All Activity

This stream auto-updates     

  1. Today
  2. hi , my pc was effected with darus virus i cleaned the pc but i cant able to open the files guys please help me in this can i get my data restored
  3. https://www.virustotal.com/gui/file/4b007073586ededba08b535b724703e0ac59806fae66bbfdb5a098e4d8cc5d29/detection https://www.hybrid-analysis.com/sample/4b007073586ededba08b535b724703e0ac59806fae66bbfdb5a098e4d8cc5d29
  4. This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017. Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. You need to attach a ransom note _readme.txt to the message, or farther act by himself. @Demonslay335 (the developer of the STOPDecrypter) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. A positive result and a lucky chance are not always possible. The .madek extension is added to encrypted files. If this is a variant has not been added to the decryptor two days ago, but in some cases offline-keys may coincide. Download STOP Decrypter now >>> I recommend to you start decrypt with a small group of files, but first you need to make copies of these files. If STOPDecrypter won't be able to recover your files yet, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: https://kb.gt500.org/stopdecrypter
  5. This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017. Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. You need to attach a ransom note _readme.txt to the message, or farther act by himself. @Demonslay335 (the developer of the STOPDecrypter) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. A positive result and a lucky chance are not always possible. The .berosuce extension is added to encrypted files. If this is a variant has not been added to the decryptor two days ago, but in some cases offline-keys may coincide. Download STOP Decrypter now >>> I recommend to you start decrypt with a small group of files, but first you need to make copies of these files. If STOPDecrypter won't be able to recover your files yet, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: https://kb.gt500.org/stopdecrypter
  6. This is reported by extortionists in the reply letter. Addresses are in the note. It will be expensive.
  7. What would be the cost for the decryptor?
  8. No free decryptor for Dharma. Only extortioners have a paid decryptor.
  9. Sorry, my bad. I may have pretended the name from the extension. So what's the possible solution of this issue?
  10. Hello @Ethel You did not answer about the name. Why did you decide that this is called the Planetarium Ransomware? The format of the encrypted file and a ransom note indicates that this is a variant of Dharma Ransomware. This extension appeared in the Dharma arsenal in May 2019 with another email. I have no doubt in this case. But for the doubters, we can always use the service "ID Ransomware" and check the files. Result >>
  11. Hello, Here's the sample 2 encrypted files and the original ransom note. Kindly take a look and let me know you feedback. Regards Ethel customer support survey.xlsx.id-0A9A33E1.[[email protected]].PLUT written test question-customer support executive.doc.id-0A9A33E1.[[email protected]].PLUT RETURN FILES.txt
  12. Yesterday
  13. Hi my compter was attacked with .madek. Does anyone has a solution?
  14. Attach a ransom note _readme.txt to your message. Do not change anything. This should be the original.
  15. Attach a ransom note _readme.txt to your message. Do not change anything. This should be the original.
  16. please help me as sone as possible
  17. Hello @Dheeraj This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017. Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. You need to attach a ransom note _readme.txt to the message, or farther act by himself. @Demonslay335 (the developer of the STOPDecrypter) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. A positive result and a lucky chance are not always possible. The .gusau extension is added to encrypted files. If this is a variant has not been added to the decryptor two days ago, but in some cases offline-keys may coincide. Download STOP Decrypter now >>> I recommend to you start decrypt with a small group of files, but first you need to make copies of these files. If STOPDecrypter won't be able to recover your files yet, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: https://kb.gt500.org/stopdecrypter
  18. Hello @Dheeraj This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017. Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. You need to attach a ransom note _readme.txt to the message, or farther act by himself. @Demonslay335 (the developer of the STOPDecrypter) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. A positive result and a lucky chance are not always possible. The .gusau extension is added to encrypted files. If this is a variant has not been added to the decryptor two days ago, but in some cases offline-keys may coincide. Download STOP Decrypter now >>> I recommend to you start decrypt with a small group of files, but first you need to make copies of these files. If STOPDecrypter won't be able to recover your files yet, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: https://kb.gt500.org/stopdecrypter
  19. Hello, Today my PC infected with ransomware and the file got encrypted with extension .gusua. Please help me with files how do i access my files.Please help... Thank you.
  20. GUSAU Ransomware decoder **malware link removed this website is heaving it
  21. Hello @Marilie This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017. Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. I do not see here a ransom note _readme.txt with your ID here that I can say something. You need to attach a ransom note _readme.txt to the message, or farther act by himself. @Demonslay335 (the developer of the STOPDecrypter) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. A positive result and a lucky chance are not always possible. Download STOP Decrypter now >>> I recommend to you start decrypt with a small group of files, but first you need to make copies of these files. If STOPDecrypter won't be able to recover your files yet, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: https://kb.gt500.org/stopdecrypter
  22. Was, wenn mir das EmsiDiagTool keine Datei auf dem Desktop anlegt? 2x durchlaufen lassen, keine Datei auf dem Desktop angelegt. Was, wenn es im Installationsverezichnis keine logs.db3 gibt?
  23. This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017. Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. I do not see here a ransom note _readme.txt with your ID here that I can say something. You need to attach a ransom note to the message, or farther act by himself. @Demonslay335 (the developer of the STOPDecrypter) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. A positive result and a lucky chance are not always possible. Download STOP Decrypter again >>> I recommend to you start decrypt with a small group of files, but first you need to make copies of these files. If STOPDecrypter won't be able to recover your files yet, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: https://kb.gt500.org/stopdecrypter
  24. More precisely: .No_More_Ransom I almost certainly know what ransomware of file encrypted your files, but not all of its variants can be decrypted. Upload a ransom note and/or sample encrypted file to identify the ransomware that has encrypted your data and get an info about the available decryption or its absence. https://id-ransomware.malwarehunterteam.com/
  25. Your files were probably encrypted twice, with two different encryptors. In such cases, there is almost no hope of decrypt. This is indicated by two different extensions: .gusau - is STOP Ransomware (in some cases, can decrypt files); .WWIZ - is unknown Ransomware, we don't know him. To find out something about the second Ransomware, you need search for a note from the ransomware. It can be txt, hta, html files. Attach files to your post. It is better to collect them in the archive. This is more important than the first extension. --- Malicious files can still reside on your system and encrypt all new files. You may need the help of our specialists. It's best to check and make sure that no such components have been left behind, so following the instructions at the link below to get us logs from FRST and one of our experts can look of the logs (attach the log files FRST to your new message): https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/
  1. Load more activity
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up