Amigo-A

Visiting Expert
  • Content Count

    1042
  • Joined

  • Last visited

  • Days Won

    18

Amigo-A last won the day on December 8 2019

Amigo-A had the most liked content!

Community Reputation

47 Excellent

4 Followers

About Amigo-A

  • Rank
    Ransomware Expert
  • Birthday August 1

Contact Methods

  • Website URL
    https://id-ransomware.blogspot.com/

Profile Information

  • Gender
    Male
  • Location
    3st station from Sun
  • Interests
    Collection, catalogization and publication of information about Ransomware. Cooperating support of 'ID Ransomware' (in English and Russian). I work without off-time days and holidays. Пишите мне на русском, если знаете этот язык.

Recent Profile Visitors

2765 profile views
  1. Also attach a ransom note and several encrypted files. Look still, it can be 'txt' or 'html' files with a different name, which may not be similar by a ordinary ransom note.
  2. TeamViewer 9 - is a very old version of the program, which is vulnerable, therefore it can pose a security risk. Hackers also use it for covert installation and remote attack. You need to remove it and install a new version if you need it.
  3. This is one of Oled Ransomware we know. Put these folders Help and Temp in the archives with all the contents. In the archives settings, set the password 'infected'. Do not open or run anything. Upload the archive to the file sharing site so that experts download it for research.
  4. Where can I find the original files if everything is encrypted? Here is a sample list where you can find the originals of the encrypted files (my article): 1) on flash drives, external drives, CD / DVD, memory cards of the camera, phone; 2) in attachments of emails sent or received by you; 3) among the copies of shared photos of friends, relatives (in their PC) that you gave; 4) among the uploaded photos in the social. networks, including via smartphone and tablet; 5) among the uploaded photos to cloud services (Google Disk, OneDrive, Yandex Disk etc.); 6) on the sites of ads, where you could previously send photos or images; 7) among unencrypted files, copies, renamed files on your PC; 8 ) on an old PC or disk, from where you transferred photos and documents to a new PC; 9) you can re-upload from the Internet previously downloaded photos, pictures, etc .; 10) you can use sample images supplied with Windows; 11) take photos or pictures that you previously posted on the avatar on the forums. 12) extract previously deleted files from the Recycle Bin or restore it with a special program. If decryption failed ... It is possible that the original file was an inaccurate copy of the encrypted. This could be due to the fact that earlier you yourself reduced or corrected it in the editor, or uploaded to social networks, cloud services, and there the file was somehow automatically changed. Look for more files and try different pairs of encrypted and original files with the same name. Very often files can have the same name, but are not a copy of each other. Vocabulary used in any language is limited. The possibilities of PCs, cameras and other devices for taking photos are also limited. In cameras and mobile devices, names for photos are given automatically according to a specific format, so photos with the name from IMG_0001.JPG to IMG_9999.JPG can be quite a lot in different years. Smartphones can give photos more original names, such as IMG_20171012_170451.jpg - here and the date of shooting, and the sequence number, because the repetition of the name is unlikely.
  5. I gave you a link to the forum. There are all the explanations and there is a link to another article on another forum https://www.bleepingcomputer.com/news/security/stop-ransomware-decryptor-released-for-148-variants/ It says here that for this .mogranos variants you should try to set the Emsisoft Decryptor to decrypt your files. To do this, find the original file (for example, a photo in JPG or PNG format) and take its encrypted copy. They need to be loaded into the Decryptor and it will calculate the key for files of this type. If you take PNG photos, all other PNG photos and images will be decrypted. If you take JPG photos, all other JPG photos and images will be decrypted. Also need to do for all other file types. A simple scan will not decrypt the files. So it was before, when the developer tuned the Decryptor for each case. Now are a lot of victims, these are people from all over the planet, where they use PC and the Internet. Then there was no Decryptor setting. Now it is possible. Just need to work with your hands.
  6. First you need to read yourself with this detailed instruction.
  7. First you need to read yourself with this detailed instruction.
  8. Hello @yasser Thank you for reporting this good news! Now you need to better protect your PC. If such an infection return, then recovering the files will be more difficult.
  9. Tesorion do not abandon the decryption they started. They move on. https://www.tesorion.nl/nemty-2-2-and-2-3-analysis-of-their-cryptography-and-a-decryptor-for-some-file-types/ I hope that they will process version 2.4 soon too.
  10. Yes. This is also Matrix Ransomware. So far, no one has been able to decrypt it without paying a ransom. This is one of the successful and long-term extortion projects. They attack users around the world. A lot of financial resources and trained personnel should be allocated for such actions. Therefore, there is no chance of success in the future, without leaking keys and seizing ransomware servers.
  11. Elementary, if you use a Tesorion decryptor, then you should contact Tesorion for help. Did you contact Tesorion before requesting here or after that event?
  12. Support for this variant of STOP Ransomware has not yet been added to the Emsisoft decryptor. When this is done, it will be possible to decrypt files that have been encrypted using an offline key. But it is impossible to decrypt files that are encrypted using an online key. Only cybercrime has decryption keys.
  13. Support for this variant of STOP Ransomware has not yet been added to the Emsisoft decryptor. When this is done, it will be possible to decrypt files that have been encrypted using an offline key. But it is impossible to decrypt files that are encrypted using an online key. Only cybercrime has decryption keys.