{
	"id": "770598f5-086f-49a1-b5eb-6480c097b558",
	"created_at": "2026-04-06T00:16:17.874837Z",
	"updated_at": "2026-04-10T03:21:09.904783Z",
	"deleted_at": null,
	"sha1_hash": "9f13cc1c13144bb62d8b96e783718828e0ede814",
	"title": "RotorCrypt (RotoCrypt) Ransomware Support Topic - .tar, .c400, .c300, .GRANIT - Ransomware Help \u0026 Tech Support",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 110633,
	"plain_text": "RotorCrypt (RotoCrypt) Ransomware Support Topic - .tar, .c400,\r\n.c300, .GRANIT - Ransomware Help \u0026 Tech Support\r\nBy Y2Breeze\r\nArchived: 2026-04-05 23:05:26 UTC\r\n#1 RotorCrypt (RotoCrypt) Ransomware Support Topic - .tar, .c400, .c300, .GRANIT: post #1\r\nY2Breeze\r\nAvatar image\r\nMembers\r\n5 posts\r\nOFFLINE\r\n \r\nLocal time:07:05 PM\r\nPosted 17 October 2016 - 12:06 PM\r\nHi\r\n A client of mine got infected by something that looks like the Gomasom ransomware, but the end files are all in\r\n*.tar\r\n Here are 2 zip files, one with crypted files and the other with the same file from and old offline backup.\r\n Any idea how to decryp this?\r\n hxxp://datatest.simonznet.com/RANSOMWARE/\r\n Thanks\r\n Olivier\r\n Back to top\r\nBC AdBot (Login to Remove)\r\nhttps://www.bleepingcomputer.com/forums/t/629699/rotorcrypt-rotocrypt-ransomware-support-topic-tar-c400-c300-granit/\r\nPage 1 of 10\n\nBleepingComputer.com\r\nRegister to remove ads\r\n#2 RotorCrypt (RotoCrypt) Ransomware Support Topic - .tar, .c400, .c300, .GRANIT: post #2\r\nY2Breeze\r\nY2Breeze\r\nTopic Starter\r\nAvatar image\r\nMembers\r\n5 posts\r\nOFFLINE\r\n \r\nLocal time:07:05 PM\r\nPosted 17 October 2016 - 12:08 PM\r\nThere was no instruction for decryp left on the computer. I wrote to the email using a random email and here is\r\ntheir answer\r\nGood day\r\nYour files were encrypted/locked\r\nAs evidence can decrypt file 1 to 3 1-30MB\r\nThe price of the transcripts of all the files on the server: 7 Bitcoin\r\nRecommend to solve the problem quickly and not to delay\r\nAlso give advice on how to protect Your server against threats from the network\r\n(Files sql mdf backup decryption strictly after payment)!\r\n Back to top\r\n#3 RotorCrypt (RotoCrypt) Ransomware Support Topic - .tar, .c400, .c300, .GRANIT: post #3\r\nquietman7\r\nquietman7\r\nBleepin' Gumshoe\r\nhttps://www.bleepingcomputer.com/forums/t/629699/rotorcrypt-rotocrypt-ransomware-support-topic-tar-c400-c300-granit/\r\nPage 2 of 10\n\nAvatar image\r\nGlobal Moderator\r\n65,768 posts\r\nOFFLINE\r\n \r\nGender:Male\r\nLocation:Virginia, USA\r\nLocal time:07:05 PM\r\nPosted 17 October 2016 - 12:33 PM\r\nYou can submit samples of encrypted files and ransom notes to ID Ransomware for assistance with identification\r\nand confirmation. This is a service that helps identify what ransomware may have encrypted your files and then\r\nattempts to direct you to an appropriate support topic where you can seek further assistance. Uploading both\r\nencrypted files and ransom notes together provides a more positive match and helps to avoid false detections. If\r\nID Ransomware cannot identify the infection, you can post the case SHA1 it gives you for Demonslay335 to\r\nmanually inspect the files.\r\nExample screenshot:\r\n2016-07-01_0936.png\r\n Back to top\r\n#4 RotorCrypt (RotoCrypt) Ransomware Support Topic - .tar, .c400, .c300, .GRANIT: post #4\r\nquietman7\r\nquietman7\r\nBleepin' Gumshoe\r\nAvatar image\r\nGlobal Moderator\r\n65,768 posts\r\nOFFLINE\r\n \r\nGender:Male\r\nLocation:Virginia, USA\r\nLocal time:07:05 PM\r\nPosted 17 October 2016 - 12:33 PM\r\nhttps://www.bleepingcomputer.com/forums/t/629699/rotorcrypt-rotocrypt-ransomware-support-topic-tar-c400-c300-granit/\r\nPage 3 of 10\n\nSamples of any encrypted files, ransom notes or suspicious executables (installer, malicious files, attachments)\r\nthat you suspect were involved in causing the infection can be submitted here\r\n(http://www.bleepingcomputer.com/submit-malware.php?channel=168) with a link to this topic. Doing that will\r\nbe helpful with analyzing and investigating by our crypto experts.\r\n Back to top\r\n#5 RotorCrypt (RotoCrypt) Ransomware Support Topic - .tar, .c400, .c300, .GRANIT: post #5\r\nY2Breeze\r\nY2Breeze\r\nTopic Starter\r\nAvatar image\r\nMembers\r\n5 posts\r\nOFFLINE\r\n \r\nLocal time:07:05 PM\r\nPosted 17 October 2016 - 12:39 PM\r\nID Ransomware cannot identify the ransomware.\r\nSHA1 is fd65d1e0b248c8ec254ab3086f5877ff2065d72a\r\nSending the files to your second link right now.\r\n Back to top\r\n#6 RotorCrypt (RotoCrypt) Ransomware Support Topic - .tar, .c400, .c300, .GRANIT: post #6\r\nquietman7\r\nquietman7\r\nBleepin' Gumshoe\r\nAvatar image\r\nGlobal Moderator\r\n65,768 posts\r\nOFFLINE\r\nhttps://www.bleepingcomputer.com/forums/t/629699/rotorcrypt-rotocrypt-ransomware-support-topic-tar-c400-c300-granit/\r\nPage 4 of 10\n\nGender:Male\r\nLocation:Virginia, USA\r\nLocal time:07:05 PM\r\nPosted 17 October 2016 - 02:58 PM\r\nOk.\r\nAfter our experts examine the files, they will post in this topic if they can assist or need further information.\r\n Back to top\r\n#7 RotorCrypt (RotoCrypt) Ransomware Support Topic - .tar, .c400, .c300, .GRANIT: post #7\r\nmike 1\r\nmike 1\r\nAvatar image\r\nMembers\r\n210 posts\r\nOFFLINE\r\n \r\nGender:Male\r\nLocation:Russia, Moscow\r\nLocal time:03:05 AM\r\nPosted 17 October 2016 - 03:21 PM\r\nМы разные, но идея одна! \r\n Back to top\r\n#8 RotorCrypt (RotoCrypt) Ransomware Support Topic - .tar, .c400, .c300, .GRANIT: post #8\r\nSamsonFromTheBible\r\nSamsonFromTheBible\r\nAvatar image\r\nMembers\r\n11 posts\r\nOFFLINE\r\nhttps://www.bleepingcomputer.com/forums/t/629699/rotorcrypt-rotocrypt-ransomware-support-topic-tar-c400-c300-granit/\r\nPage 5 of 10\n\nGender:Male\r\nLocal time:01:05 AM\r\nPosted 18 October 2016 - 05:09 AM\r\n Is the virus on Mac by any chance?\r\n Back to top\r\n#9 RotorCrypt (RotoCrypt) Ransomware Support Topic - .tar, .c400, .c300, .GRANIT: post #9\r\nY2Breeze\r\nY2Breeze\r\nTopic Starter\r\nAvatar image\r\nMembers\r\n5 posts\r\nOFFLINE\r\n \r\nLocal time:07:05 PM\r\nPosted 18 October 2016 - 10:03 AM\r\nNo, Windows 7\r\n Back to top\r\n#10\r\nRotorCrypt (RotoCrypt) Ransomware Support Topic - .tar, .c400, .c300, .GRANIT: post #10\r\nDemonslay335\r\nDemonslay335\r\nRansomware Hunter\r\nAvatar image\r\nhttps://www.bleepingcomputer.com/forums/t/629699/rotorcrypt-rotocrypt-ransomware-support-topic-tar-c400-c300-granit/\r\nPage 6 of 10\n\nSecurity Colleague\r\n4,770 posts\r\nOFFLINE\r\n \r\nGender:Male\r\nLocation:USA\r\nLocal time:05:05 PM\r\nPosted 18 October 2016 - 06:54 PM\r\nInteresting, I have not seen a ransomware use \".tar\". It isn't a valid Tar archive either. Can you also upload the\r\nransom note to ID Ransomware so I can archive it?\r\nThanks for the sample mike1. Has any further analysis been done on it already? It crashed on my VM. I see\r\nRakhniDecryptor lists it, but it stated unsupported when I selected this user's files.\r\nEdited by Demonslay335, 18 October 2016 - 06:55 PM.\r\n Back to top\r\n#11\r\nRotorCrypt (RotoCrypt) Ransomware Support Topic - .tar, .c400, .c300, .GRANIT: post #11\r\nY2Breeze\r\nY2Breeze\r\nTopic Starter\r\nAvatar image\r\nMembers\r\n5 posts\r\nOFFLINE\r\n \r\nLocal time:07:05 PM\r\nPosted 20 October 2016 - 11:56 AM\r\nThere is no ransom note anywhere. All we figure out was to try to write to the email Embedded in encrypted files\r\nfilename.\r\n Back to top\r\nhttps://www.bleepingcomputer.com/forums/t/629699/rotorcrypt-rotocrypt-ransomware-support-topic-tar-c400-c300-granit/\r\nPage 7 of 10\n\n#12\r\nRotorCrypt (RotoCrypt) Ransomware Support Topic - .tar, .c400, .c300, .GRANIT: post #12\r\nmike 1\r\nmike 1\r\nAvatar image\r\nMembers\r\n210 posts\r\nOFFLINE\r\n \r\nGender:Male\r\nLocation:Russia, Moscow\r\nLocal time:03:05 AM\r\nPosted 21 October 2016 - 05:10 AM\r\nQuote\r\nThanks for the sample mike1. Has any further analysis been done on it already? It crashed on my VM. I\r\nsee RakhniDecryptor lists it, but it stated unsupported when I selected this user's files.\r\nTech support at Kaspersky Lab said that can not decrypted.\r\nМы разные, но идея одна! \r\n Back to top\r\n#13\r\nRotorCrypt (RotoCrypt) Ransomware Support Topic - .tar, .c400, .c300, .GRANIT: post #13\r\nmike 1\r\nmike 1\r\nAvatar image\r\nMembers\r\n210 posts\r\nOFFLINE\r\n \r\nGender:Male\r\nhttps://www.bleepingcomputer.com/forums/t/629699/rotorcrypt-rotocrypt-ransomware-support-topic-tar-c400-c300-granit/\r\nPage 8 of 10\n\nLocation:Russia, Moscow\r\nLocal time:03:05 AM\r\nPosted 31 October 2016 - 10:23 AM\r\nМы разные, но идея одна! \r\n Back to top\r\n#14\r\nRotorCrypt (RotoCrypt) Ransomware Support Topic - .tar, .c400, .c300, .GRANIT: post #14\r\njumpline\r\njumpline\r\nAvatar image\r\nMembers\r\n4 posts\r\nOFFLINE\r\n \r\nGender:Male\r\nLocation:Russia, Moscow\r\nLocal time:02:05 AM\r\nPosted 03 November 2016 - 05:02 AM\r\nHello, can someone help with a decoder? It encrypts all files !_____LIKBEZ77777@GMAIL.COM____.c400\r\nBelow are links to a virus and a link to the encrypted file.\r\nhttp://www.filedropper.com/viruspass123 (password 123)\r\nhttp://www.filedropper.com/perenosdannyhxmllikbez77777gmailcom\r\n Back to top\r\n#15\r\nRotorCrypt (RotoCrypt) Ransomware Support Topic - .tar, .c400, .c300, .GRANIT: post #15\r\nquietman7\r\nquietman7\r\nBleepin' Gumshoe\r\nhttps://www.bleepingcomputer.com/forums/t/629699/rotorcrypt-rotocrypt-ransomware-support-topic-tar-c400-c300-granit/\r\nPage 9 of 10\n\nAvatar image\r\nGlobal Moderator\r\n65,768 posts\r\nOFFLINE\r\n \r\nGender:Male\r\nLocation:Virginia, USA\r\nLocal time:07:05 PM\r\nPosted 03 November 2016 - 05:50 AM\r\nYou can submit samples of encrypted files and ransom notes to ID Ransomware for assistance with identification\r\nand confirmation. This is a service that helps identify what ransomware may have encrypted your files and then\r\nattempts to direct you to an appropriate support topic where you can seek further assistance. Uploading both\r\nencrypted files and ransom notes together provides a more positive match and helps to avoid false detections.\r\n Back to top\r\nSource: https://www.bleepingcomputer.com/forums/t/629699/rotorcrypt-rotocrypt-ransomware-support-topic-tar-c400-c300-granit/\r\nhttps://www.bleepingcomputer.com/forums/t/629699/rotorcrypt-rotocrypt-ransomware-support-topic-tar-c400-c300-granit/\r\nPage 10 of 10",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://www.bleepingcomputer.com/forums/t/629699/rotorcrypt-rotocrypt-ransomware-support-topic-tar-c400-c300-granit/"
	],
	"report_names": [
		"rotorcrypt-rotocrypt-ransomware-support-topic-tar-c400-c300-granit"
	],
	"threat_actors": [],
	"ts_created_at": 1775434577,
	"ts_updated_at": 1775791269,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/9f13cc1c13144bb62d8b96e783718828e0ede814.pdf",
		"text": "https://archive.orkl.eu/9f13cc1c13144bb62d8b96e783718828e0ede814.txt",
		"img": "https://archive.orkl.eu/9f13cc1c13144bb62d8b96e783718828e0ede814.jpg"
	}
}