All Activity

This stream auto-updates     

  1. Past hour
  2. Today
  3. This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017. The malware variant of STOP ransomware, which has been encrypted files and added the .truke extension to them, was active in November-December 2018.Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. @Demonslay335 (the developer of the STOPDecrypter) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. A positive result and a lucky chance are not always possible. Download STOP Decrypter >>> First try to decrypt a small group of files, only make copies of them before this. If STOPDecrypter won't be able to recover your files yet, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: --- A important message about the need to check the PC so that the malware does not encryption new files or not recoded the encrypted files. --- While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers, which infect and will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check PC and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forum😞
  4. After such an operation, some files (PDF among them) may open if partial encryption was done there. If you compare the original files with them, then you can find the differences. But among the many variants Ransomware we have seen cases: - when files could partially open after such an operation; - when files were not encrypted at all; - when files were damaged due to encryption error.
  5. Oui, vous pouvez maintenant voir que vos fichiers sont cryptés avec Sodinokibi Ransomware. Mon identification est vérifiée. --- Yes, now you can see that your files are encrypted with Sodinokibi Ransomware. My identification is verified.
  6. So is there any chance I can get my files decrypted?
  7. No, the malware would re-encrypt them...
  8. You mean my files have been re-encrypted by STOPDecrypter?
  9. help my my files are encript

    extension is .neras


    Amber -02.docx.neras

  10. I deleted the extension with bulk renaming extension in Google Drive, files all appear to be fine .pdf.DOCM to .pdf
  11. Me too! The virus i have removed but the files are encrypted. Is it the message file on diretory. Don't worry, you can return all your files! All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files. What guarantees you have? You can send one of your encrypted file from your PC and we decrypt it for free. But we can decrypt only 1 file for free. File must not contain valuable information. You can get and look video overview decrypt tool: Price of private key and decrypt software is $980. Discount 50% available if you contact us first 72 hours, that's price for you is $490. Please note that you'll never restore your data without payment. Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours. To get this software you need write on our e-mail: [email protected] Reserve e-mail address to contact us: [email protected] Our Telegram account: @datarestore Your personal ID:
  12. When should we expect for Decrytper to .DOCM Ransomware it has affected my system, some files got encrypted
  13. FAIT , RESULTAT : 1 résultat Sodinokibi Ce ransomware est toujours en cours d'étude. Pour plus d'informations, veuillez, s'il vous plait, vous réferer au guide approprié. Des échantillons de fichiers chiffrés ou fichiers malicieux sont nécessaires pour poursuivre l'identification. config.txt.r8b756g899 r8b756g899-readme.txt
  14. Please Help me I'm infected all my files with .TRUKE
  15. Nothing good will happen. As Demonslay335 said, your files will just be encrypted a second time.
  16. Please don't contact the criminals yourself. If you need to negotiate with them, then I recommend having a third-party with experience negotiating with criminals like this handle it for you. There are some companies that offer this service, however the only one I tend to remember the name of is CoveWare.
  17. Je confirme. C'est bien Sodinokibi! Mais une variante, je n'ai pas de fichier Sodinokibi.exe. Voici ce que j'ai trouvé, création d'un dossier: \ Utilisateurs \ Chris \ Documents \ ST \ Contenu : \ST\X64\6b9e05c6.lock \ST\X64\Advanced_port_scanner_2.5.3680.exe \ST\X64\Config.txt.r8b756g899 \ST\X64\mimidrv.sys.r8b756g899 \ST\X64\mimikatz.exe \ST\X64\mimilib.dll.r8b756g899 \ST\X64\Pass.bat.r8b756g899 \ST\X64\pass.txt.r8b756g899 \ST\ X64\r8b756g899-readme.txt \ST\6b9e05c6.lock \ST\LogDelete.bat.r8b756g899 \ST\r8b756g899-readme.txt \ST\Shadow.bat.r8b756g899 \ST\sNS.exe \ST\svhost.exe Si cela peut vous aider, j'ai tous les fichiers, j'ai rajouté une extension " .VIRUS "à tous les dossiers et fichiers. Je peux vous envoyer un dossier contenant le dossier ST. Voulez-vous?
  18. Unfortunately that won't help with GlobeImposter 2.0. It doesn't use a weak enough method of encryption for it to be possible to break it that way.
  19. That's to be expected. If you can post the information that STOPDecrypter gives you (as instructed at the following link), then I can forward it to the maker of STOPDecrypter for him to archive in case he is able to figure out your decryption key at some point in the future:
  20. Please do not contact the criminals yourself. If you feel it necessary to try to negotiate with them, then please have an experience third-party do this for you. There are some companies out there that can do this for you, however CoveWare is the only one I tend to remember. GlobeImposter 2.0 does not take advantage of the EternalBlue exploit, however if you are making sure that your systems are updated then this should not be an issue regardless, as Microsoft quickly patched the vulnerability that the EternalBlue exploit used once it was disclosed. That being said, if I remember right RDP brute force is usually the source of a GlobeImposter 2.0 infection, which means that an attacker would have directly accessed the system to download and execute the ransomware. Such an attacker would have been able to compromise other computers on the network as well unless they were discovered and stopped in time, especially if the other computers on the network used the same password for the account that the attacker brute forced the password for on the compromised system.
  21. All of our decrypters are free. We don't have paid ransomware recovery services. If there was a way to decrypt the files in a reasonable amount of time, then we'd release a decrypter for free, that way everyone could benefit from it.
  22. I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future. All you have to do now is give us some time, and we'll do what we can for you.
  23. Just hold on until we can get more decryption keys added to our database.
  24. I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future. All you have to do now is give us some time, and we'll do what we can for you.
  1. Load more activity
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up