Jump to content

ITHell

Member
  • Posts

    3
  • Joined

  • Last visited

Posts posted by ITHell

  1. 26 minutes ago, Fabian Wosar said:

    Glad it is working now :)

    I am using the latest amnesia2 tool to decrypt a lot of data (25k files). Probably 90-95% is doing fine but there are some files that the tool just skips past. Its like it does not recognize they are encrypted by the malware and cannot see them. If I put some of these files in a folder the program just comes up "finished". It seems to happen with different extensions too. I have seen it skip PDFs, Jpegs and XLS files. Would it be helpful for me to send some of these to you to help improve the tool?

    Thanks for your help.  

  2. 19 hours ago, ITHell said:

    Hi, I have been hit with the Amnesia virus but the decryptor does not seem to work. I have used the online identifier and get the result: 

     This ransomware is decryptable!

    Identified by

    • custom_rule: Encrypted size marker [0x00 - 0x08] 0x0400100000000000

     

    Click here for more information about Amnesia2

    However when I use the amnesia2 tool it says it cannot find the key. it does not even try the error comes back after 1 second. The email on my ransom note is [email protected] - not sure if it is a new version, the infection happened 3 days ago. I am trying to decrypt the files on another PC rather than the infected one. Don't know if that matters.

    Any help would be great. 

    Thanks.

    The Amnesia2 decryption tool is working fine. I had version 0.41 that was not working however the latest version 0.43 is working. 

  3. Hi, I have been hit with the Amnesia virus but the decryptor does not seem to work. I have used the online identifier and get the result: 

     This ransomware is decryptable!

    Identified by

    • custom_rule: Encrypted size marker [0x00 - 0x08] 0x0400100000000000

     

    Click here for more information about Amnesia2

    However when I use the amnesia2 tool it says it cannot find the key. it does not even try the error comes back after 1 second. The email on my ransom note is [email protected] - not sure if it is a new version, the infection happened 3 days ago. I am trying to decrypt the files on another PC rather than the infected one. Don't know if that matters.

    Any help would be great. 

    Thanks.

×
×
  • Create New...