Search results

@machura - can you post decryption tool or something you get from them?

hmm it is a bit risky to get connection from infected machine to some server... i mean if it is we could easily found that server and brute forced it or something to get all passwords... i didn't contact kaspersky... it would be great if they join this thread and help

did you found what the password is? have kaspersky left oshit file on your device? encrypted password is a connection between id and crypted files so we could try to get other passwords by id

there you go, only two files that have left on my usb when doing analysis ;)http://www.filedropper.com/crypted-files

hmm maybe it found password in 11:43 but i came from work at 17 and there was a message that pass was found... so it maybe continued log after i clicked ok

i dont have oshit file anywhere on computer :( i can get you only exe that i used and log file http://www.filedropper.com/rakhni-and-log

i will try to get client and search for that oshit file ;)

where should i find "exit.hhr.oshit"? i returned laptop to client after decryption... rakhni didnt leave anything except log file (about 15mb) in c:/

after infection i cleaned all with malwarebytes, then i searched for ransomware decryption tools and found kaspersky rakhni si gave him a try. file was .doc size cca 500kB kaspersky exe was in download folder and doc file in my documents

almost forgot to mention, i was in safe mode when Rakhny decrypted files successfully

What file you gave the decryptor to test pass? i did it with doc or xls... i remember that in log file was some range of testings and password was found at 110000-150000 range so you can try run rakhni via cmd with that range to get results faster... if you did not used office files for...

Just bruteforce... i tried to get what was the pass but did not get it... unfortunately, already returned infected computer so i don't have any log file

Hello :) Successfully decrypted files with Kaspersky Rakhny RakhniDecryptor utility for removing Trojan-Ransom.Win32.Rakhni malicious software (.oshit and others) After 23 Hours of brute forcing :D