You are welcome to discuss various security topics with our professional team and other users like you!
Read our Registration Agreement and create your FREE account here!

*

never

  • *****
  • 122
  • +26/-0
  • Network Administrator and Malware Researcher
      • View Profile
Restore Files Encrypted by Weekendwarrior55(.)com Ransomware
« on: December 04, 2015, 03:01:46 pm »
First, before decrypting the files you need to do it safely. Use this tutorial in order to remove the virus .tmp files:

http://sensorstechforum.com/forums/malware-removal-questions-and-guides/remove-malware-from-your-pc-completely/

Now it is time to decrypt your data. Fortunately for users, Kaspersky has released several decryptors for different Ransomware variants. You can download and try with Rakhni or other decryptors by visiting their web page below:

http://support.kaspersky.com/viruses/utility

Once you have downloaded Rakhni, simply start the .exe file and click on Start Scan. This will open a file manager where you can select the file that you want to decrypt. It will then start the decryption process.

IMPORTANT: There is no guarantee that these tools will work for you since every ransomware variant behaves differently when it comes to file encryption. Decrypting files(if the algorhytm allows decryption and is not too strong)may take hours to even days time, depending on the encryption. You should leave your computer working at all time and NOT interrupt the decryption process. In order to do this, you should make sure you change your PC's power settings to not allow it to hybernate or sleep during decryption. To do this, follow these steps.

Step 1: Click on the battery icon in your system tray (next to the digital clock) in Windows and then click on More Power Options.
Step 2:The mighty Power options menu will appear. In your power plan click on Change Plan Settings.
Step 3: In your plan's settings make sure you set "Turn off the display" and "Put computer to sleep" to "Never" from the drop down minutes menu.
Step 4: Click on Save Changes and close it.

Now, you should leave your PC to work it out. Bear in mind that the process may take a lot of time so arm yourself with patience and hope that the algorhytm is decryptable.

This is a threat-based topic discussion about Weekendwarrior55(.)com ransomware. You may share your opinions, ask our experts to help your, upload encrypted files to help with the research and share your experience.
« Last Edit: December 04, 2015, 03:56:42 pm by never »

*

mirogombar

  • *
  • 1
  • +0/-0
      • View Profile
Re: Restore Files Encrypted by Weekendwarrior55(.)com Ransomware
« Reply #1 on: December 06, 2015, 07:37:14 pm »
Hello,

my Friend has an external disk and every file is renamed and end of the files ist with -- id-2743227045_av666@weekendwarrior55.com
I have tried all latest kaspersky tools, but nothing works.

Any idea?

Thanks

*

never

  • *****
  • 122
  • +26/-0
  • Network Administrator and Malware Researcher
      • View Profile
Re: Restore Files Encrypted by Weekendwarrior55(.)com Ransomware
« Reply #2 on: December 07, 2015, 10:02:21 am »
Hello, can you please respond with several encrypted files. I will not make them public they will be visible solely to me. I will try to analyze how are they decrypted exactly, however I do not guarantee I will be of much help, since I read that this ransomware is more sopishitacted than others of its kind.

*

pranza

  • *
  • 3
  • +0/-0
      • View Profile
Re: Restore Files Encrypted by Weekendwarrior55(.)com Ransomware
« Reply #3 on: December 07, 2015, 10:38:45 am »
here's one encrypted txt and jpg, as well as unencrypted jpg version :)
« Last Edit: May 25, 2018, 11:49:18 am by sensadmin »

*

janus5555

  • *
  • 8
  • +2/-0
      • View Profile
Re: Restore Files Encrypted by Weekendwarrior55(.)com Ransomware
« Reply #4 on: December 07, 2015, 11:07:50 am »
Hello,

My company has been struck by the same virus, the damage inficted to ours systems is quite extended. To my knowledge, currently we have not yet located the initial point of entrance nor have we found a ransom message, we just have the encrypted files on the different computers.
I will attach some files to aid your search for a "cure",  please post here any updates on the issue to know what I can hope for. :)
Thank you in advance.
« Last Edit: May 25, 2018, 11:49:37 am by sensadmin »

*

never

  • *****
  • 122
  • +26/-0
  • Network Administrator and Malware Researcher
      • View Profile
Re: Restore Files Encrypted by Weekendwarrior55(.)com Ransomware
« Reply #5 on: December 07, 2015, 03:52:26 pm »
Ok, thanks I will look into them and get back to you tommorow. Unfortunately there is no tool so far to Identify the encrypted code and its strenght (in bit), however we will keep trying and get back to you in 24.

Best Regards,
Never

*

never

  • *****
  • 122
  • +26/-0
  • Network Administrator and Malware Researcher
      • View Profile
Re: Restore Files Encrypted by Weekendwarrior55(.)com Ransomware
« Reply #6 on: December 07, 2015, 05:12:24 pm »
Hello,

So far I have established that Rakni Decryptor by Kaspersky is trying to decrypt the a docx file sent to me by you.I will write you In case I succeed. You can download it here: http://support.kaspersky.com/viruses/utility#rakhnidecryptor




I will keep trying but there is no guarantee. It is obvious now that this malware uses different tools that have worm-like behavior, allowing it to spread to LANs.
BR,
Never
« Last Edit: December 07, 2015, 05:13:57 pm by never »

*

pranza

  • *
  • 3
  • +0/-0
      • View Profile
Re: Restore Files Encrypted by Weekendwarrior55(.)com Ransomware
« Reply #7 on: December 07, 2015, 11:32:08 pm »
Rakhni decryptor seems to work somewhat, tells that it finds password after some time, but decodes rubbish from most files. Oddly though, several zip files seem to have been decoded successfuly.

*

janus5555

  • *
  • 8
  • +2/-0
      • View Profile
Re: Restore Files Encrypted by Weekendwarrior55(.)com Ransomware
« Reply #8 on: December 08, 2015, 07:45:33 am »
Thank you for your efforts. I believe that our IT department has already given a try to the rakhni decryptor with no success but by all means don't stop until you reach either a failure or a success. In the meantime, since this issue is getting very serious from what I read, for multiple users globally, some of them belonging to large companies, I believe that there will be a solution soon.
Again thank you for your time, keep sending updates.
Kind regards. :)

*

never

  • *****
  • 122
  • +26/-0
  • Network Administrator and Malware Researcher
      • View Profile
Re: Restore Files Encrypted by Weekendwarrior55(.)com Ransomware
« Reply #9 on: December 08, 2015, 09:21:52 am »
I believe that you should keep trying with different files since once a password is found it may decrypt other files as well. No success for the files you sent(I left it overnight to decrypt). However, we will keep looking into it.

Regards,
Never

*

janus5555

  • *
  • 8
  • +2/-0
      • View Profile
Re: Restore Files Encrypted by Weekendwarrior55(.)com Ransomware
« Reply #10 on: December 08, 2015, 09:33:56 am »
You mean the rakni decryptor is done and found nothing :/? Should I send you more files then, to try them as well? I only sent those two because of the size limit of the uploaded files.

*

never

  • *****
  • 122
  • +26/-0
  • Network Administrator and Malware Researcher
      • View Profile
Re: Restore Files Encrypted by Weekendwarrior55(.)com Ransomware
« Reply #11 on: December 08, 2015, 12:29:03 pm »
Do not send anymore files, since our team Is busy into researching the malware. However you may download Rakhni Decryptor from http://support.kaspersky.com/viruses/utility  to try decrypting your files using the instructions in this thread. You should look for files which are preferrably smaller in size and every time the Decryptor returns with a 'cannot decrypt the file' type of message, try with a different file format. For example if a pdf did not work, try with docx and if this doesnt work .jpg and so on and so forth. If you manage to find a password, you may want to copy and upload a log in your reply in case you decrypt your files. Eventually you should be able to recover some of them. This is no guarantee that you will succeed though, because this variant of the ransomware may be using a stronger encryption than its predecessors.

BR,
Never


*

pranza

  • *
  • 3
  • +0/-0
      • View Profile
Re: Restore Files Encrypted by Weekendwarrior55(.)com Ransomware
« Reply #12 on: December 09, 2015, 01:56:48 am »
I want to shed some light into this case.
av666@weekendwarrior55(.)com shit-ware even doesn't manage to encrypt everything, as then it would take ages to encrypt. Checking one txt file from a backup and comparing it to "encrypted" one i found that only first exactly 100 000 bytes is rubbish - all the rest is intact!

Perhaps rakhni decryptor tries to de-code everything and that's why we get rubbish - maybe we should touch only the first 100KB as the rest is good...

Edit by Admin: I have modified the link, so it's not clickable - just in case.
« Last Edit: December 09, 2015, 09:30:40 am by sensadmin »

*

janus5555

  • *
  • 8
  • +2/-0
      • View Profile
Re: Restore Files Encrypted by Weekendwarrior55(.)com Ransomware
« Reply #13 on: December 09, 2015, 12:43:49 pm »
How can this be done? Do you know of a way to set the decryptor to decrypt only the first xx kbs?

*

janus5555

  • *
  • 8
  • +2/-0
      • View Profile
Re: Restore Files Encrypted by Weekendwarrior55(.)com Ransomware
« Reply #14 on: December 14, 2015, 05:58:24 am »
Hi, are there any news regarding this malware? Did anyone manage to successfully decrypt any of his files?
Thanks in advance ;)