ransome ware detection failed

[nashville]

I had the anti ransomeware beta on a computer and it failed to detect an attack.  Just thought I would provide some feedback. 

[1PW]

Hello nashville and

A Malwarebytes' staffer/ MBARW Beta developer has been requested to weigh-in and possibly request additional data. If the files that have become encrypted are still present,  are you able to detect encrypted files whose filenames have had their filename extensions changed? If so, what is their new extension please? If you are able, please try to determine the approximate date and time of the infection and report that too in your next reply to your thread. Was/is your system backed up such that a restore will mitigate most/all damages?

Please create the following archives for staffer/developer team analysis:

Create a ZIP archive of the directory C:\ProgramData\Malwarebytes\Malwarebytes Anti-Ransomware\
Create another ZIP archive of the directory C:\ProgramData\Malwarebytes\MBAMService\logs\

Please attach the above zipped archives to your next reply.

Thank you for beta testing MBARW and your valued feedback.

[Decrypterfixer]

The beta currently doesn't remove the ransom note, so it may simply look like it failed because the ransom is still displayed. Would you mind checking to see if any files were indeed encrypted?

[nashville]

Data files were encrypted.  Fortunately, except for the workstation that got infected, we were able to get all files restored from backups.  The workstation was also connected to a dropbox account and the files there were encrypted also.  I will attempt to get the requested files to you first thing in the morning.

[1PW]

Hello nashville:

Those will be very interesting. Thank you.

[Decrypterfixer]

Thanks for the feedback, if we could also get a sample that would be great

[naj4you]

Was trying this link i got from a friend with a crap pc hxxp://crossfitreykjavik.is/71BfC/vP0Lu63.php?id=margaretha.karlsson@kristinehamn.se , see attached file

[naj4you]

Data files were encrypted

[1PW]

Hello nay4you and

If you can leave the computer as is (except for the procedure below), a Malwarebytes staffer or member of the development team will be weighing in soon.

In the meantime, please try to create the following zipped archives for developer team analysis:

Create a zip archive of the directory C:\ProgramData\Malwarebytes\Malwarebytes Anti-Ransomware\
Create another zip archive of the directory C:\ProgramData\Malwarebytes\MBAMService\logs\

Please attach the above zipped archives to your next reply and then do a conventional Windows uninstall & reinstall of Beta5, MBARW 0.9.14.361 and include the status of the system's issue in your next reply.

Thank you for beta testing MBARW and your valued feedback.

[naj4you]

Here is the files, get back to u about the reinstallation.

logs.zip

Malwarebytes Anti-Ransomware.zip

[1PW]

Hello naj4you:

If it is not too late, please zip one of the encrypted files and attach to your next reply.

Thank you.

[naj4you]

Hi!

1 zipped file

Penguins.jpg.encrypted.zip

[1PW]

Hello naj4you:

Thank you for the sample.

[AdvancedSetup]

If you need help trying to cleanup, repair the computer please let us know @naj4you

Clean up or format and reinstall of Windows if needed is possible but data recovery is not. One may be able though to remove the drive and set it aside in the hopes that a future restore method is found. In some rare cases keys or methods to recover data have been found but not for most of the current infections.