- This topic is empty.
- Topic
My client’s computer was hit with this .XTBL ransom virus today. After looking at the PC, I can see that only one drive is affected, files on the other drive attached to computer are intact. Good thing, he has a backup a week before .XTBL virus hits the computer.
Bitcoinrush@aol..com.xtbl is the specific ransomware we found. The format is (original_file_name).(original_extension).id-97501HUIS.bitcoinrush@aol.comxtbl. So the file image1.jpg becomes image1.jpg.bitcoinrush@aol.comxtbl.
When we send emails to provided address, the hacker want us to pay 2.53 Bitcoins. At the current exchange rate, it is around US $1,650. Well, my client does not have that money to pay for the encryption key. In fact, even if we have the budget we will still push for free decrypter of all .xtbl encrypted files. As mentioned, only week of files are infected. Mostly media and images are encrypted, which is not so important but still has value.
Please tell us where to download .xtbl decryption tool. Some sites we have visited are promoting file decryptor tool, however, none of them works realistically.
- Replies
To give you brief description, .xtbl files are actually infected with Ransom: Win32/Troldesh.A or Trojan-Ransom.Win32.Shade. It encrypts target files using RSA-2048 key which is actually a very complex algorithm. The ransomware then appends the original file with the following:
a_princ@aol.com.xtbl
alex.vlasov@aol.com.xtbl
bitcoinrage@aol.com.xtbl
bitcoinrush@aol.com.xtbl
centurion_legion@aol.com.xtbl
cryptopay@aol.com.xtbl
donald_dak@aol.com
ecovector2@aol.com.xtbl
ecovector3@aol.com.xtbl
gerkaman@aol.com.xtbl
last_centurion@aol.com.xtbl
legioner_seven@aol.com.xtbl
johnycryptor@aol.com.xtbl
ninja_gaiver@aol.com.xtbl
opencode108@aol.com.xtbl
paycrypt@aol.com.xtbl
vegclass@aol.com.xtblbhij@india.com.xtbl
cryptopay@india.com.xtbl
dakinibless@india.com.xtbl
drugvokrug@india.com.xtbl
drugvokrug727@india.com.xtbl
mahakala@india.com.xtbl
makdonalds@india.com.xtbl
meldonii@india.com.xtbl
opencode@india.com.xtbl
redbleepline@india.com.xtbl
redschitline@india.com.xtblProcedures to Decrypt .XTBL files
This is a generic decryption procedure using RakhniDecryptor for file extensions as mentioned above.
1. Download Kaspersky RakhniDecryptor version 1.17.8.1 or higher from the link below and save the file to your hard drive.
RakhniDecryptor Download Link (this will open on a new window)
2. Extract the downloaded file to any preferred location.
3. Double-click on RakhniDecryptor.exe to run the tool.
4. Click on Start Scan button to begin the process of searching for .XTBL encrypted files.
5. RakhniDecryptor will prompt your to specify the path for encrypted files. Navigate to folder containing .XTBL encrypted files. Select supported files types such as Word, Excel, Music, Image, and so on. Never choose Text file on the selection as it may cause errors during decryption process.
6. After selecting file types, click on Open button. RakhniDecryptor will scan the computer for files similar to ones your have chosen. Therefore, you may need to run a separate scan for different files types and extensions.
7. The tool will prompt you once scan and decryption has completed. Click on Details to view the scan results.
8. On Scan results screen, you will have the list of all files successfully decrypted by the tool. You may now close the program and manually delete encrypted files.
Additional Tools
Here are other tools you may use that can decrypt .XTBL file. Please note that it may only work for some variants of Shade/Troldesh virus.
Shade Decryption Tool by McAfee
This is a command line tool that can decrypt some files encrypted by Shade Ransomware (.xtbl, .ytbl, .breaking_bad, .heisenberg).
Download Link and Instructions: Click here
Requirement: You must have the user ID or 20 alpha-numeric character that can found on the ransom note.
Kaspersky Shade Decryptor
Works for Shade Ransomware versions 1 and 2 (Trojan-Ransom.Wind32.Shade). This tool searches the database for key and automatically decrypt files if ever available.
Download Link and Instructions: Click here
- This reply was modified 6 years, 6 months ago by .
- This reply was modified 6 years, 6 months ago by .
- This reply was modified 6 years, 6 months ago by .
- This reply was modified 6 years, 6 months ago by .
- This reply was modified 6 years, 6 months ago by .
- This reply was modified 6 years, 6 months ago by .
- This reply was modified 6 years, 6 months ago by .
- This reply was modified 6 years, 6 months ago by .
- This reply was modified 6 years, 6 months ago by .
- This reply was modified 6 years, 6 months ago by .
- This reply was modified 6 years, 6 months ago by .
- This reply was modified 6 years, 6 months ago by .
- This reply was modified 6 years, 2 months ago by .
- This reply was modified 6 years, 2 months ago by .
- This reply was modified 6 years, 2 months ago by .
- This reply was modified 6 years, 2 months ago by .
dear guys,
Please send me the decryptor tools.
Regards,
Jonel
My type is id-2AC51ADD.legioner_seven@aol.com.xtbl
Sent me Tool Deryptor (.Vegclass@aol.com.xtbl)
cant find 20 character. i only can see 3AE9D8D4.legioner_seven@aol.com
Sent me Tool Deryptor (.Vegclass@aol.com.xtbl)
Sent me Tool Deryptor (.Vegclass@aol.com.xtbl)
sent me tool decrypto (id-1398HGslktg.protection01@india.com.xtbl)
sent me tool decryptor (.DS_Store.id-EA1A9A9A.centurion_legion@aol.com)
Mine is ecovector extension changes to file.(default extension).id-56149F4E.ecovector2@aol.com.xtbl
Please send me the decrypter.
need evector tool
Mine is johnycryptor
sent me tool decrypto (id-1398HGslktg.protection01@india.com.xtbl) pls
sent me tool decrypto ( protection01@india.com) pls
sent me tool decrypto (id-1398HGslktg.protection01@india.com.xtbl) pls
- This reply was modified 6 years, 6 months ago by