You are welcome to discuss various security topics with our professional team and other users like you!
Read our Registration Agreement and create your FREE account here!

*

never

  • *****
  • 122
  • +26/-0
  • Network Administrator and Malware Researcher
      • View Profile
Re: Restore Files Encrypted by Weekendwarrior55(.)com Ransomware
« Reply #15 on: December 14, 2015, 09:53:57 am »
Hello Janus

We are currently looking into it we will get back soon with more assistance :)

*

cdmgcm

  • *
  • 1
  • +0/-0
      • View Profile
Re: Restore Files Encrypted by Weekendwarrior55(.)com Ransomware
« Reply #16 on: December 16, 2015, 04:41:59 pm »
Hi,

I have the same problem. There is any progress regarding this malware? Did anyone managed already to do/find a solution for decrypt the files?  :( :-\

Regards,

*

Execute

  • *****
  • 388
  • +55/-0
  • Your friendly neighbourhood IT guy
      • View Profile
Re: Restore Files Encrypted by Weekendwarrior55(.)com Ransomware
« Reply #17 on: December 17, 2015, 11:14:15 am »
Hi,

I have the same problem. There is any progress regarding this malware? Did anyone managed already to do/find a solution for decrypt the files?  :( :-\

Regards,

We are still researching the matter. If we find anything that might help - we will share it. We will keep all of you posted.

Best Regards,
Execute

*

Execute

  • *****
  • 388
  • +55/-0
  • Your friendly neighbourhood IT guy
      • View Profile
Re: Restore Files Encrypted by Weekendwarrior55(.)com Ransomware
« Reply #18 on: January 07, 2016, 11:25:30 am »
We tried around 10 different decryptors, but only 1 of them proved to work and that was Kaspersky's Rakhni Decryptor.

It worked only with some of the files > it successfully decrypted a .png and .jpg image:

<===>

Unfortunately, it couldn't decrypt .doc, .xls and the newer .docs and .xlsx files, even after trying to, for several days:

<===>

It just couldn't recover the password for them, leading us to believe that the Weekendwarrior55(.)com may have used a stronger encryption key for them.

<===>

It took a lot of time, but at least some files were restored, which is partly good news.

Keep an eye out for updates, and also if we find something that might help you to restore your files - we will keep you informed.
Just don't give up, there is hope. Also, if you have any ideas, write them up, maybe one thing can lead to another and figure out how to beat this ransomware.

Kind Regards,
Execute

*

janus5555

  • *
  • 8
  • +2/-0
      • View Profile
Re: Restore Files Encrypted by Weekendwarrior55(.)com Ransomware
« Reply #19 on: January 08, 2016, 06:11:33 am »
Well then this is partially good news, since you prove that  the files can indeed be decrypted but on the other hand, the decryption worked only for a small number and type of them.
Someone suggested earlier that the virus doesn't encrypt the whole file but only some kbs at the beginning or the end, could there be a solution there? I'm not into IT stuff but couldn't there be a decryptor to take into consideration this specific characteristic of this virus?
It's been almost two months since we were hit by the virus and still we have no success in dealing with it at my company, neither by backups nor by decryption of the files...

*

Grix

  • *
  • 1
  • +0/-0
      • View Profile
Re: Restore Files Encrypted by Weekendwarrior55(.)com Ransomware
« Reply #20 on: January 08, 2016, 12:52:35 pm »
I tried last month to decrypt .mdb - NO SUCESS  :-X

*

Execute

  • *****
  • 388
  • +55/-0
  • Your friendly neighbourhood IT guy
      • View Profile
Re: Restore Files Encrypted by Weekendwarrior55(.)com Ransomware
« Reply #21 on: January 08, 2016, 05:32:23 pm »
@janus5555, yes, some files have only the first 100 kbytes encrypted, according to the user @pranza.

I also believe there must be a solution, it sounds logical - less encryption, smaller size - probably easier to pinpoint and shorter time to decrypt such files. But we are not sure if that is for every file extension or only for a small number of them, and we haven't really seen that idea implemented in a decryptor for now. Either way, any data that can be recovered is worth the shot of trying to find a fix.

However, we are searching for some brute-forcing method ways to get the knowledge we have about the ransomware into good use. We will see if we can make it happen. If the encryption is not that strong, then we should be able to break it somehow. We will write with whatever possible solution we find.

@Grix, that's bad - database files, right? If you tried with Rakhni, then yeah - no updates since 1 month back, up to this moment. We are hoping a new version of the decryptor is released soon or to somehow make our ideas about decryption possible.

Best Regards,
Execute

*

Execute

  • *****
  • 388
  • +55/-0
  • Your friendly neighbourhood IT guy
      • View Profile
Re: Restore Files Encrypted by Weekendwarrior55(.)com Ransomware
« Reply #22 on: January 28, 2016, 10:21:51 am »
@Linda Beccani, hello, you can send a few encrypted files, and if there is a ransom note to idunn0@abv.bg, so we can see if we can decrypt them.

Kind Regards,
Execute

P.S.: Your English is good and understandable.

*

test4just

  • *
  • 2
  • +0/-0
      • View Profile
Re: Restore Files Encrypted by Weekendwarrior55(.)com Ransomware
« Reply #23 on: January 28, 2016, 01:30:01 pm »
Hi, I am also fighting with .id-3113278688_johndoe@weekendwarrior55(.)com. RakhniDecryptor for .doc and .xls runs 2 days and "cannot recover password", for .mfd and .dbf does not run at all saying "Unsupported file type". For .jpg runs for 2 hours and "Password has been recovered succesfully". It shows that all the encrypted files have been decrypted. Now the files have the correct extension (with no  "@weekendwarrior"), but when trying to open, all of them are still encrypted (including the .jpg). I would like to send you samples of both encrypted and "Rakhni-decrypted" file. I have just registered to your forum and I do not know how or at what e-mail address to send the files.

Edit by Sensadmin: I modified the link, so it's not clickable or associatable with e-mails.
« Last Edit: January 29, 2016, 09:31:03 am by sensadmin »

*

Execute

  • *****
  • 388
  • +55/-0
  • Your friendly neighbourhood IT guy
      • View Profile
Re: Restore Files Encrypted by Weekendwarrior55(.)com Ransomware
« Reply #24 on: January 29, 2016, 09:58:47 am »
@test4just, that is unfortunate that you cannot open the files.
You can send them to the same email, given above - idunn0@abv.bg.

Kind Regards,
Execute


*

janus5555

  • *
  • 8
  • +2/-0
      • View Profile
Re: Restore Files Encrypted by Weekendwarrior55(.)com Ransomware
« Reply #25 on: March 10, 2016, 08:32:54 am »
Hello everybody, are there any news regarding this virus encryption issue? The topic has stagnated and so far, from what I know, there has been no successful decryption method...Is there an official and hopefully more useful update? Thanks in advance..;)

*

Execute

  • *****
  • 388
  • +55/-0
  • Your friendly neighbourhood IT guy
      • View Profile
Re: Restore Files Encrypted by Weekendwarrior55(.)com Ransomware
« Reply #26 on: March 10, 2016, 02:15:43 pm »
Hello, @janus555,
Nothing new is found. We couldn't recover more files.

Following Rakhni Decryptor for updates of it and scanning for different files
for a probable password to be found is your best bet now.

We have some cases with people reporting for data recovery programs to work
in recovering some of their files (since the originals are deleted).

Here are some examples of such programs:

EaseUS Data Recovery
Recuva by Piriform

File Recover Plus
Stellar Phoenix Data Recovery Pro
Pareto Logic Data Recovery Pro


Best Regards,
Execute

*

never

  • *****
  • 122
  • +26/-0
  • Network Administrator and Malware Researcher
      • View Profile
Re: Restore Files Encrypted by Weekendwarrior55(.)com Ransomware
« Reply #27 on: April 04, 2016, 11:20:22 am »
Nice programs, Execute.

Here is a little video to show to you to work with data recovery software and find hidden files. I hope it helps to all the affected users at least to some extent.

Recover Your Data and Find Hidden Files
« Last Edit: April 04, 2016, 11:22:38 am by never »

*

janus5555

  • *
  • 8
  • +2/-0
      • View Profile
Re: Restore Files Encrypted by Weekendwarrior55(.)com Ransomware
« Reply #28 on: July 26, 2016, 11:05:19 am »
Hello again, this thread has been inactive for quite some time..
Are there any news regarding the solution to the weekendwarrior virus file decryption?
Thanks for any relevant info guys ;)

*

Execute

  • *****
  • 388
  • +55/-0
  • Your friendly neighbourhood IT guy
      • View Profile
Re: Restore Files Encrypted by Weekendwarrior55(.)com Ransomware
« Reply #29 on: July 26, 2016, 01:19:07 pm »
Hello again, this thread has been inactive for quite some time..
Are there any news regarding the solution to the weekendwarrior virus file decryption?
Thanks for any relevant info guys ;)

Hey again, @janus5555!
We do not have any new information.
What is left for you to try is:

  • Contact Kaspersky Support and ask them if they can help with the decryption of your files. You can see in this comment on their forums an example of what to write to them.

*In the 7th comment a user mentions that it is possible that a thing called "EGGDROP BLOWFISH" is used for encryption. I have found this site, but it seems that this is modifiable with configuration files, so if we don't have the one used for encryption we might not be able to decrypt the files without it. Writing to Support at that site, might be a good idea, as well.

  • As a last resort - contact the cybercriminals, saying that you are poor and asking kindly if they can decrypt the files... even if they decrypt you one file as proof that they can do it, you can put that decrypted file with its encrypted counter-part in the same folder and try the newest version of the Kaspersky decrypter again.

Personally, I am out of ideas and asked most of the staff members of STF and none of them came up with better ideas or knew something new on the matter...

Keep us in the loop, with whatever you decide to go with.

Best Regards,
Execute
« Last Edit: July 26, 2016, 01:29:45 pm by Execute »