-
Content Count
226 -
Joined
-
Last visited
-
Days Won
10
Everything posted by Sarah W
-
Infection by [[email protected]] .aleta
Sarah W replied to Fabio Sajoratto's topic in Help, my files are encrypted!
Hi Fabio Sajoratto, Another thing to note is that the criminals hack in via RDP which has weak passwords, so if you can disable RDP then please do so otherwise change the passwords to something more secure. Also, please install all critical windows updates. Regards, Sarah -
Hi Josh, Can you upload your ransom note (or if it's a message box, upload a screenshot of it) and an encrypted file? Can you also upload the file which 360 total security alerted on, and submit the website link you clicked on to virustotal (change to url and paste the website address in there) and then paste a results URL. Regards, Sarah
-
Hi len4bfs, Unfortunately, crypt0l0cker is not decryptable for free. Some users have had luck with paying Dr Web to assist them with file decryption. Here is the updated policy from Dr.Web (11/25/15): Free file decryption assistance only for PCs protected by Dr.Web at the moment of infection. How to submit a request to Doctor Web's support service Submit a request Let us know if you have any success. A good backup procedure is very important and well worth the investment, especially make sure not to keep the backup attached to the system unless you ar
-
Closed Ransomware prevents running the decrypter
Sarah W replied to HowardM's topic in Help, my PC is infected!
Hi Howard, When you say it stops responding and closes, are you trying to interact with it before that? What stage is it at when it closes (a screenshot would be useful)? Regards, Sarah -
Closed Ransomware prevents running the decrypter
Sarah W replied to HowardM's topic in Help, my PC is infected!
Hi Howard, Can you attach 01.07.2017_09.52.33.zip to your next reply? Are you able to run the Amnesia2 decrypter now? Regards, Sarah -
Closed Ransomware prevents running the decrypter
Sarah W replied to HowardM's topic in Help, my PC is infected!
Hi Howard, Sorry, I forgot users could not download from this forum. Click Start. Choose All Programs -> Accessories -> Notepad. Notepad opens. Copy the context below and paste into Notepad: Zip: C:\WINDOWS\WinDebug_32.exe 2017-06-23 06:34 - 2017-06-23 06:34 - 00023915 ____N C:\WINDOWS\WinDebug_32.exe IFEO\Magnify.exe: [Debugger] cmd.exe IFEO\sethc.exe: [Debugger] cmd.exe Choose File -> Save from the menu bar (Ctrl + S). The Save As dialog box appears. Save your file to the downloads folder. Name your document as fixlist. In -
Closed Ransomware prevents running the decrypter
Sarah W replied to HowardM's topic in Help, my PC is infected!
Hi Howard, First of all, please download this security patch as currently your system is vulnerable to pretty much anyone accessing it. You still need to reboot after doing so. If possible, I would disconnect from the internet whilst doing so. Once done continue with the steps below: We need to run a fix with FRST: Please download the attached fixlist.txt file and save it to the same location as FRST Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work NOTICE: This script was written specifically for this user, -
Encrypted with .BTC file extension
Sarah W replied to jtwatsn's topic in Help, my files are encrypted!
Hi JT, Please share some encrypted files, the ransom note (if there is one) and the malware file, if you have it. Regards, Sarah -
Hi COnsu1, Currently, Shade ransomware is not decryptable. You can either backup your files and wait for a solution, or pay the criminals (we do not recommend this) currently. A good backup procedure is very important and well worth the investment, especially make sure not to keep the backup attached to the system unless you are backing up (it is best to have two different backups). As a note, Emsisoft Anti-Malware would have prevented your system from being compromised and encrypted in the first place. So if you appreciate our support, why not do yourself and your files a favour an
-
Amnesia Ransomware attack today.. pls help
Sarah W replied to rajipillai's topic in Help, my files are encrypted!
Hi rajipillai, We released a new decrypter for the updated version here. Regards, Sarah -
Hi LeonardCaldwell, You're dealing with Cry36, you can see more of the discussion about it here. I suggest making sure RDP is secure and no weak passwords are being used, and also making sure all critical windows updates are installed. Regards, Sarah W
-
We just released a new decrypter for this variant, you can find it here. Please make sure to secure RDP, install all Windows updates and make backups of files (disconnected from the system, hopefully). If you appreciate the work we do and need a security solution that can protect against ransomware; we have our own security software Emsisoft Anti-Malware. Regards, Sarah W
-
Hi Monkish, Unfortunately, a file pair cannot provide the information we need to look into whether we can help. We will see what we can do though, however, I am not sure if we can help currently. Regards, Sarah
-
Hi RodneyHamp, Sorry we couldn't provide better news, hopefully, one day this will be decryptable. Regards, Sarah
-
Hi junaid12, Glad we could help A good backup procedure is very important and well worth the investment, especially make sure not to keep the backup attached to the system unless you are backing up (it is best to have two different backups). As a note, Emsisoft Anti-Malware would have prevented your system from being compromised and encrypted in the first place. So if you appreciate our support, why not do yourself and your files a favour and check our product out, and consider buying it. Regards, Sarah
-
Hi all, We got a sample of a new version of Amnesia, we are currently looking into it. Please be patient. Regards, Sarah
-
Help, files encrypted with [email protected]
Sarah W replied to LandLord323's topic in Help, my files are encrypted!
Hi, If you haven't seen, Kaspersky and Avast have released decrypters for the .wallet variant of Dharma, since the keys were released this week. https://www.bleepingcomputer.com/news/security/wallet-ransomware-master-keys-released-on-bleepingcomputer-avast-releases-free-decryptor/ Regards, Sarah -
[email protected] ransomware help please
Sarah W replied to milan degda's topic in Help, my files are encrypted!
Hi, If you haven't seen, Kaspersky and Avast have released decrypters for the .wallet variant of Dharma, since the keys were released this week. https://www.bleepingcomputer.com/news/security/wallet-ransomware-master-keys-released-on-bleepingcomputer-avast-releases-free-decryptor/ Regards, Sarah -
Hi, If you haven't seen, Kaspersky and Avast have released decrypters for the .wallet variant of Dharma, since the keys were released this week. https://www.bleepingcomputer.com/news/security/wallet-ransomware-master-keys-released-on-bleepingcomputer-avast-releases-free-decryptor/ Regards, Sarah
-
.id-CCCB8848.[[email protected]].wallet
Sarah W replied to secid's topic in Help, my files are encrypted!
Hi, If you haven't seen, Kaspersky and Avast have released decrypters for the .wallet variant of Dharma, since the keys were released this week. https://www.bleepingcomputer.com/news/security/wallet-ransomware-master-keys-released-on-bleepingcomputer-avast-releases-free-decryptor/ Regards, Sarah -
Hi RodneyHamp, Unfortunately, you are dealing with GlobeImpostor 2 and it's not decryptable. You will want to check whether RDP is secured with a strong password as well as check whether you have all critical updates installed. Regards, Sarah
-
Affected by RSAUtil Ransomeware please help
Sarah W replied to demouil2510's topic in Help, my files are encrypted!
Hi demouil2510, We're still looking into this one. Hopefully we will have something. Regards, Sarah -
Need to decrypt pictures infected by RSA4096
Sarah W replied to Rajeeth's topic in Help, my files are encrypted!
Hi Rajeeth, Please share an encrypted file and the ransom note. Regards, Sarah -
Hi gsalvador69, Currently, Jaff ransomware is not decryptable. You can either backup your files and wait for a solution, or pay the criminals (we do not recommend this) currently. A good backup procedure is very important and well worth the investment, especially make sure not to keep the backup attached to the system unless you are backing up (it is best to have two different backups). As a note, Emsisoft Anti-Malware would have prevented your system from being compromised and encrypted in the first place. So if you appreciate our support, why not do yourself and your files a favou
-
Hi Monkish, Currently Al Namrood is not decryptable, however, if you still have the malware file somewhere then we will be willing to take a look at it. Regards, Sarah