Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Generic User Avatar

Owl Ransomware .(OwL) Support Topic


  • Please log in to reply
16 replies to this topic

#1 keijjo

keijjo

  •  Avatar image
  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 25 October 2021 - 08:47 AM

Information
  All your important files have been encrypted with strongest encryption and unique key,
  generated for this computer. Private decryption key is stored on a secret internet server
  and nobody can't decrypt your files until you pay. Before paying you can send us up to
  3 files for free decryption. The total size of files must be less than 2Mb (non archived), 
  and files should not contain valuable information. (databases,backups, large excel sheets, etc.).
  And be sure to send the test file to be sure.
  To receive payment information, contact our emails and make the subject of the email your ID. 
 
 
Our Email :   AdminOwl@bitmessage.de
Our Support Email:   SuportOwl@mail2tor.com
Yuor ID(Email subject) :   201AD752
 
 
WARNING!
*You only have 72 hours to pay. If you do not pay after this period, your key will be removed from our servers forever.
*Do not try to decrypt your data using third party software, it may cause permanent data loss.
*Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.
 


BC AdBot (Login to Remove)

 


#2 keijjo

keijjo
  • Topic Starter

  •  Avatar image
  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 25 October 2021 - 08:48 AM

https://id-ransomware.malwarehunterteam.com/identify.php

 

 

SHA1: ea8dbab44a24c9ea2e825a70d43c4922b86e280c



#3 Amigo-A

Amigo-A

    Security specialist and Ransomware expert


  •  Avatar image
  • Members
  • 3,003 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bering Strait
  • Local time:07:45 AM

Posted 25 October 2021 - 12:12 PM

Hello, keijjo.
 
We need the original (unedited) ransom note file and several different encrypted files.
Put this in one shared zip archive and attach it to your message.

My site: The Digest "Crypto-Ransomware"  + Google Translate 

 


#4 keijjo

keijjo
  • Topic Starter

  •  Avatar image
  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 25 October 2021 - 12:44 PM

 

Olá,  keijjo .
 
Precisamos do arquivo original (não editado) da nota de resgate e de vários arquivos criptografados diferentes.
Coloque-o em um arquivo zip compartilhado e anexe-o à sua mensagem.

 

OK!

Attached Files



#5 Demonslay335

Demonslay335

    Ransomware Hunter


  •  Avatar image
  • Security Colleague
  • 4,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:45 PM

Posted 25 October 2021 - 04:42 PM

Not seeing anything recognizable with it. We will need the malware executable to analyze.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#6 keijjo

keijjo
  • Topic Starter

  •  Avatar image
  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 27 October 2021 - 06:56 AM

Not seeing anything recognizable with it. We will need the malware executable to analyze.

Sorry, but someone just ran a scanner and removed the virus, it's not in quarantine.



#7 quietman7

quietman7

    Bleepin' Gumshoe


  •  Avatar image
  • Global Moderator
  • 61,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:45 PM

Posted 27 October 2021 - 08:49 AM

If you do not have a sample of the malware file for our experts to analyze, we most likely will have to wait for another victim of this ransomware to provide a sample.


.
.
Microsoft MVP Alumni 2023
Windows Insider MVP 2017-2020
Microsoft MVP Reconnect 2016-2023
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Retired Police Officer, Federal Agent and Coast Guard Chief

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif


#8 Amigo-A

Amigo-A

    Security specialist and Ransomware expert


  •  Avatar image
  • Members
  • 3,003 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bering Strait
  • Local time:07:45 AM

Posted 27 October 2021 - 02:08 PM

The hta-note has visual elements similar to Fonix.


Edited by Amigo-A, 27 October 2021 - 02:08 PM.

My site: The Digest "Crypto-Ransomware"  + Google Translate 

 


#9 Amigo-A

Amigo-A

    Security specialist and Ransomware expert


  •  Avatar image
  • Members
  • 3,003 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bering Strait
  • Local time:07:45 AM

Posted 29 October 2021 - 03:10 AM

Based on the data obtained, this description was compiled.

 

Owl Ransomware


My site: The Digest "Crypto-Ransomware"  + Google Translate 

 


#10 quietman7

quietman7

    Bleepin' Gumshoe


  •  Avatar image
  • Global Moderator
  • 61,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:45 PM

Posted 29 October 2021 - 08:34 AM

Topic title updated to reflect naming convention and direct other victims to this support topic.


.
.
Microsoft MVP Alumni 2023
Windows Insider MVP 2017-2020
Microsoft MVP Reconnect 2016-2023
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Retired Police Officer, Federal Agent and Coast Guard Chief

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif


#11 dacocus

dacocus

  •  Avatar image
  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:45 AM

Posted 05 September 2023 - 10:50 AM

I have been infected by a OwL ransomware and all my files have been encrypted. I have uploaded a sample as an attacched . Please, can anybody help me??

Attached Files


Edited by dacocus, 05 September 2023 - 10:51 AM.


#12 quietman7

quietman7

    Bleepin' Gumshoe


  •  Avatar image
  • Global Moderator
  • 61,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:45 PM

Posted 05 September 2023 - 01:21 PM

Unfortunately, there is no known method that I am aware of to decrypt files encrypted by Owl Ransomware without paying the ransom (not advisable) and obtaining the private encryption keys from the criminals who created the ransomware unless they are leaked or seized & released by authorities. Without the criminal's master private key that can be used to decrypt your files, decryption is impossible. That usually means the key is unique (specific) for each victim and generated in a secure way (e.g. RSA, AES, Salsa20, ChaCha20, ECDH, ECC) that cannot be brute-forced...the public key alone that encrypted files is useless for decryption. 
 
If feasible, your best option is to restore from backups, try file recovery software to recover (not decrypt) some of your original files or backup/save your encrypted data as is and wait for a possible solution at a later time. 

.
.
Microsoft MVP Alumni 2023
Windows Insider MVP 2017-2020
Microsoft MVP Reconnect 2016-2023
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Retired Police Officer, Federal Agent and Coast Guard Chief

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif


#13 dacocus

dacocus

  •  Avatar image
  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:45 AM

Posted 06 September 2023 - 02:04 AM

It's a pity, but what can I do. Thanks for your response.



#14 Amigo-A

Amigo-A

    Security specialist and Ransomware expert


  •  Avatar image
  • Members
  • 3,003 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bering Strait
  • Local time:07:45 AM

Posted 06 September 2023 - 03:32 AM

dacocus

 

Did this happen recently or 2 years ago?


My site: The Digest "Crypto-Ransomware"  + Google Translate 

 


#15 dacocus

dacocus

  •  Avatar image
  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:45 AM

Posted 06 September 2023 - 03:51 AM

This happened last August (August 2023), so recently.






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users