Jump to content

Sarah W

Emsisoft Employee
  • Content Count

    226
  • Joined

  • Last visited

  • Days Won

    10

Everything posted by Sarah W

  1. Hi Davepens, Did you get any errors? Regards, Sarah
  2. Hi vettalex, Sorry, I just wanted to check what the ransom note was named so I can identify the specific globe variant you were hit with. If you have the globe.exe file then submitting that will help too. Regards, Sarah
  3. Hi Morty, The 'recover my files.exe' is a 0 byte file. If it is Stampado, we will need the malware file, as without the ID we will not have much identifying what specific variant hit you. Regards, Sarah
  4. Hi josevm700, Any banking, email, Facebook and accounts you wouldn't want someone accessing. That's definitely possible, I am glad you installed an antivirus now though. I suggest backing up your encrypted files and waiting for a solution to happen, for the time being. If anything changes, I will post here. Regards, Sarah
  5. Hi Alexei, I believe that that author may have copied the note, which is really rather annoying for us. You are best backing up encrypted files and then waiting for a possible solution. Regards, Sarah
  6. Hi Davepens, You can just run the decrypter again with the same file pair, but go into Options and then deselect keep encrypted files. You can also just open an admin command prompt and type del /S C:\*.crypted As a note, Emsisoft Anti-Malware would have prevented your system from being compromised and encrypted in the first place. So if you appreciate our decrypter, why not do yourself and your files a favour and check our product out, and consider buying it. Regards, Sarah
  7. Hi prig22, See my post above. You have to click on submit a request to Doctor Web's support service and fill that in. Regards, Sarah
  8. Hi josevm700, Makes sense. Unfortunately, it looks like the malware sample isn't there anymore, meaning there is not much we can do currently. This ransomware came via malware already running on the system, which if you were running an antivirus it should have caught it. I suggest changing all passwords. Regards, Sarah
  9. Hi vettalex, When you go to reply, you will see a box which says "drag files here to attach, or choose files". Click on that and upload the ransom note. Regards, Sarah
  10. Hi Alexei, Unfortunately encrypted files do not help in this case, we need a sample of the malware. Regards, Sarah
  11. Hi vettalex, Can you upload the ransom note? Regards, Sarah
  12. Hi Toni Iswanto, Cerber is unfortunately not decryptable. You can either backup your files and wait for a solution, or pay the criminals (we do not recommend this) currently. As a note, Emsisoft Anti-Malware would have prevented your system from being compromised and encrypted in the first place. So if you appreciate our support, why not do yourself and your files a favour and check our product out, and consider buying it. Regards, Sarah
  13. Hi Morty, Please share the exe and the file pair you are using. Regards, Sarah
  14. Hi mlonabaugh, Glad we could help and that you got it to work As a note, Emsisoft Anti-Malware would have prevented your system from being compromised and encrypted in the first place. So if you appreciate our decrypter, why not do yourself and your files a favour and check our product out, and consider buying it. Regards, Sarah
  15. Hi Maeron, Do you know around what date you were hit? Knowing this will help us to figure out whether it's the decryptable version. Regards, Sarah
  16. Hi josevm700, This is a new ransomware, we will need a sample of this to analyse. Did you install C:\AntiShortCut\AntiUsbShortCut.zip? Please upload the following file to VirusTotal.: C:\Users\TECHI\AppData\Local\Temp\i4jdel0.exe Please press the Scan it! button for each individual file to produce a fresh scan of each file. When the scan completes, please copy and paste the URL/link for the analysis of each file from the top of the VirusTotal screen into your next reply so that I can review the scan results. Repeat until all of the files listed above have
  17. Hi Alexei, Yes, the attacker connects to the machine via RDP, so securing it is important. As I said above, we need a sample of this ransomware. Regards, Sarah
  18. Hi Kate, If you have that information, then we would indeed be interested in it. Regards, Sarah
  19. Hi Murcilago, Spora is unfortunately not decryptable. You can either backup your files and wait for a solution, or pay the criminals (we do not recommend this) currently. As a note, are you sure that they encrypted the linux server, as spora currently has only been reported as targeting windows? If you are sure, then we would like to know more, especially if you have the malware file. Regards, Sarah
  20. Hi marinfr, Cerber is unfortunately not decryptable. You can either backup your files and wait for a solution, or pay the criminals (we do not recommend this) currently. As a note, Emsisoft Anti-Malware would have prevented your system from being compromised and encrypted in the first place. So if you appreciate our support, why not do yourself and your files a favour and check our product out, and consider buying it. Regards, Sarah
  21. Hi skcasey, You need a file pair of an original file and the encrypted version for the decrypter. If it isn't working, please share the file pair you're using. Regards, Sarah
  22. Hi Lon, Looks like they are using different IDs for every user now. Unfortunately, that means you don't have many options; you can either pay and hope they give you your files back (I personally do not recommend if possible), or cut your losses, backup encrypted files and hope for the criminals to be arrested and the keys to be released. Whatever you chose to do, please invest in backups. Preferably multiple, separate from the server and check them regularly to make sure they are able to be restored. Regards, Sarah
  23. Hi d88m, I honestly cannot say for sure. Your best bet is to save encrypted files and just wait. We cannot predict when criminals get taken down, and keys get released. In the meantime, get a good backup procedure in place and check it regularly. If your current antivirus let you down, or if you don't run one, then perhaps try our product. Regards, Sarah
  24. Hi Eranga, Unfortunately, Sage ransomware is not decryptable. Your best bet is to wait for a solution that may happen at some point if you don't want to pay (I suggest not, if possible). As a note, Emsisoft Anti-Malware would have prevented your system from being compromised and encrypted in the first place. So if you appreciate our support, why not do yourself and your files a favour and check our product out, and consider buying it. Regards, Sarah
  25. Hi marinfr, Spora is unfortunately not decryptable. You cannot recover shadow copies once deleted either. Do you have the ransom note still? In the new version, that should have all the information needed to synchronize. As a note, Emsisoft Anti-Malware would have prevented your system from being compromised and encrypted in the first place. So if you appreciate our support, why not do yourself and your files a favour and check our product out, and consider buying it. Regards, Sarah
×
×
  • Create New...