Windows 10: Help: Ransomware Encrypted My Files changed them intp "v8tz5" extension

Hi Microsoft Community,


Please help me and inform me a solution


My Microsoft words, excel, powerpoint, notepad and pdf files are suddenly turn into files with "v8tz5" extension. They become damaged and cannot be open.


All that can be opened is a .txt file containing a ransom note content as below:


All your files are encrypted and have the extension "v8tz5". If you try to decrypt yourself, you will lose them FOREVER. Follow the instructions.



If you cannot do it yourself, then search the Internet for file recovery services in your country or city.



Go to the page through the browser: http://decryptor.cc/2206FD746F99D4C0

If your site does not open, then download the TOR browser https://torproject.org/. If you can’t access the download page of the TOR browser, then download the VPN!

After you install the TOR browser on your computer, go to the site: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/2206FD746F99D4C0



After going to the site, enter the following code:



GXlfBZ7sw4L59JsVFXGes0B0unWXpZdfyy3Z++BlJNoV/HJ8s0z6sP2l5LWxYIlI

jq0U+E6J1WFxzBG8gxPCUveRMR0FeimrCzGuGWDCY0+IkB7tt1IJlITLIXVlxInT

cMu1Z9lKomBgOq/qasdnPFsynjF5z7dKU6tsFo/OAHkR/H9b8neZ1wYyX4fkjzN1

6jpoMajk/SUdQvs+Drjyk9ztndJtsCObplWXvKFndMdxMQwJsAdbiJmYkfJAKYzy

oDmjctm/xFhxpwe2kVDYlIvfPqAy69d23HUlo5Gdr60+l1wIg4El9Edxv3ni0dn9

T5kAqhR6HnCSsIkp2D59cwUbgYkeOxfl2WeQo22BWMH9ATSbw6AkaYllit5ZdBXX

7Krvim29QzymxoEXblAqZI2VGrA7aGiIqUahMKsa3NscUcwXlwhhUAYRHy1u4Vv3

Vr2vHDTqqAY5FQAJmwPE4BJa358OxXruwO3knh6O95TNNWEFQLQXjIjuoEe5g1Sw

M6nRcjcsAOD6MPMo+931Afqyswt1k6Qdnykhh0s0tHqqBoQqRLhKjZS2Wn/N2P9p

8ahA1IZM07rQyZGD/Sk62Q3AZdg9WpThxHLDKvc55i4og0sjNhn1nzjazBmqmYhB

K1I/ZogGkgifB5oBwPmv8QlcFLeqE08wJaV97TI6lmxBHsR/fhshQSTGofskeuFw

HfzQASXfW9++MBfqkCjH5AwqSUhD68Xd9UijsEBOWHW1RT6hYV1yiJtaKc4BGBqc

iqVOajVhXMqQkh2GnFvbiICuHJw+FWnCGteP0W8Bdue0zzBD8sQo3ZfzsX1DqJmB

ogNpTqJ+FwsZZNw96PT9EQ45HADBQFmQHIV9sZ9ccKrzCof7pBlKPxFMAaQcNEWA

0ejoyd5jW2aZmBWhusubg/E2nbMMZG4AUXTKR1uD4dsd0oBkkJwYoKT+/J9Iu5FI

eAMKtgVHc+xlliku+F3QbFODP7z8pWfvfilXGgtTY2E8s5IOF07D/+RiAcBkbd0Z

dRqwmDdK6UOYlEjpfcxnplP+qLhFzu8YDfrEG7ifU2KiQvuqFmJbU/pcFoMcDGbz

1dt+TWbknQ6Y9GgWrh/l8qb2y7JaQpbQDkfGy0cnc+wAoZMLaBpk0cQeD8TD/sWg

7tRtIAVZ1BD8LEVEzWti7z3V52mIsreB5uOlg5g3o9m1Dn2x4DfQHGMi/R9XnEi8

KBXQdyGaycexMWxr9e1+c+Ncp3hv7oEp/Di3yhMiDP8Z5AyKZOYO68Tx4O+BtvTv

v1BUxHAXELVvfwUryvCSqsURGQ4rMmBSASIYk3RKCMSk+vM9DlmABcj8RMdXpXDN

CcfORO7llqaL+aiUvfh0udgFUih+DnuDf+IScYpMfWkyvhP+FSEy58XNZdmKzy8n

9XoFbBq6rzsybuNQAuhG0WR3YoSFlMssCRQxS8TPfqfAdrIKIz3RERnJ8+zhy1r9

ASppjROeijMdRl5orzfXLRgrkkZkNO7OckmbpP0TtnS/trB+EEdMxuaXLhkNIhju

eD37pLOB2v9T8nciIn4GECBU7y23U3dnARaLwsaFbnncY+S2o7ReMvgm1UCx7hU6

TAFMoQ+MouydXlDaBB7t5Pq1S6O78BWOytBZktpdZhscHuYb/t1xH5e8qYFopurH

HFjEppuSG3AToUAtyf7/9n3rD0R6puLtR0a+cHFr1jtqUaL7LQTsr0CfwuJOVbd9

BjLtEqBn3zKSuA9a8Ez0Cv30oYuQBajz94BtAiitQ6RPHajK+4WjjnUBFXb/j6Xl

XDdQ38XoUGRPYPY5ZJUWV9x167yyfJT8vBVdt14hn9V72dvFJOO4ENUcjLlmgVxi

UDA2wVCCSI42yBP87gFa1agD3SE=

:)

 

Filed encrypted by Tor ransomware

More information is needed to determine specifically what infection you are dealing with since there are many variants of crypto malware (file encrypting ransomware).
RSA-4096 / RSA-2048 / RSA-1024 / AES-256 / AES-128 are
encryption algorithms and not an explicit way of identifying a particular ransomware infection.

Are there any obvious file extensions appended to or with your encrypted data files (i.e. several random hexadecimal characters, words or email addresses)? If so, is the extension the same for each encrypted file or is it different?

What is the actual name of your ransom note? These infections are created to alert victims that their data has been encrypted and demand a ransom payment. Check your documents folder for an image the malware typically uses for the background note. Check the
C:\ProgramData (or C:\Documents and Settings\All Users\Application Data) for a randomly named
.html, .txt, .png, .bmp, .url file. Most ransomware will also drop a ransom note in every directory/affected folder where data has been encrypted.

The best way to identify the different ransomwares is the ransom note (including it's name), the malware file itself, any obvious extensions appended to the encrypted files, samples of those encrypted files and information related to the email address used
by the cyber-criminals.

You can submit samples of encrypted files and ransom notes to ID Ransomware for
assistance with identification and confirmation. This is a service that helps identify what ransomware may have encrypted your files and then attempts to direct you to an appropriate support topic where you can seek further
assistance. Uploading both encrypted files and ransom notes together provides a more positive match and helps to avoid false detections.

After gathering that information, please read and follow the instructions below.

• How to Post a Topic Asking for Help With Ransomware

 

Files encrypted by TeslaCrypt (.vvv extension) ransomware

You're computer is infected with a newer variant of
TeslaCrypt/Alpha Crypt.

The following is a copy/paste of another reply of quietman7 MS MVP in another Bleeping Computer thread:

http://www.bleepingcomputer.com/forums/t/598923/cryptolocker-telsadecoder/

QUOTE

You are dealing with a newer variant of
TeslaCrypt/Alpha Crypt. TeslaCrypt includes several known versions with various extensions for encrypted files to include: .ecc, .ezz, .exx, .zzz, .xyz, .aaa, .abc, .ccc., .vvv...as described

here. Some of the new variants are
disguised as CryptoWall.

Any files that are encrypted with the newer variant of TeslaCrypt will have the
.exx, .xyz, .zzz, .aaa,
.abc, .ccc or .vvv extension appended to the end of the filename. The .aaa/.abc/.ccc/.vvv variants leave .html, .txt, files (ransom notes) with names like RECOVERY_FILE_*****.txt, restore_files_*****.txt, recover_file_*****.txt,
HOWTO_RESTORE_FILES_*****.txt, howto_recover_file_*****.txt, _how_recover_*****.txt, how_recover+***.txt (where * are random characters). More information in these BC news articles:

• New TeslaCrypt version adds .VVV extension to encrypted filenames.
• New TeslaCrypt version with .CCC extension Released

A repository of all current knowledge regarding TeslaCrypt,
Alpha Crypt and newer variants is provided by
Grinler (aka
Lawrence Abrams), in this topic:
TeslaCrypt and Alpha Crypt Ransomware Information Guide and FAQ

Information about and support for decrypting files affected by Alpha Crypt & TeslaCrypt ransomware can be found in this topic:

• TeslaDecoder released to decrypt .EXX, .EZZ, .ECC files
  encrypted by TeslaCrypt

There is an ongoing discussion in this topic where you can ask questions and seek further assistance.

• New TeslaCrypt version that uses the .EXX extension Support & Discussion

Rather than have everyone start individual topics, it would be best (and more manageable for staff) if you posted any questions, comments or requests for assistance in that topic discussion. Doing that will also ensure you receive proper assistance from
our crypto malware experts since they may not see this thread.

UNQUOTE

===================================================================

Also please see the replies of
RickCP

here:
http://answers.microsoft.com/en-us/protect/forum/protect_defender-protect_scanning/files-encrypted-by-teslacrypt-ransomware/77b05496-fb09-4e01-ab36-db92213dd825?page=2&msgId=c26b605a-420f-40bc-9541-584492bab180

and

here:
http://answers.microsoft.com/en-us/protect/forum/mse-protect_scanning/ransomhtmltescryptd/163bb48e-4932-4296-bc0c-18e25732e2a8?msgId=db3497db-8c32-4241-9c9c-4e08bf793457

Cheers,

J

Later EDIT: Pls see RickCP's UPDATED INFO (January 2016) here:
http://answers.microsoft.com/en-us/protect/forum/protect_defender-protect_scanning/files-encrypted-by-teslacrypt-vvv-extension/77b05496-fb09-4e01-ab36-db92213dd825?page=2&msgId=0c010b83-a5a8-441f-8950-a268dd83ea18

 

Files encrypted by Extension (.ghfghfghfgh) ransomware

Please read
http://www.bleepingcomputer.com/forums/t/608858/id-ransomware-identify-what-ransomware-encrypted-your-files/

This is the site which might help in identifying your ransomware:
https://id-ransomware.malwarehunterteam.com/

For further help and information, it's best to ask for free expert help here:
http://www.bleepingcomputer.com/forums/f/239/ransomware-tech-support-and-help/

Cheers,

J