@OP: Let me be very frank and honest with you:
Anyone here who will mention that they can decrypt the files - is talking shit purely because they 1) just want to get your wallet.dat hoping that they can get lucky, or, 2) have no idea what they are talking about.
You can quote me on this: no-one, and I repeat NO-ONE will be able to decrypt your files. You can try to prove me wrong - but before that go take a primer in basic cryptography, specifically asymmetrical encryption to see why it is impossible to decrypt a message without having the signing private key. Unfortunately for you- the only person/people having this private key are those who have written the malware/ransomware. So basically - if you cannot get at least the latter (i.e.: actual ransomware app used for encryption) for someone to reverse engineer and extract the private key used for signing - I am afraid you are solely at the mercy of the people that have created the ransomware.
For anyone else now who will be able to claim that they can decrypt the OP's wallet.dat - please send me a PM, I will make you famous for being able to do the impossible.
@OP: If you someday can find the actual ransomware app - let me know, I am a Certified Ethical Hacker, and have reverse engineering skills. I make no promises of being able to extract the private key (assuming it is embedded therein without heavy code obfuscation) but will do it for you for free - I don't expect remuneration for helping someone.
Topic: DELETE ME PLEASE (Read 985 times)
Can some like admin not look at see who is who and get the guy tuned quick lol
I just got home gimmie a few mins will get the wallet posted
Lucky as this crap makes ppl read the thread from the start !! go now if you ended up here lol
I just got home gimmie a few mins will get the wallet posted
Lucky as this crap makes ppl read the thread from the start !! go now if you ended up here lol
The more people see this, less people fall for your scam.
Looking forward to that day you send a signed message from this address 13Lo5aZDZuEm4qVF478KfWJUvi9JCDngAx .
I do not care what you think, I never defended the TS. Your allegations against him are not my problem.
And now I'll explain it in detail because you are too blind to see it.
Quote
Thanks for the accusation but next time let it be if you have no proof and only suspect because.. because of what?
refers only to that:
Quote
Either Near28 is you alt-account....
Roger that? Because slowly it gets annoying.
You clearly are blind.
Did you notice the "Either Near28 is you alt-account OR you are actually the guy behind the proton email-address replying him", that makes you a suspect at best.
I accused TS, and suddenly you make it all about you, so you are TS after all?
Quote
You are welcome, the whole story doesn't looks strange to me, it looks exactly like a scam attempt.
You are just too blind to see.
What did you accomplish by sending that email? Let me tell you, nothing at all.
TS is the one behind that email and playing you like a fool.
You know what, what about you bet with me?
A symbolic amount of 0.1BTC, of course we will use a trusted escrow for that.
If TS can't provide a signed message from his address 13Lo5aZDZuEm4qVF478KfWJUvi9JCDngAx within 3 months time, I win.
Otherwise you win.
You are just too blind to see.
What did you accomplish by sending that email? Let me tell you, nothing at all.
TS is the one behind that email and playing you like a fool.
You know what, what about you bet with me?
A symbolic amount of 0.1BTC, of course we will use a trusted escrow for that.
If TS can't provide a signed message from his address 13Lo5aZDZuEm4qVF478KfWJUvi9JCDngAx within 3 months time, I win.
Otherwise you win.
I do not care what you think, I never defended the TS. Your allegations against him are not my problem.
And now I'll explain it in detail because you are too blind to see it.
Quote
Thanks for the accusation but next time let it be if you have no proof and only suspect because.. because of what?
refers only to that:
Quote
Either Near28 is you alt-account....
Roger that? Because slowly it gets annoying.
Seriously, if the guy was legit, he would just post his encrypted wallet.dat file instead of his qr code.
He claims the wallet file is password protected, so I see no reason not to give it to anyone who wants to crack this type of encryption. There is a password protected file with 1 BTC in it, which nobody has cracked, so this is safe.
He claims the wallet file is password protected, so I see no reason not to give it to anyone who wants to crack this type of encryption. There is a password protected file with 1 BTC in it, which nobody has cracked, so this is safe.
Quote
This is exactly what caught my attention to investigate.
Either Near28 is you alt-account or you are actually the guy behind the proton email-address replying him.
You trying so hard to act like you are the victim backfired.
Good luck with your scamming.
Either Near28 is you alt-account or you are actually the guy behind the proton email-address replying him.
You trying so hard to act like you are the victim backfired.
Good luck with your scamming.
Thanks for the accusation but next time let it be if you have no proof and only suspect because.. because of what?
If you had read the whole thread, you would have seen that the whole story looks strange to me as well - That's why I sent an email to the operator of the onion site - to see how he reacts.
However, I can not help the TS - So I stay away from the thread before the next "investigator" comes and suspects me for no reason.
You are welcome, the whole story doesn't looks strange to me, it looks exactly like a scam attempt.
You are just too blind to see.
What did you accomplish by sending that email? Let me tell you, nothing at all.
TS is the one behind that email and playing you like a fool.
You know what, what about you bet with me?
A symbolic amount of 0.1BTC, of course we will use a trusted escrow for that.
If TS can't provide a signed message from his address 13Lo5aZDZuEm4qVF478KfWJUvi9JCDngAx within 3 months time, I win.
Otherwise you win.
Quote
This is exactly what caught my attention to investigate.
Either Near28 is you alt-account or you are actually the guy behind the proton email-address replying him.
You trying so hard to act like you are the victim backfired.
Good luck with your scamming.
Either Near28 is you alt-account or you are actually the guy behind the proton email-address replying him.
You trying so hard to act like you are the victim backfired.
Good luck with your scamming.
Thanks for the accusation but next time let it be if you have no proof and only suspect because.. because of what?
If you had read the whole thread, you would have seen that the whole story looks strange to me as well - That's why I sent an email to the operator of the onion site - to see how he reacts.
However, I can not help the TS - So I stay away from the thread before the next "investigator" comes and suspects me for no reason.
Here is my reply from the proton mail address :
This ransomware should be dead, very weird... I'm really sorry about the situation but If we cooperate, I want to know a few things.
First I want to know who you are, then I want to know what exactly happened? I want to know the coordinates of the computer and the exact time of the activation of the ransomware.
I also want to see the value of this registry keys WinService on this path:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
The value looks like this: "C:\Windows\System32\FOLDERNAME\
.exe"
I need to know the NAME of the folder in which the.exe file is located.
These details are important to me, so I'll know if you're a friend or an enemy. I don't need your money and if you're on the right side I'll help you free. if you're an enemy, fuck yourself, your money works against my people and my help would be contradictory.
I hope I was clear, that's fair! I'm sorry but I have a lot of work. Please be clear in the response if you want help.
Salute
any idea what some of this means ? any clues ?
This mean for pc that still infected with ransomware which "??.exe" is ransom software that active on your pc background. This ransomware should be dead, very weird... I'm really sorry about the situation but If we cooperate, I want to know a few things.
First I want to know who you are, then I want to know what exactly happened? I want to know the coordinates of the computer and the exact time of the activation of the ransomware.
I also want to see the value of this registry keys WinService on this path:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
The value looks like this: "C:\Windows\System32\FOLDERNAME\
.exe"I need to know the NAME of the folder in which the
.exe file is located.These details are important to me, so I'll know if you're a friend or an enemy. I don't need your money and if you're on the right side I'll help you free. if you're an enemy, fuck yourself, your money works against my people and my help would be contradictory.
I hope I was clear, that's fair! I'm sorry but I have a lot of work. Please be clear in the response if you want help.
Salute
any idea what some of this means ? any clues ?
Near28 : offered the guy on the email 0.35 BTC and he declined it !! what scammer does that !!!!
I just seem to be the only person on the planet stuck with this shitty .igza4c crap on my wallet.
now that all your points are mute - HELP ME PLEASE !!!! SERIOUSLY IV LOST 10.5 BTC !!!!!!!!!
Is it possible you have the skillz to download a whole TOR site ?
THIS IS NOT A SCAM - IF IT WAS I WOULD SEND THE WALLET FILE EVERYWHERE I COULD !
I DO NOT WANT ANYONE'S BTC - I JUST WANT HELP !!!!!!!!!!
This is exactly what caught my attention to investigate.
Either Near28 is you alt-account or you are actually the guy behind the proton email-address replying him.
You trying so hard to act like you are the victim backfired.
Good luck with your scamming.
There are two possibilities here:
1. Needfasthelp123 legitimately has 10.5 BTC locked up in a ransomware attack and can't afford the 0.5 BTC necessary to get the decryption completed (or is intelligently is unwilling to pay the ransom).
2. Needfasthelp123 is a scammer that has provided a fake encrypted wallet and is trying to trick greedy people into sending him 0.5 BTC. He is hoping that someone will try to pay the ransom thinking that they will be able to decrypt the wallet and take the 10.5 BTC. In that case, he receives the 10.5 BTC, and the fool that pays the ransom discovers that the encrypted file is not the wallet that Needfasthelp123 claims it is.
Unless you are Needfasthelp123 (or are willing to lose 0.5 BTC), DO NOT PAY THE RANSOM!
Unless you have adequate collateral (or are willing to lose 0.5 BTC), DO NOT LOAN the funds for the ransom to Needfasthelp123!
Hopefully the OP is honest, and hopefully someone can either help him crack the encryption of SELL him the necessary funds.
1. Needfasthelp123 legitimately has 10.5 BTC locked up in a ransomware attack and can't afford the 0.5 BTC necessary to get the decryption completed (or is intelligently is unwilling to pay the ransom).
2. Needfasthelp123 is a scammer that has provided a fake encrypted wallet and is trying to trick greedy people into sending him 0.5 BTC. He is hoping that someone will try to pay the ransom thinking that they will be able to decrypt the wallet and take the 10.5 BTC. In that case, he receives the 10.5 BTC, and the fool that pays the ransom discovers that the encrypted file is not the wallet that Needfasthelp123 claims it is.
Unless you are Needfasthelp123 (or are willing to lose 0.5 BTC), DO NOT PAY THE RANSOM!
Unless you have adequate collateral (or are willing to lose 0.5 BTC), DO NOT LOAN the funds for the ransom to Needfasthelp123!
Hopefully the OP is honest, and hopefully someone can either help him crack the encryption of SELL him the necessary funds.
SCAM alert!
You are right, I'm certain this is a scam.
There are just too many signs that point to scam:
1. How convenient that this http://www.fixallthreats.com/help-get-rid-igza4c-file-virus/ suddenly appears on search engine.
Lol, check their removal methods for all their malwares/viruses listed on their page, the same fucking screenshots.
2. TS had the chance to decrypt one file for free and chooses to decrypt a QR image instead of his wallet.dat .
3. iGZa4C isn't mentioned anywhere before, because the name was recently made up by TS.
4. TS tries to play innocent and offers to send his wallet and password to the trusted escrow ognasty, and that anyone willing to give 0.1 BTC would get 0.25 BTC after the wallet is decrypted.
However an escrow wouldn't be of much help in this case, since the wallet.dat most probably is empty/fake.
5. http://igza4c6icqzboodb.onion got indexed 08.03.2018. (image provided)
TS thought people would not notice since they can't do a whois-lookup?
Kahc, you're one smart ass motherfucka, nice one.
There are two possibilities here:
1. Needfasthelp123 legitimately has 10.5 BTC locked up in a ransomware attack and can't afford the 0.5 BTC necessary to get the decryption completed (or is intelligently is unwilling to pay the ransom).
2. Needfasthelp123 is a scammer that has provided a fake encrypted wallet and is trying to trick greedy people into sending him 0.5 BTC. He is hoping that someone will try to pay the ransom thinking that they will be able to decrypt the wallet and take the 10.5 BTC. In that case, he receives the 10.5 BTC, and the fool that pays the ransom discovers that the encrypted file is not the wallet that Needfasthelp123 claims it is.
Unless you are Needfasthelp123 (or are willing to lose 0.5 BTC), DO NOT PAY THE RANSOM!
Unless you have adequate collateral (or are willing to lose 0.5 BTC), DO NOT LOAN the funds for the ransom to Needfasthelp123!
Hopefully the OP is honest, and hopefully someone can either help him crack the encryption of SELL him the necessary funds.
1. Needfasthelp123 legitimately has 10.5 BTC locked up in a ransomware attack and can't afford the 0.5 BTC necessary to get the decryption completed (or is intelligently is unwilling to pay the ransom).
2. Needfasthelp123 is a scammer that has provided a fake encrypted wallet and is trying to trick greedy people into sending him 0.5 BTC. He is hoping that someone will try to pay the ransom thinking that they will be able to decrypt the wallet and take the 10.5 BTC. In that case, he receives the 10.5 BTC, and the fool that pays the ransom discovers that the encrypted file is not the wallet that Needfasthelp123 claims it is.
Unless you are Needfasthelp123 (or are willing to lose 0.5 BTC), DO NOT PAY THE RANSOM!
Unless you have adequate collateral (or are willing to lose 0.5 BTC), DO NOT LOAN the funds for the ransom to Needfasthelp123!
Hopefully the OP is honest, and hopefully someone can either help him crack the encryption of SELL him the necessary funds.
SCAM alert!
You are right, I'm certain this is a scam.
There are just too many signs that point to scam:
1. How convenient that this http://www.fixallthreats.com/help-get-rid-igza4c-file-virus/ suddenly appears on search engine.
Lol, check their removal methods for all their malwares/viruses listed on their page, the same fucking screenshots.
2. TS had the chance to decrypt one file for free and chooses to decrypt a QR image instead of his wallet.dat .
3. iGZa4C isn't mentioned anywhere before, because the name was recently made up by TS.
4. TS tries to play innocent and offers to send his wallet and password to the trusted escrow ognasty, and that anyone willing to give 0.1 BTC would get 0.25 BTC after the wallet is decrypted.
However an escrow wouldn't be of much help in this case, since the wallet.dat most probably is empty/fake.
5. http://igza4c6icqzboodb.onion got indexed 08.03.2018. (image provided)
TS thought people would not notice since they can't do a whois-lookup?
Quote
Lets just see what happens now , but I am 100% not paying ! If I lose 10.5 BTC its not the end of the world. Even tho just 10K is alot of money to me. People need to learn that BTC crime wont pay.
You are in a really shitty situation, I do not know how I would react. as I have already told you: I also talked to them and I do not think that's scam.
I also offered to send him 0.35BTC (Of course I would not have sent it to him, I just wanted to see how he reacted) but he refused with the same explanation he give you, everything is automated.
No idea, if all was fraud, he would have safely accepted the 0.35BTC.
I hope for you that you still find someone who can crack that - but unfortunately I see little to no chance.
The website is the most interesting part and I think the clues are there somewhere. If your too lazy to check the site then I don't see this going well at all.
The issue now isn't about recovering your wallet through cracking it, I think your chances here are pretty well impossible without even knowing the ransomware responsible and the little information we have to go on.
The issue now is, do you waste $5000 for nothing, providing the wallet address means you can do a lookup, see when it was last active etc.
Right now, I'm thinking your $5000 will go to complete waste.
All the info in first post , you should go look at TOR address. Very interesting stuff despite being a f**k**g nightmare.
Address is a new one generated just for me.
Address is a new one generated just for me.
Would rather not go on to a tor website just to get his wallet address, can you post it here?
I cant find good information about this encrypted file on that site. I posted it on facebook group too but they dont know what is this ransom or how to decrypt it 
.
. googled everything! 
Its like it never existed until it got me. All google results now there because of me and this thread.
Its like it never existed until it got me. All google results now there because of me and this thread.
Do you have his wallet address? have you looked it up?
Have you googled his email or contact method?
I would be careful expecting a result from a person doing this back in 2014.
I would be careful expecting a result from a person doing this back in 2014.
Have got no where with this.
Going to have to pay this asshole !!
Do you think there is any the encryption password is the ID # ?
ID:#Ez9Sfk6BsgKnnq9E0E8fdtiMpt2BcbYG#
if this was the case could one of these programs maybe unlock the files ?
http://listoffreeware.com/list-best-free-file-encryption-software/
i'm struggling
Going to have to pay this asshole !!
Do you think there is any the encryption password is the ID # ?
ID:#Ez9Sfk6BsgKnnq9E0E8fdtiMpt2BcbYG#
if this was the case could one of these programs maybe unlock the files ?
http://listoffreeware.com/list-best-free-file-encryption-software/
i'm struggling
What is uniquePass? if that's your wallet password then I would avoid going through with this, in that case it's most likely he has your wallet.dat and is using this to try get your password so he can take over your wallet, probably takes the wallet, assigns an ID, waits for you to hand over your pass phrase then you're screwed, you'll lose what ever you send him + your wallet.
It's a shame you formatted the computer and lost the malware/virus that did this, cracking a key on a strong encryption is going to be pretty well impossible, your best bet would of been to try reverse engineer the executable that encrypted your wallet.dat and find the key this way, good chance they're using a mainstream encryption like AES, getting the key from the executable was really your only hope.
If you can some how get it back through a file recovery tool, assuming you identified it first, I'll give it a go.
But not backing up wallet.dat and formatting the machine seems a bit suspicious.
If you can some how get it back through a file recovery tool, assuming you identified it first, I'll give it a go.
But not backing up wallet.dat and formatting the machine seems a bit suspicious.
So basically if the guy at some point moved - duplicated - deleted to trashcan one copy of wallet.dat - emptied the trashcan, Recuva would work to recover it even if the HD is encrypted, since the ransomware would not encrypt that deleted file.
Never heared from such an idea
I think this depends on how the ransomware is coded. It might be the case that the ransomware is going to encrypt the whole HD (not just all files, but all sectors of the hard drive).
In this case this wouldn't work, unfortunately.
Additionally it also depends on whether the deleted files already got overwritten.
Assuming HDD (because recovery is extremely difficulty on SSD's):
If you move your file into the trashcan and empty it, the file is not really 'deleted'. The space (where the file was) is being released.
Depending on how much space your HD has and how much you are writing onto your HD, the timeframe in which the file is still available varys heavily.
For example: If you 'fill' your harddrive completely, your file is no longer available on your HD, for sure.
Wow, that's a good reason to create a copy of your wallet.dat, delete it to trashcan and empty it, just in case you ever get ransomware. Interesting way to back up a wallet.dat
At least that could work in such a case
But i'd still recommend a 'standard' backup (e.g. move to USB's) instead of deleting a copy in the hope of being able to recover it someday
Jump to: