Jump to content

Recommended Posts

I have been working for a while to recover my files. I have the same .bip extension that you reported when I performed the virus sweep. The virus variant I got was reported as a Rakhni Virus. It also listed it Trojan-Ransom.Win32.Crusis.to. When I reviewed the files, it was definitely in that same class as dhrama. I copied some files and tried to use the Rhkhni Descriptor tool and it kept saying improper file type. I changed one extension to .onion and it tossed it out again. I also have not found the key file.

Share this post


Link to post

Show my server is ranson I''m trying to use multiple many solutions, but will be fail to be supported from your friends
Really nặc danh but that you can be do it do not enough number of first to submit for their :(

Ảnh chụp Màn hình 2018-07-21 lúc 9.11.54 CH.png

Ảnh chụp Màn hình 2018-07-21 lúc 9.12.28 CH.png

Ảnh chụp Màn hình 2018-07-22 lúc 7.27.22 CH.png

Ảnh chụp Màn hình 2018-07-22 lúc 7.27.25 CH.png

Ảnh chụp Màn hình 2018-07-22 lúc 7.27.31 CH.png

Share this post


Link to post

People we are helpless, any bastard can use ransomware to steal your work across the world from his mother´s basement , then ask for money and give you nothing to fix the problem, Just lose my job because a 7 month project (also backup) got under 100dollar@cock.li.bip encryption, and no one f....cking care that a little bastard is laughing on me while watching porn drinking whisky and using my money to pay hookers when his parents are out of town. now it is my damn problem, we are all f.....ked, you buy a new anti ransomware software and in a month a new ransomware is on and your new software is useless without the signature. we are f....ked.................I really hope that this people get a lot of suffering before die. First time in my life I have a reason to hate others......sorry.

Share this post


Link to post

I have also a ransomware with .bip file extension. Address buydecrypt@qq.com. Ransomware exe file named 1host.exe SHA256(5CEC86494711C0700E876922AD52C7AEC3CAABECD7A2577CE4A7F0CD40B0AA31), Ransom note info.hta

I have tried some decryptors and don't work

Share this post


Link to post

:( 

to now that it is not fully all before it could not be help. default if I have use copyright software :(

 

Share this post


Link to post

I have a .bip file and unable to decrypt using any tools available, Kaspersky states it does BIP file formats but the tool doesnt take it does it need to be done on host computer? or does it need renaming to something that it does read?

The bandits want £7500 and a company has proven they can de-crypt and want similar amounts. (Both Proven with example file)

Why can a small business offer a service and yet on https://www.nomoreransom.org/crypto and kaspersky.com/ there doesnt seem to be a solution.

Could it be those with current keys are the originators? or the keys are public but not been incorporated into a decryptor yet?

Share this post


Link to post

Hello, for my case, the bandits wants 7000$ in bitcoins

Edited by Unnamed_

Share this post


Link to post

Ransomware is worst everyday if you look in google,  hundreds of people offer to decrypt your info for the same money the criminals ask for........ ScottN is right, those who steal your info with ransomware and those who wants to be heroes for a few bucks!!!!! $1000 $2000 $ 3000 are the same, they are friends, they have lunch together and even have swinger parties where they share everything....... People don't pay Don't  PAY!!!!!! Back up all your info with external hard drives every week, every day and fu.........k them.

Share this post


Link to post
Please help me really do not think I can become the target of this hacker group. I have not been able to 
work for 1 month because all the data is encrypted. Having a ransom close to a bitcoin of about $ 7000 
is a big money for me. I can not afford to pay for it. Please help me.

God bless you

Share this post


Link to post

We also were affected by this ramsonware (Dharma .bip).

Example: IMG_0281.JPG.id-F4C5365F.[buydecrypt@qq.com].bip.

Waiting for good news.

Edited by almirb

Share this post


Link to post

Also have some files compromised. Have good backups, but some files are too new.

FileName:
02584841.pdf.id-64B8C143.[buydecrypt@qq.com].bip

Dharma tool says not supported. My guess is the hacker just changed the syntax of the file name. SUPER limited software flexibility, seems limited. I have a team of developers, we can help develop to destroy these ransom hackers. This is annoying.

Share this post


Link to post

From what I can tell with research is that other variants of this ransom attack can be easily decrypted because the dharma keys used in those variants were released by hackers, and then used by security companies to create tools to decrypt files. The variant using .bip for the extension does not appear to have yet been broken.

Some have claimed that if you pay the hacker, he will provide the key needed to unlock your files. It seems more likely that he will not do anything.

My questions are these:

  • If someone were to pay for and actually receive the key, could all or many affected people use it to recover?
  • If someone threw massive CPU power at the encryption and was able to discover the key, could that be used by all or many?

I know people who hate hackers like this to an extent where they would be willing to pay for results either way to starve these perpetrators. Results would need to be guaranteed and useful for more than just one or two people.

Thoughts anyone?

Share this post


Link to post

johngalt77777, in my first comments I told my bad experience, I did a 7 month proyect that got hit by dharma bip ( also backups), the people that hire me gave me half of the ransom, I pay and 3 days later hacker ask for more money, I pay again and the hacker never send me the key to repair the info. I lost my job  and 10.000 dollars. Never PAY TO THOSE BAS****RDS they dont have Word. they must die. A few web sites  offer to get your info for the same money the hacker wants. I have news for you, these web sites belong to the same people that steal your info, I knew it because a few guys are helping me to find the hacker and the traces are link to the sites that offer help. Not coincidence. And they Will pay in a bad way. there is a lot of people affected  that give us help to track these Bas***ards  and make them fix the problema, if they dont………. that Will be real fun for us. About the encryption it creates a key that Works with your data info so it makes a new key. in the name of the files the extensión is part of the main key. it is different for every body, but if we get the master key, my people can make a tool for everybody for free. wish us luck.

Share this post


Link to post

Sorry I wrote data info but I meant to say  computer info like 02584841.pdf.id-64B8C143.[buydecrypt@qq.com]  the id part is used with the master key to get your repair key. Thanks, have a nice Day

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.