(2016-02-09 02:52:51 UTC) Admin: Welcome, $RANDOM visitor or bot!
(2016-02-19 15:32:21 UTC) Victim: Hello admin can you clear this chat it is full of rubbish now and can you add a clear button on this demo page for the chat. Thanks
(2016-02-19 22:02:12 UTC) Admin: Sorry, but I won't implement a reset button for everyones use for security reasons.
(2016-02-21 14:40:08 UTC) Victim: hi
(2016-02-21 14:40:11 UTC) Victim: hi
(2016-02-21 19:12:41 UTC) Troll/Decryptor: Hello Motherafuckers, can you help me?
(2016-02-21 19:13:33 UTC) Troll/Decryptor: I payed but u didnt send the key to unlock files
(2016-02-21 19:13:40 UTC) Troll/Decryptor: I payed but u didnt send the key to unlock files
(2016-02-21 19:33:19 UTC) Admin: What URL did you used? I haven't received any payments in the last days.
(2016-02-21 19:42:47 UTC) Admin: Frankly said, I don't send keys directly. I provide a decryptor program to download, which gathers the keys from my server. Are you sure, that you were hit by Encryptor RaaS?
(2016-02-21 21:15:01 UTC) Victim: trololol motherfucker
(2016-02-23 23:25:05 UTC) Victim: Is this exactly how the actual victim will see the 'pay ransom' page?
(2016-02-24 00:39:37 UTC) Admin: More or less. Except that the demo victim pages will look like the victim has already payed.
(2016-02-24 02:16:06 UTC) Admin: FYI: I've got a fifth complete payment at 2016-02-23 ~ 19:30 UTC. ~ 100 USD were received and ~ 95 USD were forwarded. 2144 files were decrypted over an hour. I'm thinking about sending a batch of encrypted padding at the decryptor instead of one at a time in order to make the decryption process much faster.
(2016-02-25 00:06:37 UTC) Troll/Decryptor: I need my files!
(2016-02-25 06:58:07 UTC) Admin: If you need your files, just pay the ransom.
(2016-02-25 18:49:37 UTC) Victim: trololol motherfucker
(2016-02-27 00:44:44 UTC) Victim: TGRHRT
(2016-02-27 00:44:48 UTC) Victim: TGRHRT
(2016-02-27 13:34:17 UTC) Victim: hello
(2016-02-27 13:34:20 UTC) Victim: hello
(2016-02-27 13:35:39 UTC) Victim: if i start a .exe in virtual machin, my host is crypt ,
(2016-02-27 13:36:04 UTC) Victim: ?*
(2016-02-27 14:45:58 UTC) Victim: and can integrate .exe in a word file ,
(2016-02-27 19:52:41 UTC) Admin: My ransomware isn't able to break out of VMs. If it successfully encrypted all files on the host, there's a serious misconfiguration at your virtualization software.
(2016-02-27 19:56:19 UTC) Admin: The're multiple ways to "integrate" my ransomware into a word document, e.g. by using macros or exploits. You can also make it appear like a word document by using another icon and a RTLO filename.
(2016-02-28 01:08:09 UTC) Victim: bruh, you cold
(2016-02-29 17:36:57 UTC) Victim: asbdahda
(2016-03-01 18:04:30 UTC) Victim: fuck me
(2016-03-01 19:42:15 UTC) Troll/Decryptor: Hi!Is your shitware able to encode thru UNC paths?
(2016-03-01 21:34:27 UTC) Victim: hello
(2016-03-01 21:35:29 UTC) Victim: i want to buy a ransomware it is possible ?
(2016-03-01 23:31:40 UTC) Admin: First of all, please be polite. My ransomware only works on drive letters yet (No UNC yet).
(2016-03-01 23:34:29 UTC) Admin: My ransomware isn't for sale. (No, not even for 30000 USD for the encryptor sourcecode alone)
(2016-03-04 15:05:59 UTC) Victim: lol
(2016-03-04 15:06:02 UTC) Victim: lol
(2016-03-05 16:38:50 UTC) Victim: lol
(2016-03-05 17:22:11 UTC) Victim: lol
(2016-03-05 17:22:17 UTC) Victim: lol
(2016-03-05 17:22:19 UTC) Victim: lol
(2016-03-05 17:22:21 UTC) Victim: lol
(2016-03-05 17:22:22 UTC) Victim: lol
(2016-03-05 17:22:23 UTC) Victim: lol
(2016-03-05 17:22:25 UTC) Victim: lol
(2016-03-05 17:22:26 UTC) Victim: lol
(2016-03-05 17:22:28 UTC) Victim: lol
(2016-03-05 17:22:30 UTC) Victim: lol
(2016-03-05 17:22:31 UTC) Victim: lol
(2016-03-05 17:22:33 UTC) Victim: lol
(2016-03-05 17:22:35 UTC) Victim: lol
(2016-03-05 17:22:36 UTC) Victim: lol
(2016-03-05 17:22:38 UTC) Victim: lol
(2016-03-05 17:22:40 UTC) Victim: lol
(2016-03-05 17:22:41 UTC) Victim: lol
(2016-03-05 17:22:42 UTC) Victim: lol
(2016-03-05 17:22:44 UTC) Victim: lol
(2016-03-05 17:22:46 UTC) Victim: lol
(2016-03-05 17:22:47 UTC) Victim: lol
(2016-03-05 17:22:58 UTC) Victim: lol
(2016-03-05 17:23:00 UTC) Victim: lol
(2016-03-05 17:23:01 UTC) Victim: lol
(2016-03-05 17:23:03 UTC) Victim: lol
(2016-03-05 17:23:04 UTC) Victim: lol
(2016-03-05 17:23:06 UTC) Victim: lol
(2016-03-05 17:23:07 UTC) Victim: lol
(2016-03-05 17:23:08 UTC) Victim: lol
(2016-03-05 17:23:10 UTC) Victim: lol
(2016-03-05 17:23:11 UTC) Victim: lol
(2016-03-05 17:23:13 UTC) Victim: lol
(2016-03-05 17:23:15 UTC) Victim: lol
(2016-03-05 17:23:16 UTC) Victim: lol
(2016-03-05 17:23:18 UTC) Victim: lol
(2016-03-05 17:23:19 UTC) Victim: lol
(2016-03-05 17:23:20 UTC) Victim: lol
(2016-03-05 17:23:22 UTC) Victim: lol
(2016-03-05 17:23:23 UTC) Victim: lol
(2016-03-05 17:23:24 UTC) Victim: lol
(2016-03-05 17:23:26 UTC) Victim: lol
(2016-03-05 17:23:27 UTC) Victim: lol
(2016-03-05 17:23:28 UTC) Victim: lol
(2016-03-05 17:23:30 UTC) Victim: lol
(2016-03-05 17:23:37 UTC) Victim: lol
(2016-03-05 17:23:44 UTC) Victim: lol
(2016-03-05 17:23:46 UTC) Victim: lol
(2016-03-05 17:23:49 UTC) Victim: lol
(2016-03-05 17:23:53 UTC) Victim: lol
(2016-03-05 17:23:55 UTC) Victim: lol
(2016-03-05 17:23:56 UTC) Victim: lol
(2016-03-05 17:23:59 UTC) Victim: lol
(2016-03-05 17:24:01 UTC) Victim: lol
(2016-03-05 17:24:03 UTC) Victim: lol
(2016-03-05 17:24:04 UTC) Victim: lol
(2016-03-05 17:24:06 UTC) Victim: lol
(2016-03-05 17:24:07 UTC) Victim: lol
(2016-03-05 17:24:08 UTC) Victim: lol
(2016-03-05 17:24:10 UTC) Victim: lol
(2016-03-05 17:24:12 UTC) Victim: lol
(2016-03-05 17:24:13 UTC) Victim: lol
(2016-03-05 17:24:15 UTC) Victim: lol
(2016-03-05 17:24:17 UTC) Victim: lol
(2016-03-05 17:24:18 UTC) Victim: lol
(2016-03-05 17:24:19 UTC) Victim: lol
(2016-03-05 17:24:21 UTC) Victim: lol
(2016-03-05 17:24:22 UTC) Victim: lol
(2016-03-05 17:24:23 UTC) Victim: lol
(2016-03-05 17:24:25 UTC) Victim: lol
(2016-03-05 17:24:27 UTC) Victim: lol
(2016-03-05 17:24:28 UTC) Victim: lol
(2016-03-05 17:24:30 UTC) Victim: lol
(2016-03-05 17:24:31 UTC) Victim: lol
(2016-03-05 17:24:32 UTC) Victim: lol
(2016-03-05 17:24:34 UTC) Victim: lol
(2016-03-05 17:24:35 UTC) Victim: lol
(2016-03-05 17:24:37 UTC) Victim: lol
(2016-03-05 17:24:39 UTC) Victim: lol
(2016-03-05 17:24:44 UTC) Victim: lol
(2016-03-05 17:24:56 UTC) Victim: lol
(2016-03-05 17:24:58 UTC) Victim: lol
(2016-03-05 17:24:59 UTC) Victim: lol
(2016-03-05 17:25:02 UTC) Victim: lol
(2016-03-05 17:25:08 UTC) Victim: lol
(2016-03-05 17:25:12 UTC) Victim: lol
(2016-03-05 17:25:14 UTC) Victim: lol
(2016-03-05 17:25:15 UTC) Victim: lol
(2016-03-05 17:25:17 UTC) Victim: lol
(2016-03-05 17:25:19 UTC) Victim: lol
(2016-03-05 17:25:21 UTC) Victim: lol
(2016-03-05 17:25:24 UTC) Victim: lol
(2016-03-05 17:25:25 UTC) Victim: lol
(2016-03-05 17:25:27 UTC) Victim: lol
(2016-03-05 17:25:29 UTC) Victim: lol
(2016-03-05 17:25:31 UTC) Victim: lol
(2016-03-05 17:25:32 UTC) Victim: lol
(2016-03-05 17:25:37 UTC) Victim: lol
(2016-03-05 17:25:46 UTC) Victim: lol
(2016-03-05 17:25:47 UTC) Victim: lol
(2016-03-05 17:25:49 UTC) Victim: lol
(2016-03-05 17:25:51 UTC) Victim: lol
(2016-03-05 17:25:52 UTC) Victim: lol
(2016-03-05 17:25:54 UTC) Victim: lol
(2016-03-05 17:25:55 UTC) Victim: lol
(2016-03-06 14:22:48 UTC) Victim: hello
(2016-03-06 14:22:50 UTC) Victim: hello
(2016-03-06 18:43:13 UTC) Victim: Are you able to write other things than lol, too?
(2016-03-06 20:51:56 UTC) Victim: other things than lol
(2016-03-06 20:51:58 UTC) Victim: other things than lol
(2016-03-06 20:52:00 UTC) Victim: other things than lol
(2016-03-06 20:52:02 UTC) Victim: other things than lol
(2016-03-06 20:52:03 UTC) Victim: other things than lol
(2016-03-06 20:52:04 UTC) Victim: other things than lol
(2016-03-06 20:52:05 UTC) Victim: other things than lol
(2016-03-06 20:52:07 UTC) Victim: other things than lol
(2016-03-06 20:52:09 UTC) Victim: other things than lol
(2016-03-06 20:52:11 UTC) Victim: other things than lol
(2016-03-06 20:52:13 UTC) Victim: other things than lol
(2016-03-06 20:52:15 UTC) Victim: other things than lol
(2016-03-06 20:52:16 UTC) Victim: other things than lol
(2016-03-06 20:52:17 UTC) Victim: other things than lol
(2016-03-06 20:52:19 UTC) Victim: other things than lol
(2016-03-06 20:52:27 UTC) Victim: other things than lol
(2016-03-06 20:52:29 UTC) Victim: other things than lol
(2016-03-06 20:52:32 UTC) Victim: other things than lol
(2016-03-06 20:52:33 UTC) Victim: other things than lol
(2016-03-06 20:52:35 UTC) Victim: other things than lol
(2016-03-06 20:52:42 UTC) Victim: other things than lol
(2016-03-06 20:52:52 UTC) Victim: other things than lol
(2016-03-06 20:52:54 UTC) Victim: other things than lol
(2016-03-06 20:52:56 UTC) Victim: other things than lol
(2016-03-06 20:52:58 UTC) Victim: other things than lol
(2016-03-06 20:53:01 UTC) Victim: other things than lol
(2016-03-06 20:53:03 UTC) Victim: other things than lol
(2016-03-06 20:53:05 UTC) Victim: other things than lol
(2016-03-06 20:53:06 UTC) Victim: other things than lol
(2016-03-06 20:53:08 UTC) Victim: other things than lol
(2016-03-06 20:53:10 UTC) Victim: other things than lol
(2016-03-06 20:53:11 UTC) Victim: other things than lol
(2016-03-06 20:53:12 UTC) Victim: other things than lol
(2016-03-06 21:15:32 UTC) Admin: @2016-03-06 18:43:13 GMT: This reminds me of my children. Anyway, I've released another version. It's again set as a "console application" for evasion reasons. A console window might show for up to a few seconds. I keep getting stucked to various Bitdefender generic signatures.
(2016-03-07 16:42:09 UTC) Admin: Should I clear the chat history as a whole or just the multiple sent lines?
(2016-03-08 10:27:22 UTC) Victim: I think it'd be funnier if the history remains here unshorted. It's a funny and stupid conversation.
(2016-03-08 10:28:45 UTC) Victim: But I have a question. I generated a ransomware with your donation Bitcoin address. What should I type as Cust ID and GUID if I want to decrypt for free?
(2016-03-08 20:57:50 UTC) Admin: Frankly said, you should use the direct URL, which is in the readme. This standard page will show up at (especially) two moments, when you haven't called a subpage and when my server thinks, that you've manipulated the URL.
(2016-03-08 21:59:31 UTC) Admin: In that case, the Cust ID is 6c23cce604617e2f5d295274021005b768f92490 and the GUID is your machine's MachineGuid.
(2016-03-10 06:03:44 UTC) Victim: Hi admin, are you here ?
(2016-03-10 06:37:51 UTC) Admin: I'm here. How can I help you?
(2016-03-10 16:47:49 UTC) Victim: How can I find out my MachineGuid? Is it in the readme?
(2016-03-10 20:37:26 UTC) Admin: Well... actually yes. Anyway, press Win-R, at the opened dialog enter "cmd.exe" (without quotes) and press enter. Enter this "reg query HKLM\Software\Microsoft\Cryptography" (without quotes) and press enter. Take the value on the right side after "MachineGuid REG_SZ", it must have 36 characters.
(2016-03-11 08:31:28 UTC) Victim: Thank you for helping! It worked! But sometimes when I execute the ransomware it doesn't encrypt everything and stops working before it shows the readme or the decryptor interface. What's wrong with this program? I tested it in VirtualBox 5.0.12 running Win XP with SP3 as guest and Linux 4.4.3 as host.
(2016-03-11 16:34:43 UTC) Admin: How comes? Have you installed a AV or a anti-ransomware tool on the VM? Does that happened again after you re-generated the exe?
(2016-03-11 16:56:19 UTC) Victim: trololol motherfucker
(2016-03-11 16:56:31 UTC) Victim: trololol motherfucker
(2016-03-11 16:56:39 UTC) Victim: trololol motherfucker
(2016-03-11 16:56:40 UTC) Victim: trololol motherfucker
(2016-03-11 16:56:43 UTC) Victim: trololol motherfucker
(2016-03-11 16:56:46 UTC) Victim: trololol motherfucker
(2016-03-11 17:48:21 UTC) Victim: No, I didn't install anything in the VM. I only installed Windows XP, copied some files for testing onto the desktop of my VM and started the encryptor. An hour ago the same happened (with an exe that's generated an hour ago). I used a tool named "Process Monitor" to see what happens. The exe reads every registry value and every file on my VM and exits then. This process needs ~15 minutes. Do you think VirtualBox has a builtin protection against ransomware? Or does your ransomware only work on real computers?
(2016-03-11 17:50:48 UTC) Victim: @ 2016-03-11 16:56:19 GMT: This is a serious question I have. I want to use jeiphoos' ransomware for educational purposes only. I don't want to harm someone so please don't spam here.
(2016-03-11 18:16:04 UTC) Admin: I don't think, that my ransomware is accessing *every* registry key and *every* file. Did you run the correct sample? I have just one, silly simple, "protection" against the API emulation of MSE.
(2016-03-11 18:30:56 UTC) Victim: Admin: trololol motherfucker
(2016-03-11 18:31:21 UTC) Victim: <b>Admin</b>: trololol motherfucker
(2016-03-11 18:31:44 UTC) Victim: Asshole
(2016-03-11 18:31:56 UTC) Victim: fuck yo mama
(2016-03-11 18:41:43 UTC) Admin: Have you already tried to run it without "Process Monitor"? Anyway, the release of a new version still takes some time. At either try it's getting detected by ESET, MSE and/or Bitdefender.
(2016-03-11 18:43:23 UTC) Admin: @2016-03-11 18:31:21 GMT: Am I supposed to laugh about that?
(2016-03-11 18:47:01 UTC) Admin: The best tries of all were being only detected by Twister Antivirus.
(2016-03-11 19:20:59 UTC) Victim: ojıj
(2016-03-11 19:21:01 UTC) Victim: ojıj
(2016-03-11 19:22:18 UTC) Victim: asdasd
(2016-03-11 19:23:04 UTC) Victim: admin
(2016-03-11 19:30:47 UTC) Victim: Hi
(2016-03-12 05:14:57 UTC) Victim: I think I did run it as I should run it. I clicked on the exe and that's all. Of course it's not accessing every registry value, but very much registry values. When I executed the encryptor the first time I executed it without "Process Monitor". I used this tool because I wanted to see what happens and maybe why your exe doesn't do anything. Does it matter that the exe I have isn't signed? I wasn't able to click the "Sign exe" button…
(2016-03-12 06:04:24 UTC) Victim: @ 2016-03-12 05:14:57 GMT: It works for me. What service pack do you use?
(2016-03-12 09:11:08 UTC) Troll/Decryptor: I use Service Pack 3. I installed Windows XP from a CD that already includes Service Pack 3. Did you also run it in a VM?
(2016-03-12 09:17:34 UTC) Troll/Decryptor: @2016-02-25 06:58:07 GMT: You don't have to pay the ransom, as you said. At first, it isn't guaranteed that you really get your files back. Second, you could also hack the encryption or restore a backup. Never pay ransoms to get your files back! All programmers of ransomware are scammers.
(2016-03-12 09:46:37 UTC) Troll/Decryptor: Look at his link:
(2016-03-12 09:46:46 UTC) Troll/Decryptor: http://www.welivesecurity.com/2013/12/12/11-things-you-can-do-to-protect-against-ransomware-including-cryptolocker/
(2016-03-12 09:47:10 UTC) Troll/Decryptor: It shows how to protect against ransomware
(2016-03-12 13:08:11 UTC) Victim: hi
(2016-03-12 13:59:26 UTC) Admin: I didn't said anything like that. Please learn to cite correctly.
(2016-03-12 14:04:31 UTC) Admin: Just for notice, it's guaranteed that you'll get your files back. Please don't generalize, some might be scammers, but I'm not one of them.
(2016-03-12 14:27:21 UTC) Victim: "Please generalize, all are scammers and I'm one of them." I'll destroy you even if it's the last thing in my life.
(2016-03-12 14:27:52 UTC) Victim: trololol
(2016-03-12 14:27:53 UTC) Victim: trololol
(2016-03-12 14:27:54 UTC) Victim: trololol
(2016-03-12 14:27:55 UTC) Victim: trololol
(2016-03-13 13:08:26 UTC) Troll/Decryptor: @2016-03-12 14:04:31 GMT: Maybe you aren't a scammer. I can't say clearly if you are. But you are an unfriendly person that isn't able to write working software. As my friend said a few weeks ago your ransomware is very funny, but no real ransomware. It can be hacked very easy, even if the encryption worked as it should. That's what I can definetly say because it's my opinion. My friend told me about this site. It's really funny!
(2016-03-13 13:11:49 UTC) Troll/Decryptor: "Do NOT move files around or try to tamper with them in any way, because the decryptor will not work then anymore. Please remember, that this is the only way to ever regain access to your files!" - Yes, you can easily regain access to your files. It's not much work to hack the encryption and decrypt the files without paying the ransom.
(2016-03-13 13:14:36 UTC) Troll/Decryptor: Victim: "I need my files!" - Admin: "Just pay the ransom." -- You are really funny, admin! LoL! Do you really think this is the only way to gain access to the encrypted files(except restoring a backup)?
(2016-03-13 16:11:15 UTC) Admin: Frankly said, I'm a very polite person, but I just can't stand it if someone tries to twit me. The lines you've cited from the victim's page are stolen from another ransomware's victims page because I'm not a webdesigner and I didn't had much time at the day I've copied that. So you tell that it's easy to crack/hack my encryption because a friend told you? It has to be true because he told you? Logic 101? If it would be possible to crack my encryption, the AV vendors would brag about it. First you say that my encryption can be bypassed, then you say that it's crackable? Hell now, just decide for yourself.
(2016-03-13 16:24:46 UTC) Admin: FYI: You call it unfriendly, I call it Alterszorn. I'm an old fart and I still develop software. Can you cope with that?
(2016-03-13 19:57:47 UTC) Troll/Decryptor: I generated a ransomware-exe from your site and executed it on my computer so it encrypted every file that has one of the extensions of your extension list. After that I tried the method my friend told me and 30 minutes later the first files were decrypted. They were decrypted without your decryptor. Now I know straight from the horse's mouth your ransomware isn't dangerous. But the method of my friend has something that could be a problem for the typical user: It needs a Linux running on the victim's PC, but only for decryption. What I want to say: It's possible to crack your ransomware and it's done in less than 1 hour.
(2016-03-13 19:59:07 UTC) Troll/Decryptor: "Admin: FYI: You call it unfriendly, I call it Alterszorn." Are you a native German speaker? I know this word because I am one.
(2016-03-13 23:32:20 UTC) Admin: Yes, I'm a native german speaker. Here's a challenge (for you): http://encryptor3awk6px.onion/challenge.txt.enc
(2016-03-14 01:35:12 UTC) Victim: German Coder
(2016-03-14 01:35:26 UTC) Victim: ?
(2016-03-14 01:53:45 UTC) Admin: I'm a german speaking coder.
(2016-03-14 03:38:11 UTC) Victim: wtf ?
(2016-03-14 06:09:16 UTC) Victim: @ 2016-03-13 23:32:20 UTC: Keep that shit just trolled you haha
(2016-03-14 08:21:13 UTC) Troll/Decryptor: What's the challenge about this file? Should I decrypt it?
(2016-03-14 19:42:40 UTC) Admin: Everyone, who is able to is invited to decrypt it and paste the content in the chat.
(2016-03-14 19:46:05 UTC) Admin: I'll confirm if it's the correct content, but by publishing the decrypted padding too, everyone will be able to confirm it by a few simple steps.
(2016-03-15 01:37:39 UTC) Troll/Decryptor: hi
(2016-03-15 05:16:06 UTC) Troll/Decryptor: The problem is this file doesn't have a file header (in contrast to most other files your ransomware encrypts). Could you tell us please which algorithm and which type of key was used to encrypt this file?
(2016-03-15 08:28:19 UTC) Admin: It's a plain text file and it's encrypted exactly how my ransomware does it.
(2016-03-15 08:37:24 UTC) Admin: Here's another challenge: http://encryptor3awk6px.onion/challenge.jpg.enc
(2016-03-15 16:58:54 UTC) Troll/Decryptor: hi
(2016-03-15 17:33:16 UTC) Troll/Decryptor: hi
(2016-03-15 17:33:19 UTC) Troll/Decryptor: hi
(2016-03-15 18:21:28 UTC) Troll/Decryptor: hi
(2016-03-15 18:21:34 UTC) Troll/Decryptor: hi
(2016-03-15 18:21:41 UTC) Troll/Decryptor: hi
(2016-03-15 18:21:47 UTC) Troll/Decryptor: hi
(2016-03-15 18:24:00 UTC) Troll/Decryptor: i have a question to u. i wanna spread my new ransomware but i dont know how i should do this. i want to earn bitcions but i dont want to get tracked and arested. also i dont know which method is best to spread it. can u help me please.
(2016-03-15 21:49:58 UTC) Victim: ALAN SNACKBAR
(2016-03-15 21:50:00 UTC) Victim: ALAN SNACKBAR
(2016-03-16 15:27:11 UTC) Admin: So you claimed that my ransomware is insecure. Where's your proof? I'm still waiting.
(2016-03-16 15:35:01 UTC) Victim: Twilight Sparkle is best pony!
(2016-03-16 16:32:57 UTC) Troll/Decryptor: My PC is still trying to hack the encryption. The more files I have the faster it is because there's a connection between all encrypted files. Vou gave me only two files so I may need a long time. But I'll be successful. Maybe I need months for this, but I will crack the encryption!
(2016-03-16 16:33:25 UTC) Troll/Decryptor: fuck yo mama
(2016-03-16 16:33:34 UTC) Troll/Decryptor: fuck yo mama
(2016-03-16 16:33:41 UTC) Troll/Decryptor: fuck yo mama
(2016-03-16 16:33:50 UTC) Troll/Decryptor: fuck yo mama
(2016-03-16 16:34:09 UTC) Troll/Decryptor: a$$h0le
(2016-03-16 16:34:18 UTC) Troll/Decryptor: a$$h0le
(2016-03-16 16:34:28 UTC) Troll/Decryptor: a$$h0le
(2016-03-16 19:27:54 UTC) Admin: How many files do you need? Are ten thousand encrypted versions of the same jpeg enough?
(2016-03-16 20:52:55 UTC) Troll/Decryptor: hi
(2016-03-16 20:52:58 UTC) Troll/Decryptor: hi
(2016-03-16 20:53:01 UTC) Troll/Decryptor: hi
(2016-03-17 10:27:23 UTC) Troll/Decryptor: I need at least one file, but then I'll need much time. The more different (!) files encrypted with the same exe I have, the better it is.
(2016-03-17 10:29:18 UTC) Troll/Decryptor: In my test I encrypted around 120.000 files that were located in my VM. Because I had so many files, I (my PC) only needed around 6 hours for decrypting everything.
(2016-03-17 10:31:04 UTC) Troll/Decryptor: hi admin did you read my message. i need help in spreading your ransomware. do you have tips thx in advance.
(2016-03-17 10:31:13 UTC) Troll/Decryptor: hi
(2016-03-17 10:31:20 UTC) Troll/Decryptor: hi
(2016-03-17 10:31:28 UTC) Troll/Decryptor: hi
(2016-03-17 10:31:40 UTC) Troll/Decryptor: hi
(2016-03-17 10:31:49 UTC) Troll/Decryptor: hi
(2016-03-17 10:31:58 UTC) Troll/Decryptor: hi
(2016-03-17 23:26:42 UTC) Admin: @(2016-03-17 10:29:18 UTC): Here: http://encryptor3awk6px.onion/test1_donotuse.exe The custid isn't registered with the server, you don't need to change your MachineGuid (It'll use a fixed GUID) and there's no wait before the encryption takes place. It's using the same custid/GUID combination as the two challenge files. Six hours? I want to see that.
(2016-03-17 23:27:23 UTC) Admin: @(2016-03-17 10:31:04 UTC): Which message between all this spam?
(2016-03-18 13:57:26 UTC) Admin: Well, did you had any success in cracking my encryption or do you have another flimsy excuse?
(2016-03-18 15:48:29 UTC) Troll/Decryptor: hi admin i mean the message from 2016-03-15 18:24:00 UTC. i was aksing for tips for spreading your ransomware. do u have some. thx in advance.
(2016-03-18 16:05:44 UTC) Admin: Nothing in particular. Just common things like don't demand too high ransoms from private persons. (Quantity instead of high ransoms)
(2016-03-18 18:17:28 UTC) Victim: Whats to high of a ransom?
(2016-03-18 18:17:31 UTC) Victim: Whats to high of a ransom?
(2016-03-18 18:36:31 UTC) Admin: It'll depend on the country, but 2000 USD are way too high, that's for sure. (Just an example from another customer)
(2016-03-18 18:45:33 UTC) Troll/Decryptor: Hello jeiphoos! I saw your challenge here and solved it. I've sent you further details and a challenge for you via email. Good luck!
(2016-03-18 18:52:00 UTC) Troll/Decryptor: thank you. but r there some things to notice when spreading your ransomware. is there a way to raech many people at the same time. i dont want to send it to evry victim manually.
(2016-03-18 18:52:44 UTC) Troll/Decryptor: and i dont want to be cathed. do u know a way to anonymize my bitcions.
(2016-03-18 19:23:38 UTC) Admin: @2016-03-18 18:45:33 UTC: I already saw your email and responded to you. Do you really think, that I would execute a executable, which a random person is sending to me? I'm not senile.
(2016-03-18 19:27:37 UTC) Admin: @2016-03-18 18:52:00 UTC: I would say by webbrowser/plugins exploits and/or find exe's which are being downloaded very often and try to replace them.
(2016-03-18 19:33:30 UTC) Admin: @2016-03-18 18:52:44 UTC: e.g. Payshield (http://payshld6oxbu5eft.onion/), it's working fine, but it might not protect you if you're using a source and destination bitcoin address combination over some time. (Possibility of a statistical attack)
(2016-03-18 20:21:48 UTC) Troll/Decryptor: @2016-03-18 19:27:37 UTC: thank u for this idea! i thought of sending it via email but ur idea is more effectiv. thx.
(2016-03-18 20:22:23 UTC) Troll/Decryptor: @2016-03-18 19:33:30 UTC: thx;)
(2016-03-18 20:23:51 UTC) Troll/Decryptor: but how safe is it. and what do u maen with statistcal atack.
(2016-03-19 02:50:39 UTC) Admin: Let's say, the bitcoin address, you've the money on (single address in the easiest case) is A, the target address is B and the temporary address of payshield is Z. When you're sending the money from A to Z, after it'll have exactly 3 confirmations, a transaction is made to B with about the same volume (a bit less). if A and B are staying the same for a while (for multiple uses) and if the attacker knows, that you're using payshield, it should be possible to isolate the value of B.
(2016-03-19 06:19:09 UTC) Troll/Decryptor: thx for ur good explanation. does it mean i hav to chnage my bitcoin adress from time to time but my bitconi wallet can still b the same. and is it posible to mix my coins wihtout payshield. would this have the same security level.
(2016-03-19 06:46:50 UTC) Admin: It's extremely hard to impossible to mix your coins properly by yourself. 'A' is in that case your customer bitcoin address (source), 'B' is e.g. the bitcoin address of a conversion service (BTC/USD, BTC/EUR, ...) (destination). I would recommend to change the bitcoin address of 'B' regularly.
(2016-03-19 06:49:03 UTC) Victim: @2016-03-18 19:23:38 UTC: Here's the solution: Z28gZnVjayB5b3VyIHNlbGYgamVpcGhvb3MgeW91IGRhbW4gbTB0aGVyZjBja2VyIHRyb2xvbG9sb2w=
(2016-03-19 06:49:52 UTC) Victim: @2016-03-18 19:23:38 UTC: I'll never stop to "twit" yo!!!!!!!!!!!!!!!!!!!!!!!
(2016-03-19 06:50:38 UTC) Troll/Decryptor: sounds good. thank u! i will try my best.
(2016-03-19 06:54:01 UTC) Troll/Decryptor: @2016-03-19 06:49:03 UTC: The solution of what? And why are you stealing my challenge? I already emailed the solution to jeiphoos. Because he didn't want to decrypt and execute my extractor I sent the source code of it to him. But this is also encrypted (by me) and I want to know if the admin can crack it. Admin, were you successful in decrypting my files I sent to you?
(2016-03-19 06:54:58 UTC) Troll/Decryptor: @ 2016-03-19 06:49:52 UTC: Good idea. But you're both assholes!!
(2016-03-19 06:56:27 UTC) Troll/Decryptor: no
(2016-03-19 06:56:33 UTC) Troll/Decryptor: no
(2016-03-19 06:56:39 UTC) Troll/Decryptor: no
(2016-03-19 06:56:48 UTC) Troll/Decryptor: we're not
(2016-03-19 06:56:54 UTC) Troll/Decryptor: no
(2016-03-19 06:56:59 UTC) Troll/Decryptor: no
(2016-03-19 06:57:12 UTC) Troll/Decryptor: !!
(2016-03-19 06:57:56 UTC) Troll/Decryptor: Warning for the demo chat: Beware of "admins".
(2016-03-19 07:21:07 UTC) Admin: @ 2016-03-19 06:54:01 UTC: I've got no time to play around. You've claimed that you would be able to crack my encryption so it's up to you to proof it. Also you claimed, that you could the compress the challenge.jpg (which is FYI 131 KB big, has a resolution of 600x1041 px and which is very incompressible) to less than 7 KB size, so it's proven to me that you're trying to twit me. For everyones information: I've got no way to difference between all those people, who're using the chat (as the 'victim')
(2016-03-19 12:50:54 UTC) Troll/Decryptor: As i said in my email, you're a dumb idiot. Are you really so dumb or are you just a good actor? I think you have no idea of encryption. My files are encrypted, but they use a key that's one digit long, e.g. "A" or "X". You're the laughingstock of me and my friends. Your IQ seems to be 12. A traffic light has 13. :-D
(2016-03-19 12:51:41 UTC) Troll/Decryptor: That means my files are very, very easy to crack. It needs more time to type the correct password.
(2016-03-19 12:51:51 UTC) Troll/Decryptor: *for decryption
(2016-03-19 12:53:07 UTC) Troll/Decryptor: yes
(2016-03-19 12:53:14 UTC) Troll/Decryptor: yes
(2016-03-19 12:53:19 UTC) Troll/Decryptor: yes
(2016-03-19 12:53:26 UTC) Troll/Decryptor: yes
(2016-03-19 12:54:54 UTC) Troll/Decryptor: @ 2016-03-19 12:50:54 UTC: i dont know if the admin knows what a traffic light is. can you explain it for him?
(2016-03-19 12:55:08 UTC) Troll/Decryptor: xD
(2016-03-19 12:59:12 UTC) Troll/Decryptor: I think that may be better for all of us. Hopefully he runs a red light and gets catched by a truck. If that happens, it would raise the average intelligence of all humans to a whole new level. lol!
(2016-03-19 13:00:05 UTC) Troll/Decryptor: yes
(2016-03-19 13:00:11 UTC) Troll/Decryptor: yes
(2016-03-19 13:24:48 UTC) Troll/Decryptor: The program doesnt open
(2016-03-19 13:24:51 UTC) Troll/Decryptor: The program doesnt open
(2016-03-19 14:27:09 UTC) Admin: When you act like you're multiple persons, don't forget to delete the cookies, you're sharing the same sessionid. Also, the files you've sent to me have only 'Salted__' in the beginning (like a openssl-enc encrypted file), but except this, the're only nullbytes. Like I said, even if you would send me an executable, I wouldn't execute it.
(2016-03-19 15:32:49 UTC) Troll/Decryptor: Hİ GUYS
(2016-03-19 15:32:52 UTC) Troll/Decryptor: Hİ GUYS
(2016-03-19 18:01:27 UTC) Troll/Decryptor: I am only one person, but my friends wanted to write something to you from my PC. That is why I share the same session ID with my friends. But you are the laughingstock of all of us. My files I sent to you are one encrypted executable (extractor.enc) and its source code (extractor.c.enc). That are not null-bytes as you said. You proved to me you do not have any idea of encryption. It sticks out a mile that I encrypted it using openssl. Do you want to try it again to decrypt my files? Even the source code file? If you are successful you may publish it here. Why am I saying this? Because I know you are too stupid to encrypt them, even if you know the passphrase is only one single character. I think you are still unable to decrypt it if I would tell you the passphrase. Am I right?
(2016-03-19 18:04:26 UTC) Troll/Decryptor: @2016-03-19 18:01:27 UTC Thats correct. Even I was successful in decrypting your file and I am no hacker or programmer or something else.
(2016-03-19 18:04:51 UTC) Troll/Decryptor: @ 2016-03-19 15:32:52 UTC Hi! What do you want from us?
(2016-03-19 18:08:33 UTC) Troll/Decryptor: @ 2016-03-19 13:24:51 UTC That is because it is written very bad. I recommend you to write your own ransomware because the programmer of RaaS seems to have no idea of encryption.
(2016-03-19 19:50:24 UTC) Troll/Decryptor: The ransomware encrypt the files, but is very easy to decrypt
(2016-03-19 20:09:14 UTC) Troll/Decryptor: Of course it is. It's so easy because the admin is an idiot. My friends call him a "Trottel". They're right! One of my friends will send the admin an email that's encrypted with his own GPG key. Let's see if he can decrypt this…
(2016-03-19 20:11:44 UTC) Troll/Decryptor: The admin is a very funny person because he has no idea of encryption and writes ransomware. hahahahahahahahahahaha!! lol!
(2016-03-19 21:24:18 UTC) Admin: There's a german saying: "Wer schreit, hat unrecht." It more or less means: Yelling people are in the wrong. Instead of claiming for another dozen times that you were able to crack my encryption, just simply proof it. I say it again, both files you've sent to me are (except of the first 8 bytes each) only containing null bytes.
(2016-03-19 21:28:11 UTC) Admin: I make it easy for you, the picture is showing a very famous person. Tell me which.
(2016-03-19 21:56:17 UTC) Admin: So, "your friend" (most probably you, it's your email account at least) sent an email to me. It was encrypted with this encryption subkey 0xC26A30AE664FC8FF, but mine is 0x4DD697BC835E7F58. I've to ask you a serious question: Are you trying to twit me or yourself?
(2016-03-19 22:27:45 UTC) Victim: But it contains your public key. I piped it into /dev/random before I generated the new key.
(2016-03-20 00:55:37 UTC) Victim: ^^^ Why are all the people so stupid? lol
(2016-03-20 00:57:55 UTC) Troll/Decryptor: Hey so, what do you suggest the best way to is for spreading this ransomware?
(2016-03-20 07:44:33 UTC) Admin: There's no such thing like a best way. The're just different ways.
(2016-03-20 18:21:49 UTC) Victim: Hello, when I generate the RAAS i should also put the extention .exe? or what extension does it use?
(2016-03-20 19:48:03 UTC) Admin: When you're filling the "Custom filename" field, you should also add an extension, you could e.g. use .exe, .scr, .com and .pif
(2016-03-21 12:31:36 UTC) Victim: How much is your certificate? I want to buy it.
(2016-03-21 14:24:28 UTC) Victim: @2016-03-19 21:56:17 UTC: I don't want to know how many people have believed my lies. I'll always try to destroy you!!!!!!!!!!! lol!!
(2016-03-21 15:44:29 UTC) Troll/Decryptor: @ 2016-03-21 14:24:28 UTC: May I help you? I know a technique to do this.
(2016-03-21 17:04:21 UTC) Victim: @ 2016-03-21 15:44:29 UTC: Yes. Which?
(2016-03-21 18:00:00 UTC) Admin: @ 2016-03-21 12:31:36 UTC: I'm selling two certificates. Which one do you want (SHA1, SHA256, both) and what's your offer?
(2016-03-21 18:42:51 UTC) Victim: @ 2016-03-21 15:44:29 UTC: Admin is asleep. Post it now! :P
(2016-03-21 21:53:30 UTC) Victim: hi
(2016-03-22 00:05:31 UTC) Victim: .lol
(2016-03-22 01:47:13 UTC) Victim: @2016-03-21 18:00:00 UTC: I offer one cent for each.
(2016-03-22 06:13:01 UTC) Troll/Decryptor: @ 2016-03-21 17:04:21 UTC: I could tell it to you via email. Could you send me your email address and your PGP key (if you have one), please?
(2016-03-22 06:15:38 UTC) Troll/Decryptor: @ 2016-03-21 18:00:00 UTC: It doesn't matter which one I get from you. Are your certificates compatible with applications that use X.509 certificates? Or can I convert your certificates to X.509?
(2016-03-22 06:18:43 UTC) Troll/Decryptor: And I also don't know how much they are worth because I don't know the company where you stole the certificates.
(2016-03-22 18:57:49 UTC) Victim: @2016-03-22 06:13:01 UTC: It's rollmay@sigaint.org
(2016-03-22 19:49:24 UTC) Admin: @2016-03-22 06:15:38 UTC: It actually matter, depending for which windows versions you want to sign code for. They're both in the .pfx format (Of course I've got the passwords). You can use them with signcode and osslsigncode. I don't think that the source or to who the certificates got issued to are important, as the most people don't look for a name, they just look that there isn't a big red fat warning.
(2016-03-23 11:24:21 UTC) Victim: fuck you admiN!!!!!!!!!!!!!!
(2016-03-23 12:51:54 UTC) Troll/Decryptor: @ 2016-03-22 19:49:24 UTC: Is avoiding a red warning the only thing I can do with your certificates? Or are there other advantages and possibilities I could have with your certificate?
(2016-03-23 13:36:04 UTC) Admin: I'll look if they could be used to load drivers.
(2016-03-24 02:43:28 UTC) Admin: It's also possible to use them for signing and loading kernel drivers. (even on Windows 10)
(2016-03-24 07:09:08 UTC) Troll/Decryptor: @ 2016-03-24 02:43:28 UTC: Oh! That's something good, but now I'm able to do this my way (without any external certificates), but my way is a bit complicated. But I'm still interested in your certificates. It doesn't matter which one you sell to me. I offer you 10 euros for it. Is that good for you?
(2016-03-24 07:09:27 UTC) Troll/Decryptor: If not, how much money do you want?
(2016-03-24 16:07:28 UTC) Admin: As I said, I see it as some sort of auction, but 10€? Seriously? If it's a project which should be officially associated to you, just request one by the official means. If not, just steal one by yourself.
(2016-03-24 16:16:10 UTC) Troll/Decryptor: As I see, 10€ are too cheap for you. How much do you want at least?
(2016-03-24 16:17:50 UTC) Troll/Decryptor: But I don't need to steal a certificate by myself. I'm using some methods that allow me to do the same as you said, but my method needs a few hours to complete and I think signing something with your certificate needs less time.
(2016-03-24 18:29:41 UTC) Admin: Well, at least 1000€, but please make a cost-benefit analysis first, as you have to see for yourself if my offer is beneficial for you.
(2016-03-24 19:52:13 UTC) Victim: twitter hack ?
(2016-03-24 21:23:11 UTC) Victim: a
(2016-03-24 21:23:14 UTC) Victim: a
(2016-03-24 23:23:23 UTC) Victim: hello
(2016-03-25 03:44:43 UTC) Victim: I have 3176$ to spend, but I must ask, what is a certificate and why should I buy one?
(2016-03-25 06:46:55 UTC) Troll/Decryptor: @2016-03-24 18:29:41 UTC: 1000€???? I've to ask you a question: Are you fucking serious??? Is that a certificate from the Pentagon?
(2016-03-25 06:47:48 UTC) Troll/Decryptor: @2016-03-25 03:44:43 UTC: LoL!!!
(2016-03-25 09:06:17 UTC) Admin: Well, they're still valid for 2 more years (until late 2018), you can use them to load kernel drivers and you won't be associated with them when you're using them as each of them is registered to someone else.
(2016-03-25 10:13:54 UTC) Victim: tes
(2016-03-25 12:14:31 UTC) Troll/Decryptor: @ 2016-03-25 09:06:17 UTC: My opinion is they are still too expensive. Thank you for your offer!
(2016-03-25 12:52:54 UTC) Admin: Thank you for your honest opinion.
(2016-03-26 07:33:32 UTC) Victim: I would pay 500 dollar for both.
(2016-03-26 09:22:36 UTC) Victim: hi
(2016-03-26 16:27:37 UTC) Victim: good afternoon
(2016-03-26 16:27:40 UTC) Victim: good afternoon
(2016-03-26 16:28:04 UTC) Victim: Is the Admin here?
(2016-03-26 16:37:48 UTC) Victim: I've sent you an email admin, i hope thats okay!
(2016-03-26 16:45:18 UTC) Victim: as became clear to me while i was scrolling the chat, even the deepweb is filled with trolls, a shame!
(2016-03-27 09:06:40 UTC) Victim: @2016-03-26 16:45:18 UTC, Lol, the internet as a whole is shameful.
(2016-03-27 21:01:46 UTC) Admin: @2016-03-27 09:06:40 UTC: True that.
(2016-03-28 01:13:09 UTC) Victim: :(
(2016-03-28 01:13:12 UTC) Victim: :(
(2016-03-28 17:06:23 UTC) Troll/Decryptor: @ 2016-03-25 12:52:54 UTC: You're welcome! :-)
(2016-03-28 17:09:07 UTC) Troll/Decryptor: @ 2016-03-27 09:06:40 UTC: Yes, it is because there are people like jeiphoos.
(2016-03-28 22:02:46 UTC) Victim: hi
(2016-03-28 23:52:00 UTC) Admin: @2016-03-28 17:09:07 UTC: Hey, did you only came here to insult me? That's not very kind of you.
(2016-03-28 23:55:40 UTC) Admin: @2016-03-28 17:09:07 UTC: I know, I know, writing and distributing ransomware isn't kind either. He that is without sin among you, let him first cast a stone.
(2016-03-29 02:30:18 UTC) Victim: whats up
(2016-03-29 08:45:14 UTC) Troll/Decryptor: @ 2016-03-28 23:52:00 UTC: No. I don't want to insult everyone, I only want to tell you the truth.
(2016-03-29 12:31:26 UTC) Admin: @2016-03-29 08:45:14 UTC: I know, I just don't really like to hear it. :-)
(2016-03-29 19:45:46 UTC) Troll/Decryptor: Any tips for hacking and ruining ones life?
(2016-03-29 19:45:49 UTC) Troll/Decryptor: Any tips for hacking and ruining ones life?
(2016-03-29 19:46:47 UTC) Troll/Decryptor: like softwares or such? im new to hacking and I want to become good at it. so just a message if you can give me some help.
(2016-03-31 06:24:41 UTC) Victim: In regards to comments above, that guy says @Admin isn't good with encryption and ransomware.. Why, @2016-03-19 20:11:44 UTC, don't you just make your own service, if its so easy? lol
(2016-03-31 15:40:07 UTC) Victim: @Admin: GCC is shit! Use clang!
(2016-03-31 15:41:35 UTC) Troll/Decryptor: @ 2016-03-31 06:24:41 UTC: I don't make my own service because I don't like ransomware and their developers. Do you want me to make such a service?
(2016-03-31 15:42:12 UTC) Victim: The N in the changes file is even divisible by 3 did you meant that by faulty?
(2016-03-31 15:42:30 UTC) Troll/Decryptor: @ 2016-03-31 15:40:07 UTC: GCC is very good, but it depends a bit on what you're using GCC for.
(2016-03-31 15:43:16 UTC) Victim: @ 2016-03-31 15:41:35 UTC: Yes.
(2016-03-31 15:44:07 UTC) Victim: @ 2016-03-31 15:42:30 UTC: Especially if you're relying on undefined behaviour.
(2016-03-31 15:46:45 UTC) Troll/Decryptor: @ 2016-03-31 15:43:16 UTC: Do you have a Bitmessage address? If so, please post it, so I can write a BM to you.
(2016-03-31 15:47:54 UTC) Troll/Decryptor: @ 2016-03-31 15:44:07 UTC: If some software doesn't work as you want it it's mostly not GCC's fault, but yours.
(2016-03-31 15:50:08 UTC) Troll/Decryptor: The biggest advantage of GCC is its compiling speed and the machine-oriented code it puts out. GCC's code is the fastest when you compare many popular compilers together.
(2016-03-31 15:51:02 UTC) Troll/Decryptor: That's why I use GCC only. Because it's the best compiler for my needs and the needs of my customers.
(2016-03-31 15:51:08 UTC) Victim: @ Admin: Do I know you? Are you from the CCC Zurich?
(2016-03-31 15:56:28 UTC) Troll/Decryptor: @ 2016-03-31 15:51:08 UTC: I don't think so. I think he's from Microsoft because his ransomware crashes very often and it's a very (un)lucky thing when it does its job until it's finished. Mostly it ends before it's finished. And it reads everything from your PC and maybe sends it to the admin. That's something Microsoft is very good at: spying. And, of course, members of Microsoft are unfriendly assholes - like the admin of this site.
(2016-03-31 15:58:33 UTC) Troll/Decryptor: It wouldn't be surprising if someone would murder the admin. It's surprising that nobody did this until today.
(2016-03-31 15:59:47 UTC) Victim: @ 2016-03-29 12:31:26 UTC: Why?
(2016-03-31 16:00:28 UTC) Troll/Decryptor: @ 2016-03-31 15:59:47 UTC: Because he's an asshole.
(2016-03-31 16:01:27 UTC) Victim: @ 2016-03-31 16:00:28 UTC: I know. But I'd like to know the real reason for this.
(2016-03-31 16:02:59 UTC) Victim: @ 2016-03-31 15:56:28 UTC: I think that everyone who claims that his ransomware is crashing is lying just like you.
(2016-03-31 16:04:37 UTC) Victim: @ 2016-03-31 16:01:27 UTC: What do you want to do? Making a profile of him to identify him?
(2016-03-31 16:06:29 UTC) Troll/Decryptor: @ 2016-02-21 19:33:19 UTC: Instead of asking stupid questions you have to give the victim the decryptor, you stupid motherfucking asshole!!!!!!!!!!!!!!!!!!!!!!
(2016-03-31 16:07:24 UTC) Troll/Decryptor: But I don't want to involve your mother. I think she murdered herself because she felt shitty because of her son.
(2016-03-31 16:09:02 UTC) Troll/Decryptor: @ 2016-03-31 16:02:59 UTC: You can think whatever you want. I can't do more than telling the truth.
(2016-03-31 16:09:29 UTC) Victim: @ 2016-03-31 16:04:37 UTC: Would you want to do that? I've got a masters degree in psychologie.
(2016-03-31 16:09:44 UTC) Troll/Decryptor: @ 2016-03-31 16:04:37 UTC: Nothing. I want to wait until another person does the job.
(2016-03-31 16:10:29 UTC) Troll/Decryptor: @ 2016-03-31 16:09:29 UTC: Are you German-speaking?
(2016-03-31 16:11:05 UTC) Victim: @ 2016-03-31 16:09:29 UTC: You are a master in psychology? I am the master of the universe.
(2016-03-31 16:11:38 UTC) Troll/Decryptor: @ 2016-03-31 16:11:05 UTC: loooooooooooooooool!!!
(2016-03-31 16:13:17 UTC) Troll/Decryptor: loooooooooooooooool!!!
(2016-03-31 16:13:25 UTC) Troll/Decryptor: loooooooooooooooool!!!
(2016-03-31 16:13:34 UTC) Troll/Decryptor: loooooooooooooooool!!!
(2016-03-31 16:13:41 UTC) Troll/Decryptor: loooooooooooooooool!!!
(2016-03-31 16:13:48 UTC) Troll/Decryptor: loooooooooooooooool!!!
(2016-03-31 16:13:57 UTC) Troll/Decryptor: loooooooooooooooool!!!
(2016-03-31 16:14:07 UTC) Troll/Decryptor: loooooooooooooooool!!!
(2016-03-31 16:14:30 UTC) Troll/Decryptor: loooooooooooooooool!!!
(2016-03-31 16:14:39 UTC) Troll/Decryptor: loooooooooooooooool!!!
(2016-03-31 16:14:46 UTC) Troll/Decryptor: loooooooooooooooool!!!
(2016-03-31 16:14:53 UTC) Troll/Decryptor: loooooooooooooooool!!!
(2016-03-31 16:15:02 UTC) Troll/Decryptor: loooooooooooooooool!!!
(2016-03-31 16:15:11 UTC) Troll/Decryptor: loooooooooooooooool!!!
(2016-03-31 16:15:24 UTC) Troll/Decryptor: loooooooooooooooool!!!
(2016-03-31 16:15:30 UTC) Troll/Decryptor: loooooooooooooooool!!!
(2016-03-31 16:15:36 UTC) Troll/Decryptor: loooooooooooooooool!!!
(2016-03-31 16:26:13 UTC) Victim: @ 2016-03-31 15:51:08 UTC: No, he's from Bielefeld.
(2016-03-31 16:40:01 UTC) Victim: @ 2016-03-31 16:26:13 UTC: Does that even exists?
(2016-03-31 18:25:36 UTC) Troll/Decryptor: @ 2016-03-31 16:26:13 UTC: How do you know that?
(2016-03-31 18:26:18 UTC) Troll/Decryptor: @ 2016-03-31 16:40:01 UTC: Yes, it does. But how does he know it?
(2016-03-31 18:27:36 UTC) Troll/Decryptor: loooooooooooooooool!!!
(2016-03-31 18:27:48 UTC) Troll/Decryptor: loooooooooooooooool!!!
(2016-03-31 18:27:55 UTC) Troll/Decryptor: loooooooooooooooool!!!
(2016-03-31 18:28:04 UTC) Troll/Decryptor: loooooooooooooooool!!!
(2016-03-31 18:28:11 UTC) Troll/Decryptor: loooooooooooooooool!!!
(2016-03-31 18:28:20 UTC) Troll/Decryptor: loooooooooooooooool!!!
(2016-03-31 18:28:30 UTC) Troll/Decryptor: loooooooooooooooool!!!
(2016-03-31 18:28:41 UTC) Troll/Decryptor: loooooooooooooooool!!!
(2016-03-31 18:28:49 UTC) Troll/Decryptor: loooooooooooooooool!!!
(2016-03-31 18:28:57 UTC) Troll/Decryptor: loooooooooooooooool!!!
(2016-03-31 18:29:11 UTC) Troll/Decryptor: loooooooooooooooool!!!
(2016-03-31 18:29:20 UTC) Troll/Decryptor: loooooooooooooooool!!!
(2016-03-31 18:29:37 UTC) Troll/Decryptor: loooooooooooooooool!!!
(2016-03-31 18:29:47 UTC) Troll/Decryptor: loooooooooooooooool!!!
(2016-03-31 18:29:56 UTC) Troll/Decryptor: loooooooooooooooool!!!
(2016-03-31 18:30:04 UTC) Troll/Decryptor: loooooooooooooooool!!!
(2016-03-31 18:30:11 UTC) Troll/Decryptor: loooooooooooooooool!!!
(2016-03-31 18:30:18 UTC) Troll/Decryptor: loooooooooooooooool!!!
(2016-03-31 18:30:40 UTC) Troll/Decryptor: looooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooool!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
(2016-03-31 18:30:48 UTC) Troll/Decryptor: looooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooool!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
(2016-03-31 18:30:56 UTC) Troll/Decryptor: looooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooool!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
(2016-03-31 18:31:05 UTC) Troll/Decryptor: looooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooool!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
(2016-03-31 18:31:12 UTC) Troll/Decryptor: looooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooool!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
(2016-03-31 18:31:20 UTC) Troll/Decryptor: looooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooool!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
(2016-03-31 18:31:28 UTC) Troll/Decryptor: a
(2016-03-31 18:31:35 UTC) Troll/Decryptor: s
(2016-03-31 18:31:44 UTC) Troll/Decryptor: s
(2016-03-31 18:31:52 UTC) Troll/Decryptor: h
(2016-03-31 18:31:59 UTC) Troll/Decryptor: o
(2016-03-31 18:32:09 UTC) Troll/Decryptor: l
(2016-03-31 18:32:16 UTC) Troll/Decryptor: e
(2016-03-31 18:32:23 UTC) Troll/Decryptor: !
(2016-03-31 18:32:30 UTC) Troll/Decryptor: !
(2016-03-31 18:32:38 UTC) Troll/Decryptor: !
(2016-03-31 18:33:39 UTC) Troll/Decryptor: looooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooool!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
(2016-03-31 18:57:17 UTC) Admin: Oh, hello decryptor. Glad to hear from you. Do you have fun spamming the chat? I have a question for you: Who's visible at the challenge.jpg.enc file?
(2016-03-31 19:44:18 UTC) Troll/Decryptor: I have another question to you: How do you know if I'm "decryptor" or not?
(2016-03-31 19:47:15 UTC) Troll/Decryptor: But I think the spammed text is a bit funny - and true, of course.
(2016-03-31 19:56:26 UTC) Troll/Decryptor: @ 2016-03-31 18:57:17 UTC: Do you mean there's a decryptor who can decrypt all my files that were destroyed by your software? If so, could you give me his email? I need my files!!
(2016-03-31 19:59:06 UTC) Admin: @2016-03-31 19:44:18 UTC: I'm just quiet sure about that.
(2016-03-31 20:02:03 UTC) Admin: @2016-03-31 19:56:26 UTC: He just called himself like that and claimed that he were able to do that, but he were just plainly lying. Who are you anyway? What's your victims site link? (the ones from the readme) Are you sure that they were destroyed or just simply reversibly encrypted?
(2016-03-31 20:31:19 UTC) Victim: @2016-03-31 18:26:18 UTC: In a email he told me that he's speaking almost english in his life. That he's from a german speaking country maybe only means that he's originally from a german speaking country. Maybe he's living in a anglo-saxon country.
(2016-03-31 20:36:11 UTC) Victim: *that he's almost only speaking english in his life
(2016-03-31 20:56:45 UTC) Victim: @2016-03-31 20:31:19 UTC: Learn english, fag.
(2016-04-01 04:11:51 UTC) Troll/Decryptor: @ 2016-03-31 20:02:03 UTC: There's no readme at all. Most files were deleted. There were many files a friend of me was able to recover, but there are still some unrecoverable files. I'm here because my friend knows this software and he said I should ask here.
(2016-04-01 04:58:05 UTC) Admin: The encryptor isn't able to delete files. The decryptor is, but only for one filename. So no URL, no readmes, files deleted, ... . Are you absolutely sure that you were hit by Encryptor RaaS? If so, why?
(2016-04-01 04:58:45 UTC) Troll/Decryptor: @ 2016-03-31 19:56:26 UTC: The decryptor wrote an email to me a few days ago. His email address seems to be "decryptor@sigaint.org". Hopefully he can help you.
(2016-04-01 05:04:37 UTC) Troll/Decryptor: @ 2016-04-01 04:58:05 UTC: Because my friend's antivirusprogramme recognizes the exe as "Trojan.Win32.Encryptor.RaaS". As I saw there's a second decryptor that's reachable via email. Is it you?
(2016-04-01 05:06:45 UTC) Troll/Decryptor: @ 2016-03-31 18:57:17 UTC: I'll tell you soon. My computer isn't finished with hacking the encryption yet.
(2016-04-01 05:07:24 UTC) Victim: @ 2016-04-01 04:58:05 UTC: Trolololololol, it's me again, decryptor. I still want to destroy you. That you weren't able to decrypt the files of a victim gives me the possibility to troll you with many fake victim personas.
(2016-04-01 05:35:22 UTC) Admin: @2016-04-01 05:04:37 UTC: Just because it were on the harddisk (if the signature is correct and not wrongly matching to another ransomware) doesn't mean that it were executed. Could you send me a sample of a encrypted file? Maybe the checksum (md5sum, sha1sum, ...) of the suspected encryptor too?
(2016-04-01 05:42:49 UTC) Troll/Decryptor: @ 2016-04-01 05:07:24 UTC: If you think you are the decryptor, write me an email from your address. If you are decryptor, you should know who I am.
(2016-04-01 05:43:23 UTC) Troll/Decryptor: …and what's my email address.
(2016-04-01 05:46:23 UTC) Troll/Decryptor: @ 2016-04-01 05:35:22 UTC: No, I can't because there's no encrypted file. There were only deletions. That's the problem.
(2016-04-01 05:48:27 UTC) Troll/Decryptor: But what's this? I saw a second decryptor here on the demo chat. Does this decryptor belong to you, admin?
(2016-04-01 05:54:13 UTC) Troll/Decryptor: @ 2016-04-01 05:07:24 UTC: Hello rollmay! Nice to hear from you again! Did you get my email?
(2016-04-01 05:54:54 UTC) Troll/Decryptor: @ decryptor: I wrote an email to you where I described my problem. Hopefully you can decrypt my files without paying money to someone. Do you think you can do that? I need my files!!
(2016-04-01 08:39:07 UTC) Admin: @ Troll/Decryptor: Be proud, you've got your own entry in a python dict object.
(2016-04-01 08:44:32 UTC) Admin: @ Troll/Decryptor: It took me a while, but I found out which posts are from you with an extraordinary precision. It might be useless to say that, but anyway: Hiermit hast du auf sämtlichen von mir betriebenen Servern virtuelles Hausverbot!
(2016-04-01 10:48:04 UTC) Troll/Decryptor: Yes, you made it with real precision. But you marked a few posts with my username that weren't written by me. And you left one post out that was written by me. It might be useless to say that, but anyway: Du hast keine Ahnung über mich, weil das nicht geht. Das ist ein anonymes Netzwerk, in dem sich genau gar nichts rausfinden lässt. Falls doch, schreib es mir bitte. Virtuelles Hausverbot ist übrigens wirklich useless!
(2016-04-01 12:24:33 UTC) Troll/Decryptor: Is it possible to rename my entry? I don't like the name decryptor anymore.
(2016-04-01 16:58:54 UTC) Admin: @ 2016-04-01 12:24:33 UTC: What else should I call you? Person, I dislike, which wants to cause trouble for my customers and me? Maybe anything more neutral?
(2016-04-01 17:10:40 UTC) Admin: @ 2016-04-01 12:24:33 UTC: By the way, the session cookie thing were actually just a bluff. After scrolling through the saved capture in wireshark, I saw that you were really using the same session cookie and not deleting it in between. Well played, sir.
(2016-04-02 04:17:33 UTC) Troll/Decryptor: Why do you tjink decryptor isn't neutral? When I chose this name I didn't know you and your sites. I chose it for an IT forum in CN. May you rename me to Alphahacker, please? BTW: Of course I used it. Thank you for this information. Did you only identify me by my cookie or do you know something else about me (except my email address)?
(2016-04-02 11:51:14 UTC) Admin: @ 2016-04-02 04:17:33 UTC: I meant anything more neutral than person I dislike.
(2016-04-02 12:00:38 UTC) Admin: @ 2016-04-02 04:17:33 UTC: The name will stay to avoid confusion.
(2016-04-02 13:31:00 UTC) Troll/Decryptor: Whom should I confuse? You or myself?
(2016-04-02 13:32:44 UTC) Troll/Decryptor: BTW: You don't have to call me "person I dislike". My nickname is decryptor. My real name is a secret.
(2016-04-02 13:57:46 UTC) Admin: @ 2016-04-02 13:31:00 UTC: It's because your nickname were written multiple times at the chat.
(2016-04-02 13:57:57 UTC) Admin: @ 2016-04-02 13:32:44 UTC: Nice to meet you, a secret. I'm jeiphoos.
(2016-04-02 14:59:52 UTC) Troll/Decryptor: You're funny! But not for me. I didn't say my name is "a secret", but my name is something that's secret to everyone here. That does NOT mean my name is "something that's secret to everyone here". Hopefully you understand what I mean.
(2016-04-02 15:01:32 UTC) Troll/Decryptor: If it would be confusing to change my nickname, could you change the lines where my nickname was written in the chat to show my new nickname? As I see, it's possible for you to change lines in the chat.
(2016-04-02 15:25:52 UTC) Admin: Sorry, no. Can't you just forget that this site exists and move on, please?
(2016-04-02 16:44:22 UTC) Victim: hhhhhhhhhhh
(2016-04-02 16:44:58 UTC) Victim: jjfsdfjdfjdfd
(2016-04-02 16:45:56 UTC) Victim: xdee
(2016-04-02 16:46:55 UTC) Victim: fuke
(2016-04-02 18:54:42 UTC) Troll/Decryptor: I can't forget this site! But I think the reason why you always recognize me is that you may hacked me. My AV doesn't find anything, but I notice some strange network traffic when I turn on my PC. Now I need a new HD. Thank you, asshole!
(2016-04-02 18:56:17 UTC) Troll/Decryptor: In german we'd call people like you a "Hurensohn" but I think that would be unfair. Your mother may have murdered herself because of her son (I mean you, motherfuckin' asshole)!
(2016-04-02 19:38:00 UTC) Admin: I didn't hacked you, but frankly said, that were my plan if you didn't stopped trolling. How do you know that I'm experienced in manipulating hard disk drive firmwares?
(2016-04-03 02:18:37 UTC) Victim: s
(2016-04-03 03:10:02 UTC) Victim: asd
(2016-04-03 04:53:03 UTC) Troll/Decryptor: At first, who's frankly? And second, I don't know if you're experienced in this. But it could be. But this doesn't matter to me. What really matters is that my computer shows strange network traffic when I start it. But you can't manipulate the firmware of my HD because it's on an isolated read-only-memory. The "read-only-flag" is physically so you can't be able to manipulate the firmware. You can manipulate my data, but not my firmware.
(2016-04-03 04:54:16 UTC) Troll/Decryptor: And why should I believe it that you didn't hack me? I've to ask you a serious question: Can you prove what you said?
(2016-04-03 05:34:14 UTC) Admin: @2016-04-03 04:53:03 UTC: The firmware isn't read-only. You can even dump and (re)flash the firmware while the drive is operating using ATA commands.
(2016-04-03 05:36:12 UTC) Admin: @2016-04-03 04:54:16 UTC: Now it's getting ridiculous, next you're telling me to proof that I didn't kidnapped the Lindbergh baby.
(2016-04-03 05:56:13 UTC) Admin: By the way, that happened a few years before I were born. I don't tell how many, but not many.
(2016-04-03 16:31:29 UTC) Troll/Decryptor: @ 2016-04-03 05:34:14 UTC: Normally, yes! But I use a special HD that can't be flashed. If the firmware is faulty, nobody can do anything against this. BTW: I recognized the traffic that gets off my PC when I start it. It's not a malware but something I won't tell to you, becausethis could make it easier for you to hack me. But anyway, I wouldn't recommend someone to hack me. It will be unsuccessful in most cases. And if it'd be successful I will find out who you are and then I'll do anything against you as I can do.
(2016-04-03 16:39:12 UTC) Troll/Decryptor: Who's Frankly? And why do you always know me? And what other things do youknow about me?
(2016-04-03 17:19:04 UTC) Admin: @ 2016-04-03 16:31:29 UTC: It makes it easier? It has to be Absolute LoJack traffic then.
(2016-04-03 17:22:19 UTC) Admin: @ 2016-04-03 16:39:12 UTC: frankly said means offen gesagt. I don't know anything about you, I just have some educated guesses. You're a student, right? I guess something between 10 and 18 years old?
(2016-04-03 17:24:42 UTC) Admin: @ 2016-04-03 16:39:12 UTC: Your language says much about your age, I've to know that, I've children and grandchildren.
(2016-04-03 18:08:19 UTC) Troll/Decryptor: No, it's no Absolute LoJack traffic. It's some encrypted traffic as all the other traffic that comes from my PC. But it's only listed as TCP traffic. That's all I will tell you about this traffic because it should be as hard as it can be to hack me. My router is based on a very strong OS that uses a complex self-made watchdog that assists the basic security of every NAT router. But I cannot tell you more about it. The only important thing is it prevents every type of attack, but sometimes it blocks myself, too. That means it's a very safe system so I'd recommend you to not trying to hack me. If you are successful in this, please let me know how so I can implement a blocker against this.
(2016-04-03 18:09:34 UTC) Troll/Decryptor: Something between 10 and 18… I've to tell you this isn't my real age. Do you want to guess again?
(2016-04-03 18:29:06 UTC) Victim: Go to hell, grampa!!!!
(2016-04-03 22:42:54 UTC) Victim: GTFO old fart!
(2016-04-03 23:25:07 UTC) Victim: @Troll/Decryptor; Based on your vocabulary you have barely scratched the surface of exploiting and networking.
(2016-04-04 04:36:36 UTC) Troll/Decryptor: @ 2016-04-03 23:25:07 UTC: Maybe you are right. But I know from manz other people my network is on a high security level. One of these people is an administrator for a network of a firm where 1200 people work. I think at least he should know what is safe and what is not safe.
(2016-04-04 04:37:31 UTC) Troll/Decryptor: BTW: Who are you?
(2016-04-04 10:46:49 UTC) Troll/Decryptor: @ 2016-04-03 17:22:19 UTC: Do you want to guess again or not?
(2016-04-04 17:42:48 UTC) Victim: asdasdf
(2016-04-05 01:26:15 UTC) Victim: To the dev, just want to say keep up the good work for making your raas so up to date
(2016-04-05 01:26:48 UTC) Victim: you should improve the instructions and html of the ransomware page though
(2016-04-05 05:00:01 UTC) Troll/Decryptor: OH?
(2016-04-05 05:00:04 UTC) Troll/Decryptor: OH?
(2016-04-05 05:57:39 UTC) Troll/Decryptor: @ 2016-04-05 01:26:15 UTC: Ransomware is shit, especially the ones from this page!
(2016-04-05 05:58:54 UTC) Troll/Decryptor: Go to hell, grampa!!!!
(2016-04-05 05:59:17 UTC) Troll/Decryptor: Go to hell, grampa!!!!
(2016-04-05 12:05:27 UTC) Victim: hadi
(2016-04-05 12:05:29 UTC) Victim: hadi
(2016-04-06 11:03:08 UTC) Victim: hi
(2016-04-06 15:13:10 UTC) Victim: hi
(2016-04-06 15:13:23 UTC) Victim: hi
(2016-04-07 03:59:06 UTC) Troll/Decryptor: hadi
(2016-04-07 03:59:19 UTC) Troll/Decryptor: hadi
(2016-04-07 04:11:21 UTC) Troll/Decryptor: @ 2016-03-31 18:57:17 UTC: Here's the solution: It shows George Clooney
(2016-04-07 15:53:09 UTC) Admin: No, that's not even remotely correct. Try again.
(2016-04-07 16:11:20 UTC) Troll/Decryptor: Ok
(2016-04-07 16:11:34 UTC) Troll/Decryptor: Ok
(2016-04-07 19:22:48 UTC) Victim: Potatos are kind of tasty
(2016-04-07 19:23:12 UTC) Victim: there is no place like 127.0.0.1
(2016-04-07 20:03:42 UTC) Victim: I can count to potato.
(2016-04-08 03:17:17 UTC) Victim: Admin, how can I encrypt all of your damn files? Please teach me some shit.
(2016-04-08 08:23:10 UTC) Troll/Decryptor: @ 2016-04-08 03:17:17 UTC: Go to the toilet. There's some shit.
(2016-04-08 08:23:30 UTC) Admin: @ 2016-04-08 03:17:17 UTC: What do you mean by that, how to use a crypter?
(2016-04-08 08:27:55 UTC) Troll/Decryptor: Where's "Troll/Decryptor"? I miss his shit.
(2016-04-08 08:38:00 UTC) Admin: @ 2016-04-08 08:27:55 UTC: I think that he's back and more alive than ever. I'll only change the nickname to troll/decryptor when I'm absolutely sure that's him. So you miss yourself? (Just a suspicion)
(2016-04-08 09:13:55 UTC) Admin: @ 2016-04-08 08:27:55 UTC: Suspicion confirmed.
(2016-04-08 10:04:39 UTC) Victim: GTFO Troll/Decryptor!
(2016-04-08 10:08:02 UTC) Troll/Decryptor: @ 2016-04-08 08:38:00 UTC: No, because I'm not "Troll/Decryptor". I'm a person that likes his jokes because he twits you.
(2016-04-08 10:11:10 UTC) Troll/Decryptor: @ 2016-04-08 10:04:39 UTC: Hit the road jack, son of a bitch!
(2016-04-08 10:12:02 UTC) Troll/Decryptor: @ 2016-04-08 10:08:02 UTC: I don't twit anyone. I'm only telling the truth. And the truth is jeiphoos is an asshole.
(2016-04-08 10:17:35 UTC) Troll/Decryptor: @ 2016-04-08 09:13:55 UTC: How did you confirm it? In the last week I always used several computers that aren't mine. I just borrowed them from other people. And I borrowed their Internet connection, too. So how are you able to confirm your suspicion?
(2016-04-08 10:18:31 UTC) Troll/Decryptor: FYI almost every AC detects the current binary, I just noticed :/
(2016-04-08 10:27:22 UTC) Troll/Decryptor: What's an AC?
(2016-04-08 10:32:23 UTC) Troll/Decryptor: *AV
(2016-04-08 11:20:40 UTC) Admin: @2016-04-08 10:17:35 UTC: It doesn't matter if you're here, on same cust, guid=111111111111111111111111111111111111 or on same cust, guid=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa, ... . I'll have my ways to recognize you. I don't tell you, how I recognize you this time.
(2016-04-08 11:26:08 UTC) Admin: @2016-04-08 10:12:02 UTC: May I know why you think that I'm an asshole?
(2016-04-08 12:19:59 UTC) Troll/Decryptor: Lol, I, 2016-04-08 10:18:31 UTC, am not the same as "Troll/Decryptor"....
(2016-04-08 13:09:32 UTC) Admin: @2016-04-08 12:19:59 UTC: Well, your computer says otherwise.
(2016-04-08 13:17:06 UTC) Troll/Decryptor: Ok, apparently I have a quantum entangled laptop then
(2016-04-08 13:38:48 UTC) Troll/Decryptor: @ 2016-04-08 11:20:40 UTC: I can prove you can't recognize me every time. I'll tell you if you tell me why you think you do. But I am sure you can't recognize me every time. I know that! And I know my computer says nothing! Maybe the cookies from Tor Browser, but not my computer.
(2016-04-08 13:39:35 UTC) Troll/Decryptor: @ 2016-04-08 11:26:08 UTC: Yes, you may. But first, I've another question to you: What do you think why I say you're an asshole?
(2016-04-08 14:06:01 UTC) Admin: I don't know what you're thinking when you're saying something as I can't see inside your head. Can't you do anything productive instead of keep trolling and insulting me? Is there an actual reason for your behaviour or are you just bored?
(2016-04-09 05:49:28 UTC) Troll/Decryptor: Yes, there is. I say you're an asshole because you write and distribute ransomware and you're unfriendly. And last but not least you probably hacked me.
(2016-04-09 05:50:47 UTC) Troll/Decryptor: And another reason is that you mark some posts with my name I haven't written. And you leave some posts out that are written by me.
(2016-04-09 05:51:50 UTC) Troll/Decryptor: I didn't ask you to look inside my head. I only asked you to turn on YOUR head. Do you know how to do that?
(2016-04-09 14:46:47 UTC) Victim: Hello admin. I see the AV is 3/35 if I use a crypter will the exe work fine that way I can get it 0/35
(2016-04-09 15:55:05 UTC) Victim: It's even worse than 3/35
(2016-04-09 16:20:54 UTC) Victim: I crypted it got it to 0/35. Lets see if it works
(2016-04-09 16:26:21 UTC) Victim: Nice. Of course using your own FUD crypter should work with almost any binary (doesn't necessarily evade sandbox av's_
(2016-04-09 16:34:28 UTC) Victim: I went on hack forums paid $10 for 30 days and got a crypter. Instantly 0/35. Now I can bind it with pdf, documents, etc
(2016-04-09 16:44:22 UTC) Victim: The ransomware itself does not delete Shadow Volume Copies or perform secure deletions of encrypted files. Therefore, unless the affiliate incorporates these types of protection into their distribution method, it is possible to restore your files using a program like Shadow Explorer or file recovery software.
(2016-04-09 16:56:42 UTC) Victim: It does try to remove shadow copies after the encryption process is done.
(2016-04-09 16:57:57 UTC) Victim: how do you incorporate those protections. Do you bind it with another file? sorry noob no idea how to do it.
(2016-04-09 17:02:24 UTC) Victim: http://imgur.com/a/LxjGG
(2016-04-09 17:28:00 UTC) Victim: what program do I do that in. sorry like I said noob. Do you think that by crypting the file to get it FUD it will execute normally
(2016-04-09 18:08:34 UTC) Victim: Yeah should work, if you have a VM with Windows somewhere, run it and reset it afterwards.
(2016-04-09 18:13:50 UTC) Victim: I ask because I have tried it a few times in the last 3 three hours and the stats on the page dont change. Unless the stats take forever to update but I still have the same stats from yesterday
(2016-04-09 18:15:35 UTC) Victim: Upload your version somewhere and I can run it for you and see if it works, also for the stats to update you have to open the onion link shown in the textfile
(2016-04-09 18:16:10 UTC) Victim: As this ransomware is fully offline and the server won't know about the existence until you open the page initially.
(2016-04-09 18:37:57 UTC) Victim: http://www.securedwn.orgfree.com/decryptortest.rar Its rar let me know if you want me to upload the direct exe. By the onion link in the text file do you mean after I enter my BTC address and the page to buld the exe. The link that looks like this http://encryptor3awk6px.onion/action?btca=1HXQ5fs6PNhSuQurU7Ccy9&submit=Continue
(2016-04-09 18:38:31 UTC) Victim: thanks for your help
(2016-04-09 19:11:37 UTC) Victim: Your exe seems fubar, it only encrypts half my files and doesn't drop the readme with the link.
(2016-04-09 19:14:12 UTC) Victim: Also after rebooting I get this, /SkipReg is a parameter for the ransomware, but apparently your packer also tries to do sth with it http://i.imgur.com/leu9J02.jpg
(2016-04-09 19:15:41 UTC) Victim: so the crypter doesnt work
(2016-04-09 19:16:06 UTC) Victim: let me try another crypter
(2016-04-09 19:16:31 UTC) Victim: be back in 30 min thank you
(2016-04-09 19:23:59 UTC) Victim: getting another crypter
(2016-04-09 20:08:03 UTC) Victim: http://www.securedwn.orgfree.com/decryptor2.rar
(2016-04-09 20:08:25 UTC) Victim: try that one please. Got another crypter
(2016-04-09 20:34:14 UTC) Victim: Weird, again didn't touch my C:\Users\ directory and didn't drop the readme :/ ?!
(2016-04-09 20:37:45 UTC) Victim: Also after reboot: http://i.imgur.com/Z5cyhtL.jpg
(2016-04-09 20:56:08 UTC) Victim: do do you know any crypter that will will already paid $25 and neither works
(2016-04-09 20:57:02 UTC) Victim: the thing is avast is the number AV cause its free. I am trying to avoid it
(2016-04-09 20:57:44 UTC) Victim: do you the the crypter has to use injection
(2016-04-09 21:06:29 UTC) Victim: i got 2 more crypter thats all hackforums had. I will send you the files of it works I will tell you the exact settings so you can have your files fud also
(2016-04-09 21:14:13 UTC) Victim: Going to bed in a few minutes. I suggest you get a refund on those non-working packers or get support from the seller on how to get it to work properly in combination with this.
(2016-04-09 21:14:54 UTC) Victim: http://www.securedwn.orgfree.com/test3.rar
(2016-04-09 21:15:07 UTC) Victim: http://www.securedwn.orgfree.com/test4.rar
(2016-04-09 21:15:28 UTC) Victim: thats it no more crypters to buy. let me know thanks
(2016-04-09 21:30:04 UTC) Victim: Running number 3 now
(2016-04-09 21:36:44 UTC) Victim: I cant everything on hack forums is nonrefundable
(2016-04-09 21:39:17 UTC) Victim: 3 behaves exactly like 2
(2016-04-09 21:47:09 UTC) Victim: and 4 is exactly like 1. Are you sure that the actual packed binary is correct as well? As none of the samples touch the c:\Users\ directories but do encrypt files outside of that directory (without leaving instructions to this website)
(2016-04-09 21:50:15 UTC) Victim: I took the exe file and sent it to the crypters. just like I would a keylogger
(2016-04-09 23:50:48 UTC) Admin: @2016-04-09 16:44:22 UTC: As "2016-04-09 16:56:42 UTC" has said, my ransomware will try to remove the shadow copies, but this will only work if the ransomware is run with admin or system privileges. My ransomware doesn't have to delete files, as the files are being encrypted in-place. Where did you read this utterly wrong informations?
(2016-04-09 23:53:56 UTC) Admin: I'm more than glad, that there are serious conversations now. I really hope that it'll stay this way.
(2016-04-09 23:56:47 UTC) Admin: Addition to "2016-04-09 23:50:48 UTC": Is there any way that an unmodified windows version could save unencrypted file parts somewhere else (except of shadow copies) if the file is being encrypted in-place?
(2016-04-10 00:43:15 UTC) Victim: I read the info here http://www.bleepingcomputer.com/forums/t/584353/new-ransomware-as-a-service-raas-site-powers-affiliate-ransomware-scheme/
(2016-04-10 00:45:13 UTC) Victim: You are about to have some competition with the new hephaestus ransomware rolling out :)
(2016-04-10 01:01:45 UTC) Admin: @2016-04-10 00:43:15 UTC: Even at the time of writing, it were partly incorrect as I never used Java for my ransomware. Now the informations are plainly ancient and outdated, as it (the first post) were written three days after I've published the first version of my ransomware, which is over eight months ago.
(2016-04-10 01:02:35 UTC) Victim: this work ?
(2016-04-10 01:08:18 UTC) Admin: @2016-04-10 01:02:35 UTC: ?
(2016-04-10 01:53:44 UTC) Victim: Tox did it better.
(2016-04-10 02:25:59 UTC) Victim: HI admin. I am running the exe in a VM and nothing happens. How long does it take the file to load. I have tried several
(2016-04-10 02:29:12 UTC) Victim: and nothing
(2016-04-10 02:48:12 UTC) Victim: yolo detox ransome stopping by :)
(2016-04-10 04:47:26 UTC) Victim: admin the files I am generating are not executing the ransomware on the VM. If I try a file from last week it works but no the new ones. The problem is the old one is 13/35
(2016-04-10 05:53:11 UTC) Victim: Admin pls check your email
(2016-04-10 05:53:45 UTC) Victim: I got the file crypted and working at 0/35 scan
(2016-04-10 08:23:12 UTC) Victim: @2016-04-10 02:25:59 UTC on my almost empty VM (just a whole bunch of python files and a most up to date Win 7 Pro without AV it takes about 10 minutes of 100% cpu, then a minute of 100% disk activity.
(2016-04-10 08:32:41 UTC) Victim: Jeiphoos, how long does it take for the web browser to inform the user they are infected?
(2016-04-10 09:52:09 UTC) Admin: @2016-04-10 08:23:12 UTC: 10 minutes are extremely unrealistic, even with a 286 the first loops wouldn't take that long. Have you modified it in any way?
(2016-04-10 09:55:32 UTC) Victim: Running in a VirtualBox (= shite) with only 512MB RAM and a single 2.4ghz core.
(2016-04-10 10:30:19 UTC) Victim: Also lol, your detection rate on nodistribute.com went down
(2016-04-10 11:02:21 UTC) Victim: (fropm 3/35 to 2/35 with the same binary)
(2016-04-10 11:51:44 UTC) Admin: @2016-04-10 11:02:21 UTC: NoDistribute has problems with their Avast testing. I've already reported it to them a few months ago, but they didn't fixed it and not even answered me.
(2016-04-10 11:53:49 UTC) Admin: @2016-04-10 09:55:32 UTC: The minimum RAM requirements for Windows 7 are 1GB, 2GB are recommended.
(2016-04-10 11:55:38 UTC) Admin: Anyway, the long delay at the beginning suddendly made problems with my Win7 Test-VM too. I'm releasing a new version very soon, which should have it fixed.
(2016-04-10 16:05:20 UTC) Victim: when I run the file on a VM the computer gets infected. When I restart it is has an error that wont lad windows. It says we cannot verify the digital signature of this file. Does that also happen on a victims computer or just VM
(2016-04-10 16:05:51 UTC) Victim: that was load windows not lad
(2016-04-10 16:09:26 UTC) Troll/Decryptor: @ Admin: most of time your exe crashes.
(2016-04-10 16:19:53 UTC) Victim: its crashing on reboot
(2016-04-10 16:52:44 UTC) Admin: ? What's the filename?
(2016-04-10 16:55:09 UTC) Troll/Decryptor: encryptor_raas.exe Its from your site.
(2016-04-10 16:57:26 UTC) Troll/Decryptor: @ Troll/Decryptor: Where are you? Has it gone boring trolling us?
(2016-04-10 17:15:05 UTC) Victim: when will do you expect to have a functional file to create and spread
(2016-04-10 17:50:56 UTC) Admin: I didn't meant the filename of my encryptor. I meant the filename of the file, windows is unable to load because of the defective signature. Were you running it under Windows 7 Professional 64-bit?
(2016-04-10 17:58:59 UTC) Victim: admin you are speaking to 2 different people. I got the error on Win 7 32 bit. I will sign my messages with JRR. the person who wrote the encrypto file name is someone else
(2016-04-10 18:05:34 UTC) Admin: Frankly said, the last time that I've tested if windows will survive a restart is quiet some time ago. My ransomware is getting detected too quickly so I don't have that much time to test between all those releases. I'll release a new version in a few hours after some testing.
(2016-04-10 18:07:04 UTC) Admin: Whoops, I'll need something like a trip code for the demo chat.
(2016-04-10 18:13:53 UTC) Admin: @2016-04-10 17:58:59 UTC: So what happened exactly? Did that signature error occured at the boot loader, at a bluescreen, at the recovery menu, ...?
(2016-04-10 18:22:28 UTC) Admin: Windows 7 Ultimate 64-bit survived a restart perfectly. As the signature checks on 64-bit versions should be harder, it should actually work find on 32-bit too. Are there any third-party applications installed?
(2016-04-10 18:23:01 UTC) Victim: it install perfectly on intial installation and when you go to restart it says starting windows and instantly to reinsert CD and reinstall windows. I emailed you so you know who is talking to you.
(2016-04-10 18:33:13 UTC) Troll/Decryptor: @ 2016-04-10 16:57:26 UTC: I'm here. I'm surprised how much was written since my last visit. Do you want me to write something here again?
(2016-04-10 18:42:46 UTC) Admin: @2016-04-10 18:33:13 UTC: God forbid! Please not. It's so calm and contemplative here.
(2016-04-10 18:46:52 UTC) Admin: @2016-04-10 18:33:13 UTC: Wait a minute, I saw what you did here.
(2016-04-10 18:48:17 UTC) Victim: admin I emailed you something important . pls check thanks
(2016-04-10 18:58:52 UTC) Victim: hello
(2016-04-10 21:48:50 UTC) Victim: test
(2016-04-11 03:26:00 UTC) Victim: How long this would last if I uploaded it to PirateBay or another torrent service as a desired file, I wonder...
(2016-04-11 03:56:41 UTC) Admin: I have no idea, but it sounds like an interesting experiment.
(2016-04-11 04:42:07 UTC) Victim: They want me to wait an hour before uploading. I'll wait and then see how long it takes before it's discovered and removed from the site.
(2016-04-11 05:07:10 UTC) Admin: It's already detected by Twister. I've no idea why they're so hellbent on detecting my ransomware.
(2016-04-11 05:25:54 UTC) Victim: I think a lot of people are. You've made a well-workinf program as far as I can tell.
(2016-04-11 06:28:23 UTC) Victim: It seems it won't let me upload the file directly. It keeps saying Iput in the wrong captcha code. I'll try putting it in a .zip and uploading that.
(2016-04-11 06:31:37 UTC) Victim: Fak. still not working.
(2016-04-11 07:00:35 UTC) Victim: Okay, the captcha is just broke on there. Lame...
(2016-04-11 07:08:02 UTC) Troll/Decryptor: @ 2016-04-11 06:31:37 UTC: You're right
(2016-04-11 07:50:25 UTC) Victim: 2016-04-11 04:42:07 from my experience they ban new accounts on sight when they upload sth suspicious. Hell, even I got an old account banned once for uploading the Adobe MC CS4 back in the days for Mac, when all other versions were virus infected, but mine was actually clean. Got the account unbanned but the torrent stayed down. The site was under different management back then though
(2016-04-11 07:52:22 UTC) Victim: @Admin are you sure Twister detects you by signature, and not behaviour? Eg Hitman Pro will probably also catch this
(2016-04-11 07:53:07 UTC) Victim: because they downright block every program on the behaviour of iterating through harddrives and rewriting files with 50%+ different content; then they kill the process and replace backups on the fly.
(2016-04-11 07:55:23 UTC) Victim: Or maybe nodistribute fails and their Twister instance is not disconnected from the internet.
(2016-04-11 08:28:26 UTC) Troll/Decryptor: @ 2016-04-11 07:52:22 UTC: GTFO
(2016-04-11 08:35:03 UTC) Troll/Decryptor: Admin, are you here?
(2016-04-11 10:46:49 UTC) Victim: @admin Guy with the 10 min encryption process. I rechecked: the vm has 1GB of RAM, not 512 MB. Also the new 2016-04-10_1 version is done within 30 seconds.
(2016-04-11 10:56:58 UTC) Victim: Decryption takes considerably longer.
(2016-04-11 10:59:42 UTC) Victim: (8.5 mins)
(2016-04-11 11:01:41 UTC) Victim: Oh, but it doesn't decrypt properly: http://i.imgur.com/USBHmS5.jpg
(2016-04-11 11:35:59 UTC) Troll/Decryptor: @ 2016-04-11 11:01:41 UTC: Piss off!
(2016-04-11 13:26:27 UTC) Victim: Why don't you piss off?
(2016-04-11 15:57:35 UTC) Troll/Decryptor: This ransomware is garbage
(2016-04-11 16:01:18 UTC) Troll/Decryptor: I reversed and stole most of your code Admin and i must say under the hood this is complete shit and very unorignal. Try not to copy next time :P
(2016-04-11 17:05:05 UTC) Victim: has anybody has gotten paid. I have a few victim infections but none has paid.
(2016-04-11 17:29:31 UTC) Admin: @2016-04-11 07:52:22 UTC: I'm 100% sure, as they're downloading the encryptor beforehand. After I change assembly instructions, which explicitely do nothing, it's undetected again.
(2016-04-11 17:32:38 UTC) Admin: @2016-04-11 11:01:41 UTC: Are you able to decrypt it by running the decryptor a second time or by using the free decryptions interface? If not, please send me the file via email so I can take a look on it.
(2016-04-11 19:59:05 UTC) Troll/Decryptor: @ 2016-04-11 16:01:18 UTC: Even if I didn't write this message, I can say you are right! Encryptor RaaS is shitty. It has only one advantage: It doesn't get detected by antivirus-programmes. But this is because they detect malware instead of shitware that crashes most of the time. I executed it 8 times. Only once it finished its work - on a plain Windows. <sarcasm>Good job, jeiphoos!</sarcasm>
(2016-04-11 19:59:58 UTC) Troll/Decryptor: @ 2016-04-11 13:26:27 UTC: I could ask you the same. So why do you write shit here?
(2016-04-11 20:02:05 UTC) Troll/Decryptor: @ 2016-04-08 08:38:00 UTC/Admin: In a message you wrote "I'll only change the nickname to troll/decryptor when I'm absolutely sure that's him." I've to say you're not very intelligent. 2016-04-11 16:01:18 UTC wasn't written by me. So why did you mark it with my nickname?
(2016-04-11 20:04:55 UTC) Troll/Decryptor: I say you're not very intelligent because you aren't able to prove if it's me or not. Tor is programmed very good, instead of your shitware. I think even if I'd visit your page without tor you can't find out at which time I visit your site.
(2016-04-11 20:09:28 UTC) Troll/Decryptor: That is because I configured tor very secure so it won't suffice to compromize one exit relay to deanonymize me. My connection uses multiple exit relays (instead of the simpe 3-relay-chain) so it's nearly impossible to completely deanonymize me. So you can find out nothing about me. So don't think you can be sure if something is written by me or not. I'm not the only person that uses the tor configuration I use.
(2016-04-11 20:10:46 UTC) Troll/Decryptor: I won't tell you more details because of the security of me and my identity.
(2016-04-11 22:13:57 UTC) Victim: Can you please clear this shit. It takes ages to load!
(2016-04-11 22:23:13 UTC) Victim: Also on highest sec settings of the Tor browser bundle it doesn't scroll to the bottom
(2016-04-11 22:23:27 UTC) Victim: (automatically)
(2016-04-11 23:03:05 UTC) Admin: Thank you. Cleared to some point and now it's scrolling down automatically after writing something or if using the anchor "chat_bottom".
(2016-04-12 06:24:54 UTC) Troll/Decryptor: Please give me the decryption key for free.
(2016-04-12 07:21:28 UTC) Admin: @2016-04-12 06:24:54 UTC: Hello, Troll/Decryptor. How are you today? Did you slept well? How's the weather in Austria? Do you wonder how I found that out? I bet.
(2016-04-12 07:50:38 UTC) Victim: LOL, Troll/Decryptor is from that Hitler country?
(2016-04-12 09:58:09 UTC) Victim: Well, jeiphoos is also from around there I guess, otherwise sehe ich keinen Grund um die tor links auch in Deutsch in die Readme zu setzen
(2016-04-12 10:01:15 UTC) Victim: Well, I retested the decryptor from the demo page (retrieved from the link that the encryptor dropped) and it just doesn't work.
(2016-04-12 10:01:27 UTC) Victim: Or is the demo decryptor broken on purpose?
(2016-04-12 13:05:26 UTC) Victim: hi
(2016-04-12 13:32:58 UTC) Victim: hi
(2016-04-12 16:07:46 UTC) Admin: @2016-04-12 10:01:27 UTC: Here's something, I already told to another person: The decryptor needs a working internet connection!
(2016-04-12 19:15:44 UTC) Victim: Why?
(2016-04-12 19:30:47 UTC) Victim: @ 2016-04-12 07:50:38 UTC: Whom do you mean? There's at least one other person that uses my nickname because there are posts that are marked with my name that weren't written by me. Do you mean the fake decryptor or do you mean me (the real decryptor)?
(2016-04-12 19:57:30 UTC) Victim: 16:07:46 My VM had a working internet connection but I don't recall seeing any attempt to contact the net. will check again tomorrow when Im in the office