Jump to content

Sarah W

Emsisoft Employee
  • Posts

  • Joined

  • Last visited

  • Days Won


Everything posted by Sarah W

  1. Hi PS98, Thank you for sharing, but unfortunately as you mentioned it cannot help anyone else without the key. Regards, Sarah
  2. Hi Hesham, Looks like this is a new variant of ransomware, we will need a sample to analyse. You can check to see if there any suspicious files left on the system. Regards, Sarah
  3. Hi Lon, You should have seen it in the red box: You see where it says to contact and then DMALOCK and a set of numbers. That is your ID. Regards, Sarah
  4. Hi abdellahrida, Unfortunately, we can't decrypt your files for free. I suggest either making sure you change the RDP password to be more secure or disabling it if you do not use it as that is how they get access. Regards, Sarah
  5. Hi jiancanfeng, What issues are you having? For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to your desktop. For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your desktop. Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. Double-click to run it. When the tool opens click Yes to the disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Regards, Sarah
  6. Hi Reets, HakunaMatata is unfortunately not decryptable. This ransomware usually comes via RDP, so disable it if you don't need it or set a secure password (not bruteforceable, 10+ random characters, including numbers and symbols. Can use a password generator). Regards, Sarah
  7. Hi jiancanfeng, Please use this decrypter. Regards, Sarah
  8. Hi Lon, Do you have your ID? DMA Locker 3.0 is only decryptable in some cases. Also, this ransomware usually comes via RDP, so disable it if not needed or secure it with a strong, non-bruteforcable password. Regards, Sarah
  9. Hi Dr.Dark, What was "orgasm ransomware decrypt" program? Regards, Sarah
  10. Hi AHMN48, I believe you sent those files already. You can private message me with more files if you are worried about privacy. Regards, Sarah
  11. Hi Dicky, Is RDP (remote desktop procedure) enabled? If so, that's likely how they got access, and I suggest either to disable it or change the password, so it is not dictionary-attackable and is strong. Unfortunately, without more information or the malware file, it will be difficult to figure out whether it is crackable or not. If you can restore from backups, I definitely recommend doing so. Regards, Sarah
  12. Hi dasjahn, The Xorist ransomware definitely came via RDP, but it's unlikely that Cerber did (I have not heard of it doing so). Instead, Cerber usually comes via email or through exploit kits. I would try to make sure you have backups of all files and that RDP is either disabled or secured with a strong password (i.e. unable to be dictionary attacked). Glad our decrypter could help though Regards, Sarah
  13. Hi karnerjo, Unfortunately, crypt0l0cker is not decryptable for free. Some users have had luck with paying Dr Web to assist them with file decryption. Here is the updated policy from Dr.Web (11/25/15): Free file decryption assistance only for PCs protected by Dr.Web at the moment of infection. How to submit a request to Doctor Web's support service Submit a request Let us know if you have any success. As a note, Emsisoft Anti-Malware would have prevented your system from being compromised and encrypted in the first place. So if you appreciate our support, why not do yourself and your files a favour and check our product out, and consider buying it. Regards, Sarah
  14. Hi Jenya_by, We need the malware file to be able to help; encrypted files, unfortunately, cannot help us decrypt this ransomware. Regards, Sarah
  15. Hi AHMN48, Both the .decrypt2017 files contain only 0 bytes, can you share more .decrypt2017 encrypted files? Regards, Sarah
  16. Hi Hatisk, Glad we could help. If the computer happens to be a server, check whether RDP is enabled. Regards, Sarah
  17. Hi Hatisk, What error did you get with Globe 2? Did you drag and drop both the file pair onto the decrypter? Regards, Sarah
  18. Hi Hatisk, That .oldbat file isn't even encrypted. Do you have more encrypted files you can share with us? Regards, Sarah
  19. Hi Dr.Dark, You will need an encrypted and original file pair for the decrypter to work, as long as you have a single file pair, you can recover the rest of your files. Files you downloaded from the internet that were encrypted, that you can simply download again to get the original, pictures that you shared with friends that they can just send you back, default wallpapers and pictures that were included with your Windows version that you can just get from another system running the same Windows version, encrypted files of a program that you had installed. There are plenty of ways to get an encrypted with unencrypted file pair. Regards, Sarah
  20. Hi Dicky, Do you have any more information, like how you got this ransomware, or if you have the malware file which caused this, then that would be great. Regards, Sarah
  21. Hi Matt, The two files you uploaded are actually different sizes, this is why the decrypter does not work on them. You need a file pair with exactly the same size. Regards, Sarah
  22. Hi gostevie, I'm glad that our software could help us recover your files. No need to donate, however as a note, Emsisoft Anti-Malware would have prevented your system from being compromised and encrypted in the first place. So if you appreciate our support, why not do yourself and your files a favour and check our product out, and consider buying it. Regards, Sarah
  23. Hi Igor3301, Do you have a message telling you to contact the criminals (maybe called how_decrypt.html)? Regards, Sarah
  24. Hi Mr. Ahmed, Unfortunately, there is not much you can do other than perhaps trying shadow explorer or a file deletion recovery tool. Regards, Sarah
  • Create New...