All Activity

This stream auto-updates     

  1. Today
  2. Nothing good will happen. As Demonslay335 said, your files will just be encrypted a second time.
  3. Please don't contact the criminals yourself. If you need to negotiate with them, then I recommend having a third-party with experience negotiating with criminals like this handle it for you. There are some companies that offer this service, however the only one I tend to remember the name of is CoveWare.
  4. Je confirme . C'est bien Sodinokibi ! Mais une variante , je n'ai pas de fichier Sodinokibi.exe . Voici ce que j'ai trouvé, création d'un dossier : C:\users\Chris\Documents\ST\ Contenu : C:\users\Chris\Documents\ST\X64\6b9e05c6.lock C:\users\Chris\Documents\ST\X64\Advanced_port_scanner_2.5.3680.exe C:\users\Chris\Documents\ST\X64\Config.txt.r8b756g899 C:\users\Chris\Documents\ST\X64\mimidrv.sys.r8b756g899 C:\users\Chris\Documents\ST\X64\mimikatz.exe C:\users\Chris\Documents\ST\X64\mimilib.dll.r8b756g899 C:\users\Chris\Documents\ST\X64\Pass.bat.r8b756g899 C:\users\Chris\Documents\ST\X64\pass.txt.r8b756g899 C:\users\Chris\Documents\ST\X64\r8b756g899-readme.txt C:\users\Chris\Documents\ST\6b9e05c6.lock C:\users\Chris\Documents\ST\LogDelete.bat.r8b756g899 C:\users\Chris\Documents\ST\r8b756g899-readme.txt C:\users\Chris\Documents\ST\Shadow.bat.r8b756g899 C:\users\Chris\Documents\ST\sNS.exe C:\users\Chris\Documents\ST\svhost.exe Si cela peut vous aider , j'ai conservé tous ces fichiers, j'ai rajouté une extension ".VIRUS" à tous les dossiers et fichiers. Je peut vous envoyer un Zip contenant le dossier ST. Voulez vous ?
  5. Unfortunately that won't help with GlobeImposter 2.0. It doesn't use a weak enough method of encryption for it to be possible to break it that way.
  6. That's to be expected. If you can post the information that STOPDecrypter gives you (as instructed at the following link), then I can forward it to the maker of STOPDecrypter for him to archive in case he is able to figure out your decryption key at some point in the future:
  7. Please do not contact the criminals yourself. If you feel it necessary to try to negotiate with them, then please have an experience third-party do this for you. There are some companies out there that can do this for you, however CoveWare is the only one I tend to remember. GlobeImposter 2.0 does not take advantage of the EternalBlue exploit, however if you are making sure that your systems are updated then this should not be an issue regardless, as Microsoft quickly patched the vulnerability that the EternalBlue exploit used once it was disclosed. That being said, if I remember right RDP brute force is usually the source of a GlobeImposter 2.0 infection, which means that an attacker would have directly accessed the system to download and execute the ransomware. Such an attacker would have been able to compromise other computers on the network as well unless they were discovered and stopped in time, especially if the other computers on the network used the same password for the account that the attacker brute forced the password for on the compromised system.
  8. All of our decrypters are free. We don't have paid ransomware recovery services. If there was a way to decrypt the files in a reasonable amount of time, then we'd release a decrypter for free, that way everyone could benefit from it.
  9. I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future. All you have to do now is give us some time, and we'll do what we can for you.
  10. Just hold on until we can get more decryption keys added to our database.
  11. I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future. All you have to do now is give us some time, and we'll do what we can for you.
  12. No, there's nothing new yet.
  13. I'm glad to hear that everything is fine now. We do route the initial check for updates and license validation through Cloudflare, however I would believe we don't allow them to cache the data, so I'm not certain if that would have been effected by the Cloudflare issues this morning.
  14. Do NOT do that. Your files will just get re-encrypted with the offline key, which STOPDecrypter already has. So it's just a complete waste of time and won't accomplish anything but possibly causing more damage to your system.
  15. Yesterday
  16. What happens if I run the ransomware this time on purpose, will it leave with an offline id?
  17. @Amigo-A thanks for your reply is there a way to restore the file?
  18. I just got his by this [email protected] ramsomware! Out of curiosity, how much did the guy want for the ransom? I lost about 18 days worth of transaction data that I'm almost certain I won't get back. I tried the avast decrypter but it wants the key, I'm not paying for the key so I'm not sure how much use that is. The workstations were all online so I'm almost certain the key in not going to be available.
  19. Guys I have an encrypted file and the original file because he decrypted one file free for me just as a proof that he own a decryptor, dose that help to know how I can decrypt my files?
  20. This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017. The malware variant of STOP ransomware, which has been encrypted files and added the Pumax extension to them, was active in November-December 2018.Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. @Demonslay335 (the developer of the STOPDecrypter) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. A positive result and a lucky chance are not always possible. Download STOP Decrypter >>> First try to decrypt a small group of files, only make copies of them before this. If STOPDecrypter won't be able to recover your files yet, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers, which infect and will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check PC and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums):
  21. @Norddine I uploaded your files for identification on the service. This is the result of automatic identification.
  22. For proper identification, you need to upload a note r8b756g899-readme.txt and one encrypted file. Sodinokibi is identified by a number of known signs. Attach files here or upload to service ID Ransomware.
  23. The .pumax variant is 100% decryptable if you follow the instructions in the README.txt and provide it an encrypted file and its original. Don't bother with the ID and MAC, I don't need to archive those for that variant.
  24. Merci , Amigo-A , C''est bien un Sodinokibi ? Je ne suis pas sur . Comment savoir quel ransomware ?
  1. Load more activity
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up