Posted 18 March 2014 - 12:43 PM

New variant? Seems like a hybrid cryptolocker....

It is called CryptoDefense and it seems/acts just like CryptorBit except it looks like its fully encrypting the files.

I had a client that it hit their backup server share and encrypted all of their shadowprotect image backups so I had to pay the ransom.

Here is a link to an encrypted txt file and an unencrypted text file in a zip:

http://stevewooton.com/crypto/CryptoDefense.zip

Here is the HOW_DECRYPT.txt it is saving in every folder with my personal link XXX'd out.

All files including videos, photos and documents on your computer are encrypted by CryptoDefense Software.



Encryption was produced using a unique public key RSA-2048 generated for this computer. To decrypt files you need to obtain the private key.



The single copy of the private key, which will allow you to decrypt the files, located on a secret server on the Internet;

the server will destroy the key after a month. After that, nobody and never will be able to restore files.



In order to decrypt the files, open your personal page on the site https://rj2bocejarqnpuhm.onion.to/XXX and follow the instructions.



If https://rj2bocejarqnpuhm.onion.to/XXX is not opening, please follow the steps below:



1. You must download and install this browser http://www.torproject.org/projects/torbrowser.html.en

2. After installation, run the browser and enter the address: rj2bocejarqnpuhm.onion/XXX

3. Follow the instructions on the web-site. We remind you that the sooner you do, the more chances are left to recover the files.



IMPORTANT INFORMATION:



Your Personal PAGE: https://rj2bocejarqnpuhm.onion.to/XXX

Your Personal PAGE(using TorBrowser): rj2bocejarqnpuhm.onion/XXX

Your Personal CODE(if you open site directly): XXX

Here are a couple screenshots:

Edited by coolmarve, 18 March 2014 - 12:51 PM.