SensorsTechForum - How to Technology and PC Security Forum

PC Security and Protection => Internet and Networking Security => Topic started by: Execute on October 14, 2015, 11:24:59 am

Title: Help Decrypt Files Encrypted by hairullah@inbox.lv
Post by: Execute on October 14, 2015, 11:24:59 am
There is a new Ransomware Trojan that popped up a few days ago. It is called "hairullah@inbox(.)lv". It is distributed like most ransomwares do - through email attachments with malicious content, aggressive spam or through websites hosting exploit kits.

If you get infected, the Trojan will stay hidden for a while until it scans your system seeking to exploit files with the following extensions: txt, zip, rar, pdf, jpg, msi, iso, xml, inf, dwg, rtf, csv, avi, doc, xlx, db. After such files are found, they will be encrypted with the extension “id-0123456789_hairullah@inbox(.)lv”, where the numbers in the extension may vary. After the encryption the user will be asked to pay a ransom to unlock his files via a message that can re-appear after every restart of the machine.

Some researchers believe that this particular Ransomeware targets files only on a computer’s data storage that have been mapped and assigned a letter, such as HDDs, SSDs, and any removable drives.

Do you know any information regarding this Ransomeware? If you have come across it – with what security software did you remove it and have you somehow managed to get your files decrypted?
Title: Re: Help Decrypt Files Encrypted by hairullah@inbox.lv
Post by: Vermon on October 14, 2015, 12:00:33 pm
Heya! :o I had this yesterday and I removed it successfully with the help of SpyHunter and Malwarebytes. I didn’t pay much attention to the message that showed because I know about ransomeware and how it can spread, so I acted fast.  But I noticed the weird 30-something-symbols-extension with hair ulla inbox and some numbers, adding to some documents I keep on the desktop!!

I still have many files encrypted and don’t know how to decrypt them! I tried changing the extensions back to normal, but it doesnt work! Please help if you can?!
Title: Re: Help Decrypt Files Encrypted by hairullah@inbox.lv
Post by: ice on October 14, 2015, 09:22:13 pm
I got infected with this  hairullah@inbox(dot)lv 3-4 days ago and I have been infected with a different ransomeware before, so I make a system backup of my most important files on a regular basis, now. That saved me! I like to click on ads that are interesting to me to be honest - probably how I got infected… :D
I have Avira Free anti-virus, but I guess it doesn’t have real-time protection – I will try these Malwarebytes and Spyhunter programs to see if I have removed the nasty Trojan completely.
My advice is to make a backup, periodically on an external hard drive or storage device! It helps a ton!