desuCrypt Ransomware Support Topic (DEUSCRYPT & Insane)

• InsaneCrypt (desuCrypt) Decrypter download

Hello guys,

thank you for your effort first. I really appreciate your fast work! You are doing really well so far!

I am trying to use the second version of this decrypter but I experience a problem. When I try to decrypt a file larger than 10 MB (for example 20 mb .gdb file), the decrypted file is about 10 MB

Second example: if I try to decrypt a .txt file which is about 15MB, the decrypted version is about 10 MB again. Is this done with purpose? It would be really great if you fix this glitch (if it is a glitch).

Thanks in advance!

Oops, that may be a bug. Could you send me some sample encrypted large files via PM so I can confirm my patch will fix it? I'll need an encrypted file and it's original to derive the key as well (any size is fine).

Edited by Demonslay335, 24 January 2018 - 12:13 PM.

Hello,

tried your tool on some files encrypted by deuscrypt and had no luck finding the decryption key.

Any news on that front?

@chellooo20

You'll need to send me the filepair you are using, and if possible, the malware executable that encrypted the files. You can use third-party sharing site and PM me a link.

Hi Demonslay 335,

Hi there, i have a few files that are 16-25mb in size but this cant seem to decrypt them despite having the key. Are you able to adjust the file size anywhere?

Many thanks for the awesome work 

I've fixed some bugs with the decrypter today relating to larger files, please re-download and make sure you are running at least v1.2.0.5.

I've fixed some bugs with the decrypter today relating to larger files, please re-download and make sure you are running at least v1.2.0.5.

People will sing your name in folk songs 300 years from now. Many thanks. That has saved me an almighty headache. 

People will sing your name in folk songs 300 years from now...

 

People will sing your name in folk songs 300 years from now...

They are already doing that now....Ransomware Hero to Receive FBI Award

That is amazing and well deserved. I will say however; cash rewards are temporary, folk songs are eternal!    

Demonslay 335, you are amazing ! Thank you very much for the awesome work. Your effort in fighting crime makes you a hero.

By the way, the recent Tornado ransomware will alter a few characters of long filenames (> ~23 characters). Probably it's the criminal's program bug.

@ykc

mauronz also gets credit for doing all the analysis on this particular ransomware family.

And I didn't get any cash for my award, lol.

Thanks for the heads-up on long filenames. I had not tested that, and it can actually be a problem. This malware creates the IV based on the last 16 bytes of the filepath (before the extension is added). So if a file has a shorter name and is moved, the IV I generate will be wrong, making the first 16 bytes of the file wrong; the rest of the file would still be fine. This would also be a problem if it renames a file or something. I'll do some testing to see if it is making the IV before or after in the case of it messing with filenames (if after, then we're fine).