Jump to content

Sarah W

Emsisoft Employee
  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by Sarah W

  1. Hi there, Unfortunately, DMALocker 3 isn't decryptable. The system was likely compromised via RDP due to weak passwords, so please change the password to something stronger. Regards, Sarah
  2. Hi Lon, I asked if someone had seen this ID, but I believe it's new so there won't be the key released. I'll let you know. Regards, Sarah
  3. Hi PS98, Thank you for sharing, but unfortunately as you mentioned it cannot help anyone else without the key. Regards, Sarah
  4. Hi Hesham, Looks like this is a new variant of ransomware, we will need a sample to analyse. You can check to see if there any suspicious files left on the system. Regards, Sarah
  5. Hi Lon, You should have seen it in the red box: You see where it says to contact and then DMALOCK and a set of numbers. That is your ID. Regards, Sarah
  6. Hi abdellahrida, Unfortunately, we can't decrypt your files for free. I suggest either making sure you change the RDP password to be more secure or disabling it if you do not use it as that is how they get access. Regards, Sarah
  7. Hi jiancanfeng, What issues are you having? For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to your desktop. For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your desktop. Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. Double-click to run it. When the tool opens click Yes to the disclaimer. Press Scan button. It will make
  8. Hi Reets, HakunaMatata is unfortunately not decryptable. This ransomware usually comes via RDP, so disable it if you don't need it or set a secure password (not bruteforceable, 10+ random characters, including numbers and symbols. Can use a password generator). Regards, Sarah
  9. Hi jiancanfeng, Please use this decrypter. Regards, Sarah
  10. Hi Lon, Do you have your ID? DMA Locker 3.0 is only decryptable in some cases. Also, this ransomware usually comes via RDP, so disable it if not needed or secure it with a strong, non-bruteforcable password. Regards, Sarah
  11. Hi Dr.Dark, What was "orgasm ransomware decrypt" program? Regards, Sarah
  12. Hi AHMN48, I believe you sent those files already. You can private message me with more files if you are worried about privacy. Regards, Sarah
  13. Hi Dicky, Is RDP (remote desktop procedure) enabled? If so, that's likely how they got access, and I suggest either to disable it or change the password, so it is not dictionary-attackable and is strong. Unfortunately, without more information or the malware file, it will be difficult to figure out whether it is crackable or not. If you can restore from backups, I definitely recommend doing so. Regards, Sarah
  14. Hi dasjahn, The Xorist ransomware definitely came via RDP, but it's unlikely that Cerber did (I have not heard of it doing so). Instead, Cerber usually comes via email or through exploit kits. I would try to make sure you have backups of all files and that RDP is either disabled or secured with a strong password (i.e. unable to be dictionary attacked). Glad our decrypter could help though Regards, Sarah
  15. Hi karnerjo, Unfortunately, crypt0l0cker is not decryptable for free. Some users have had luck with paying Dr Web to assist them with file decryption. Here is the updated policy from Dr.Web (11/25/15): Free file decryption assistance only for PCs protected by Dr.Web at the moment of infection. How to submit a request to Doctor Web's support service Submit a request Let us know if you have any success. As a note, Emsisoft Anti-Malware would have prevented your system from being compromised and encrypted in the first place. So if you appreciate our support
  16. Hi Jenya_by, We need the malware file to be able to help; encrypted files, unfortunately, cannot help us decrypt this ransomware. Regards, Sarah
  17. Hi AHMN48, Both the .decrypt2017 files contain only 0 bytes, can you share more .decrypt2017 encrypted files? Regards, Sarah
  18. Hi Hatisk, Glad we could help. If the computer happens to be a server, check whether RDP is enabled. Regards, Sarah
  19. Hi Hatisk, What error did you get with Globe 2? Did you drag and drop both the file pair onto the decrypter? Regards, Sarah
  20. Hi Hatisk, That .oldbat file isn't even encrypted. Do you have more encrypted files you can share with us? Regards, Sarah
  21. Hi Dr.Dark, You will need an encrypted and original file pair for the decrypter to work, as long as you have a single file pair, you can recover the rest of your files. Files you downloaded from the internet that were encrypted, that you can simply download again to get the original, pictures that you shared with friends that they can just send you back, default wallpapers and pictures that were included with your Windows version that you can just get from another system running the same Windows version, encrypted files of a program that you had installed. There are plenty of ways to get
  22. Hi Dicky, Do you have any more information, like how you got this ransomware, or if you have the malware file which caused this, then that would be great. Regards, Sarah
  23. Hi Matt, The two files you uploaded are actually different sizes, this is why the decrypter does not work on them. You need a file pair with exactly the same size. Regards, Sarah
  24. Hi gostevie, I'm glad that our software could help us recover your files. No need to donate, however as a note, Emsisoft Anti-Malware would have prevented your system from being compromised and encrypted in the first place. So if you appreciate our support, why not do yourself and your files a favour and check our product out, and consider buying it. Regards, Sarah
  • Create New...