quietman7

Visiting Expert
  • Content Count

    64
  • Joined

  • Last visited

Community Reputation

2 Neutral

2 Followers

About quietman7

  • Rank
    Active Member

Profile Information

  • Gender
    Not Telling
  • Location
    Virginia

Recent Profile Visitors

3924 profile views
  1. The OFFLINE KEY is a hard-coded built-in encryption key that is used if the malware failed to get an ONLINE KEY from it's command and control servers while you were online at the time the ransomware encrypted your files. If the malware is able to reach it's command server it will obtain and use a random ONLINE KEY. ONLINE KEYs are unique for each victim and randomly generated in a secure manner. That means there is no way to decrypt files if infected with an ONLINE KEY without paying the ransom and obtaining the private keys from the criminals who created the ransomware. There is more information about ONLINE vs OFFLINE KEYS in the Emsisoft STOP/Djvu Decryptor FAQs:.
  2. New STOP (Djvu) variants are impossible to decrypt without paying the criminals for that victim’s specific private key if infected by an ONLINE KEY....these keys are unique and randomly generated in a secure manner. ONLINE ID's for new STOP (Djvu) variants are not supported by the Emsisoft Decryptor. If infected with an ONLINE ID, the Emsisoft Decryptor will indicate there is "no key" for this variant under the Results Tab and note it is impossible to decrypt. There is more information in the Emsisoft STOP/Djvu Decryptor FAQs:.
  3. Are there any obvious file extensions appended to your encrypted data files? If so, what is the extension and is it the same for each encrypted file or is it different? Is there an ID number with random hexadecimal characters (.id-A04EBFC2, .id[4D21EF37-2214]) or an ID number with an email address (.id-BCBEF350.[<email>], .id[7A9B748C-1104].[<email>]) preceding the extension? Did you find any ransom notes? If so, what is the actual name of the ransom note? Can you provide (copy & paste) the ransom note contents in your next reply? You can also submit (upload) samples of encrypted files, ransom notes and any contact email addresses or hyperlinks provided by the malware developer to ID Ransomware (IDR) for assistance with identification and confirmation of the infection.
  4. Meet Stop Ransomware: The Most Active Ransomware Nobody Talks About Ransomware statistics for 2019: Q2 to Q3 report: Most commonly reported ransomware strains
  5. @ dinho As I noted to you (dinho2020) at another security forum site...please do not post active links to possible malware (malicious files), including links which may lead to sites where infections have been contracted and spread. If it is malicious, we don't want other members accidentally clicking on such links and infecting their machines. All such links will be removed to protect other members reading our forum topics.
  6. Unfortunately, there is no known method to decrypt files encrypted by any Phobos Ransomware variants without paying the ransom and obtaining the private keys from the criminals who created the ransomware unless they are leaked or seized & released by authorities. Without the master private RSA key that can be used to decrypt your files, decryption is impossible. That usually means the key is unique (specific) for each victim and generated in a secure way that cannot be brute-forced.
  7. Ransomware victims should always ensure they are using the correct decryptor tool before attempting to decrypt their files. Using an incorrect or faulty decryptor may damage or further corrupt the encrypted files, thus decreasing your chances for recovering data.
  8. More information is needed to determine specifically (confirm) what infection you are dealing with since there are so many different types of crypto malware (file encrypting ransomware). Whether you can recover (decrypt) your files or not depends on what ransomware infection you are dealing with, the type and strength of encryption used by the malware writers and a variety of other factors as explained here. Did you find any ransom notes and if so, what is the actual name of the ransom note? Can you provide (copy & paste) the ransom note contents? Did the cyber-criminals provide an email address to send payment to? If so, what is the email address? Did you submit (upload) samples of encrypted files, ransom notes and any contact email addresses or hyperlinks provided by the cyber-criminals to ID Ransomware (IDR) or Emsisoft Identify your ransomware for assistance with identification and confirmation of the infection? Uploading both encrypted files and ransom notes together along with any contact email addresses or hyperlinks provided by the criminals gives a more positive match with identification and helps to avoid false detections. Please provide a link to the ID Ransomware results.
  9. The .Adame extension has been used by both Phobos and a Scarab variant. Files encrypted by Phobos will have an <ID>-<id> with 8 random hexadecimal characters>.[<email>] followed by the .Adame extension as explained here by Amigo-A (Andrew Ivanov). <filename>.<extension>.id[F6593DDC-2275].[[email protected]].Adame <filename>.<extension>.id[70C80B9F-1127].[[email protected]].Adame <filename>.<extension>.id[AE9AE1C0-2275].[[email protected]].Adame If it does not have the <ID>-<id> with 8 random hexadecimal characters>.[<email>] pattern followed by the .Adame extension, then it is a Scarab variant. Based on infection rates, you are most likely infected with Phobos which leaves files (ransom notes) named Phobos.hta, Encrypted.txt, Data.hta, info.hta and info.txt.
  10. You need to post the required information (i.e. Personal ID, Extension of files & MAC (physical) Address of the infected computer) here for Demonslay335 (Michael Gillespie) to archive your information.
  11. Any files encrypted with the .kiratos extension are related to a newer variant of STOP (DJVU) Ransomware. Please read the first page here for a summary of this ransomware, it's variants and possible decryption solutions with instructions AND the ***IMPORTANT: @ ALL VICTIMS.... note at the top. "Before asking questions...PLEASE READ these Frequently Asked Questions (FAQs)." You need to post the required information (i.e. Personal ID, Extension of files & MAC (physical) Address of the infected computer) in the above topic if STOPDecrypter is unable to decrypt your files so the developer, Demonslay335 (Michael Gillespie), can archive your information in case a future solution becomes available.
  12. Any files encrypted with the .kiratos extension are related to a newer variant of STOP (DJVU) Ransomware. Please read the first page here for a summary of this ransomware, it's variants and possible decryption solutions with instructions AND the ***IMPORTANT: @ ALL VICTIMS.... note at the top. "Before asking questions...PLEASE READ these Frequently Asked Questions (FAQs)." You need to post the required information (i.e. Personal ID, Extension of files & MAC (physical) Address of the infected computer) in the above topic if STOPDecrypter is unable to decrypt your files so the developer, Demonslay335 (Michael Gillespie), can archive your information in case a future solution becomes available.
  13. Any files encrypted with the .hrosas extension are related to a newer variant of STOP (DJVU) Ransomware. Please read the first page here for a summary of this ransomware, it's variants and possible decryption solutions with instructions AND the ***IMPORTANT: @ ALL VICTIMS.... note at the top. "Before asking questions...PLEASE READ these Frequently Asked Questions (FAQs)." You need to post the required information (i.e. Personal ID, Extension of files & MAC (physical) Address of the infected computer) in the above topic if STOPDecrypter is unable to decrypt your files so the developer, Demonslay335 (Michael Gillespie), can archive your information in case a future solution becomes available.
  14. ID Ransomware will provide different results according to what is submitted. Submitting an encrypted file with a common extension used by other ransomware usually results in a false positive. That is why as I noted above, it is important to submit both encrypted files and ransom notes together as well as any contact email addresses or hyperlinks provided by the criminals. The more information, the more accurate the results.
  15. As IDR indicates...currently there is not enough information about MegaLocker. I am not aware of any method to decrypt files encrypted by this ransomware without paying the ransom and obtaining the private keys from the criminals who created the ransomware unless they are leaked or seized & released by authorities. For now you can opt-in with IDR to be emailed if any further developments are made for this particular ransomware by clicking the link under Please check back later. In cases where there is no free decryption tool, restoring from back up is not a viable option and file recovery software does not work, the only other alternative to paying the ransom (if you can even reach the criminals to pay) is to backup/save your encrypted data as is and wait for a possible solution...meaning, what seems like an impossibility at the moment (decryption of your data), there is always hope someday there may be a potential solution.