a letter, such as HDDs, SSDs, and any removable drives.

Do you know any information regarding this Ransomeware? If you have come across it – with what security software did you remove it and have you somehow managed to get your files decrypted?
« Last Edit: January 06, 2016, 10:17:51 am by Execute »
Logged
*

Vermon

  • ****
  • 10
  • +22/-0
      • View Profile
Re: Help Decrypt Files Encrypted by hairullah@inbox.lv
« Reply #1 on: October 14, 2015, 12:00:33 pm »
Heya! :o I had this yesterday and I removed it successfully with the help of SpyHunter and Malwarebytes. I didn’t pay much attention to the message that showed because I know about ransomeware and how it can spread, so I acted fast.  But I noticed the weird 30-something-symbols-extension with hair ulla inbox and some numbers, adding to some documents I keep on the desktop!!

I still have many files encrypted and don’t know how to decrypt them! I tried changing the extensions back to normal, but it doesnt work! Please help if you can?!
Logged
*

ice

  • *
  • 1
  • +2/-0
      • View Profile
Re: Help Decrypt Files Encrypted by hairullah@inbox.lv
« Reply #2 on: October 14, 2015, 09:22:13 pm »
I got infected with this  hairullah@inbox(dot)lv 3-4 days ago and I have been infected with a different ransomeware before, so I make a system backup of my most important files on a regular basis, now. That saved me! I like to click on ads that are interesting to me to be honest - probably how I got infected… :D
I have Avira Free anti-virus, but I guess it doesn’t have real-time protection – I will try these Malwarebytes and Spyhunter programs to see if I have removed the nasty Trojan completely.
My advice is to make a backup, periodically on an external hard drive or storage device! It helps a ton!
« Last Edit: October 14, 2015, 09:38:50 pm by ice »
Logged
Pages: [1]   Go Up
« previous next »