B61C file Extension

[pclab]

Hi

Got a flash drive from a client on where the ODS and XLS dissapered.
After running R-Studio, I can see many files with extension B631C.
I didn't found any info about this, so I suspect on some kind of encryption.
Have anyone saw these kind of files?

Thanks

 

[Jared]

That's a new one to me. I can't even find anything online about it. What does the data inside the files look like?

 

[pclab]

The names of the files also suggest some kind of virus.
Here's an example.

It seems that only messed with documents. I can see many good JPEGS on the flash.

 

[Jared]

Yeah, this looks like an encrypted file to me. No discernable ASCII characters in HEX, and what looks like some virus metadata at the end which likely contains the information they need to know which encryption key to sell you, and what to rename the file back to afterward.

 

[Jared]

Given that this is the only place online now talking about this *.B61C extension, let's just hope someone else who's got it finds this forum and can point you in the right direction of what .onion site to contact if your client wants to make a payment.

 

[pclab]

aahahahah SEO

 

[pclab]

So, after calling the client, he told me that he have files with the same extension on the PC.
I connected there and in fact he even showed me the email he got with the attachment.
But no ransom note on how to decrypt.
Gonna try to contact them.....

PS: Cerber 4.0 / 5.0 version.....

 

[pclab]

Got another PC from another guy infected with Locky.....
Damn, this is being hard... :?

 

[pclab]

And another client called just now with LOCKY too.... Jeeeezzz

 

[Blizzard]

Given that this is the only place online now talking about this *.B61C extension, let's just hope someone else who's got it finds this forum and can point you in the right direction of what .onion site to contact if your client wants to make a payment.

Wasn't it actually B631C which is probably Code for B613, and we all know who is behind B613.

/SEO-Off