Author Topic: AES-556  (Read 454 times)

mabdelouahab

  • Member
  • ***
  • Posts: 430
AES-556
« on: September 02, 2019, 10:32:13 PM »
Quote
The cryptography algorithm used by Nasoh is AES-556. So, if your documents got encrypted with a specific decryption key, which is totally and there are no other copies. The sad reality is that it is impossible to restore the information without the unique key available.

In case if Nasoh worked in online mode, it is impossible for you to gain access to the AES-556 key. It is stored on a remote server owned by the frauds who promote the Nasoh ransomware.

For receiving decryption key the payment should be $980. To obtain the payment details the victims are encouraged by the message to contact the frauds by email (gorentos@bitmessage.ch), or via Telegram.

Source: https://howtofix.guide/remove-nasoh-virus/?cn-reloaded=1

Is there a way to solve this problem?

hutch--

  • Administrator
  • Member
  • ******
  • Posts: 6768
  • Mnemonic Driven API Grinder
    • The MASM32 SDK
Re: AES-556
« Reply #1 on: September 02, 2019, 10:54:51 PM »
Yeah, keep backups OR keep a disk image, breaking a complex encryption is a near impossible task.
hutch at movsd dot com
http://www.masm32.com    :biggrin:  :skrewy:


K_F

  • Member
  • *****
  • Posts: 1519
  • Anybody out there?
Re: AES-556
« Reply #3 on: September 03, 2019, 04:01:49 AM »
The victims are saying that they got infected by the encryption ransomware...

May I ask a silly question... How do they get infected ?
'Sire, Sire!... the peasants are Revolting !!!'
'Yes, they are.. aren't they....'

mabdelouahab

  • Member
  • ***
  • Posts: 430
Re: AES-556
« Reply #4 on: September 03, 2019, 04:11:53 AM »
The victim (Student) says that he downloaded Access 2007 from the internet , but finally it turned out to be a virus

mabdelouahab

  • Member
  • ***
  • Posts: 430
Re: AES-556
« Reply #5 on: September 04, 2019, 03:47:12 AM »
I have no experience in encryption
But I ask:

If we have an encrypted file with the same copy not encrypted, can we extract the encryption key?

He accidentally copied files in Flash memory before he was infected

hutch--

  • Administrator
  • Member
  • ******
  • Posts: 6768
  • Mnemonic Driven API Grinder
    • The MASM32 SDK
Re: AES-556
« Reply #6 on: September 04, 2019, 04:23:06 AM »
Only XOR encryption can work that way and you can be sure that AES-556 does not work like that. I think the student is stuck with rebuilding his computer.
hutch at movsd dot com
http://www.masm32.com    :biggrin:  :skrewy:

mabdelouahab

  • Member
  • ***
  • Posts: 430
Re: AES-556
« Reply #7 on: September 04, 2019, 05:37:57 AM »
This is a picture of the original and infected files
The two files are 16 MB in size, I couldn't list them, I'll list them in another way

mabdelouahab

  • Member
  • ***
  • Posts: 430
Re: AES-556
« Reply #8 on: September 04, 2019, 05:45:48 AM »

K_F

  • Member
  • *****
  • Posts: 1519
  • Anybody out there?
Re: AES-556
« Reply #9 on: September 08, 2019, 08:19:02 AM »
OK.. my take on this.

The Encryption method will be evident in dissassembling the virus code.

It's most likely a matrix of data loaded with the virus, so if you still have the virus code, disassembly will reveal this data matrix.
Then you invert the matrix...
'Sire, Sire!... the peasants are Revolting !!!'
'Yes, they are.. aren't they....'