Demonslay335

Visiting Expert
  • Content Count

    73
  • Joined

  • Last visited

  • Days Won

    6

Demonslay335 last won the day on August 9

Demonslay335 had the most liked content!

Community Reputation

11 Good

About Demonslay335

  • Rank
    Active Member
  • Birthday 12/12/1991

Contact Methods

  • Website URL
    https://id-ransomware.malwarehunterteam.com

Profile Information

  • Gender
    Male
  • Location
    USA
  • Interests
    Cats, coding, ransomware.

Recent Profile Visitors

3576 profile views
  1. This company deceives its customers and pretends they have a magic method of decrypting everything, when they are clearly just paying the ransom. IT is one of many who do this with absolutely no transparency to the customer. https://www.itwire.com/security/aust-firm-promises-data-decryption-after-dharma-ransomware-attack.html https://www.itwire.com/security/aust-firm-offering-ransomware-recovery-at-second-domain-as-well.html And a bit of a more NSFW tirade I went on recently about them: https://twitter.com/demonslay335/status/1194662643904241671
  2. The groups behind Phobos actually compromise your system via RDP or other remote software you had open... no antivirus on the planet can protect you if someone had full control of the server.
  3. With it being New Djvu, your files will only be decryptable for free if they were encrypted by the offline key once we acquire it. If the decryptor reports your files have the ID ZioGB1sCYacbrJajtnJKEUKt6xYM3QPgwAPNAwt1, then they were encrypted by the offline key, and thus possibly decryptable in the future. Otherwise, it is an online key, and there is nothing we will be able to do to help since only the criminals have your online key(s).
  4. We have not acquired any new keys since the release of the decryptor. The criminals stopped using that server by time we got the keys, and have been infecting users from another server.
  5. The ".Snc" variant is not supported by the decrypter, but we are currently working on it. Can't guarantee it will be decryptable at this point, they made some changes as expected.
  6. Hello

    Pl help and reply

    1. Tahir Moeen

      Tahir Moeen

      Hello Demonslay335

      Did you find the solution of nelasod. It has been reportd to you by Mr. Amigo-A

      Thanks

  7. @broniusr I've fixed that now. Please try re-downloading for v1.0.0.1.
  8.  

    Hello, please support

    [*] ID: s9KkuHGOgdCYV8Rim63CFMrxZFXlO0mp7S0wmKbd (.mtogas )

    [*] MACs: 64:80:99:7D:56:9D, 64:80:99:7D:56:9C, F0:1F:AF:66:3B:0C

    Is there a solution to this problem? Even after a while!!!!!!

    Do I wait and leave the encrypted files as they are?

    _readme.txt

    50793901_1454499264684933_1188840440657346560_n.jpg.mtogas

  9. My computer was infected by nelasod ransomware and my case was forwarded to you by Amigo-A (Emsisoft) . Did you find any solution? Sir i will be grateful if you consider my case.

    Regards 

    Tahir

    Following are my ID and Mac. The ransom note is also attached

    [+] Loaded 67 offline keys
    Please archive the following info in case of future decryption:
    [*] ID: PiZTrTjGj2ERDjqCNEDpJWJfZwuWtP8FHxJeXuSa
    [*] ID: 4SsNNoDBzRHoERsNCDJXFi0OetZhqz2yruT2Ltt1
    [*] MACs: A0:B3:CC:48:0B:46, 84:A6:C8:2E:4D:8F, 84:A6:C8:2E:4D:8F, 84:A6:C8:2E:4D:8E
    This info has also been logged to STOPDecrypter-log.txt

     

    +] Loaded 77 offline keys
    Please archive the following info in case of future decryption:
    [*] ID: PiZTrTjGj2ERDjqCNEDpJWJfZwuWtP8FHxJeXuSa
    [*] ID: 4SsNNoDBzRHoERsNCDJXFi0OetZhqz2yruT2Ltt1
    [*] MACs: A0:B3:CC:48:0B:46, 84:A6:C8:2E:4D:8F, 84:A6:C8:2E:4D:8F, 84:A6:C8:2E:4D:8E
    This info has also been logged to STOPDecrypter-log.txt
    Selected directory: F:\
    Selected directory: E:\

     

    _readme.txt

    1. Tahir Moeen

      Tahir Moeen

      Waiting for your comment/help

    2. Tahir Moeen

      Tahir Moeen

      Hello. Sir waiting for your response.

      Tahir

       

  10. @broniusr The decryptor has been updated, please try downloading it again. If you run it from the same directory as before, it should pickup the key file from the previous session, and you won't have to re-bruteforce it. Thanks for reporting the bug.
  11. You were encrypted more recently than we have keys for, that's why you get that message. Nothing we can do at the present time.
  12. @broniusr You are correct, the malware encrypts up to 0x27100 bytes of the file, and I forgot to test bait files smaller than that limit. I'll post here once the decryptor has been updated to factor for that bug in the malware. Every version of this malware family has had at least one such bug relating to the crypto, so annoying...
  13. Not yet, but decryption of 3.0 is coming soon. The idiot who coded it has an annoying bug that corrupts many files that we have to overcome.
  14. Please upload this file to VirusTotal and provide a link here. C:\Users\dasba\AppData\Local\a8402009-cadb-4977-b8d8-209fe362c63a\2.exe
  15. My files got encrypted by .TODAR and .LAPOI extension.

    After running the STOP Decrypter the following message was shown:

    [+] Loaded 59 offline keys
    Please archive the following info in case of future decryption:
    [*] ID: lmh5CF4FsVtOlzi0SCFLvW3n6HhzlmgiVu1inkyw
    [*] ID: mneaFv6qsoloG3BSRWuiOULjQBJDJLQHrQuadMpl
    [*] ID: ZivCxija0GBwtwtwD0q4JRy80spT6lUyybPYhot1
    [*] MACs: 4C:ED:FB:11:77:1B, 88:78:73:9E:5D:82, 8A:78:73:9E:5D:81, 88:78:73:9E:5D:81
    This info has also been logged to STOPDecrypter-log.txt
    Selected directory: C:\Users\dasba\OneDrive\Desktop\New folder
    Starting decryption...

    [+] File: C:\Users\dasba\OneDrive\Desktop\New folder\2018-03-03-09-57-02-734.jpg.todar
    [-] No key for ID: lmh5CF4FsVtOlzi0SCFLvW3n6HhzlmgiVu1inkyw (.todar )

    [+] File: C:\Users\dasba\OneDrive\Desktop\New folder\2018-03-11-00-06-25-558.jpg.todar
    [-] No key for ID: lmh5CF4FsVtOlzi0SCFLvW3n6HhzlmgiVu1inkyw (.todar )

    [+] File: C:\Users\dasba\OneDrive\Desktop\New folder\2018-06-20-14-40-29-599.jpg.todar
    [-] No key for ID: lmh5CF4FsVtOlzi0SCFLvW3n6HhzlmgiVu1inkyw (.todar )

    [+] File: C:\Users\dasba\OneDrive\Desktop\New folder\2018-07-07-15-34-29-971.jpg.todar
    [-] No key for ID: lmh5CF4FsVtOlzi0SCFLvW3n6HhzlmgiVu1inkyw (.todar )

    [+] File: C:\Users\dasba\OneDrive\Desktop\New folder\2018-07-07-15-39-33-310.jpg.todar
    [-] No key for ID: lmh5CF4FsVtOlzi0SCFLvW3n6HhzlmgiVu1inkyw (.todar )

    [+] File: C:\Users\dasba\OneDrive\Desktop\New folder\2018-07-10-15-49-11-156.jpg.todar
    [-] No key for ID: lmh5CF4FsVtOlzi0SCFLvW3n6HhzlmgiVu1inkyw (.todar )

    Decrypted 0 files!
    Skipped 6 files.

    [!] No keys were found for the following IDs:
    [*] ID: lmh5CF4FsVtOlzi0SCFLvW3n6HhzlmgiVu1inkyw (.todar )
    Please archive these IDs and the following MAC addresses in case of future decryption:
    [*] MACs: 4C:ED:FB:11:77:1B, 88:78:73:9E:5D:82, 8A:78:73:9E:5D:81, 88:78:73:9E:5D:81
    This info has also been logged to STOPDecrypter-log.txt

     

     

     

    Please Help me.

    Also added the ransomware note.

    STOPDecrypter-log.txt

    _readme.txt