Jump to content


  • Content Count

  • Joined

  • Last visited

  • Days Won


Amigo-A last won the day on April 11

Amigo-A had the most liked content!

Community Reputation

140 Excellent

About Amigo-A

  • Rank
    Ransomware Expert
  • Birthday August 1

Contact Methods

  • Website URL

Profile Information

  • Gender
  • Location
    3rd station from Sun
  • Interests
    Collection, catalogization and publication of information about Ransomware. Cooperating support of 'ID Ransomware' (in English and Russian). Opening hours 24/7. Пишите мне на русском, если знаете этот язык.

Recent Profile Visitors

5225 profile views
  1. There is also a good article on drive-by downloads here. https://blog.emsisoft.com/en/38301/drive-by-downloads-can-you-get-malware-just-from-visiting-a-website/
  2. I can only add that 'Crackithub.com', 'kmspico10.com', 'crackhomes.com', 'piratepc.net' are some of the STOP Ransomware distribution sites. Any program downloaded from there can be infected with this ransomware. Moreover, if you run the same malicious file again, the malware may receive an update and the files will be encrypted with a newer version. Independent experiments show that these sites also distribute other ransomware, so files can be encrypted by several different encryptors, and the encryption can be looped. We have seen samples of encrypted files that were encrypted every ti
  3. Hello. You have hidden the signs that carry the necessary information. 3-4 characters must be shown at the beginning and 2 at the end. Or read here
  4. @raziel The easiest way to find out when files were encrypted is to look at the file's "Properties". Usually, the encryption is its last change and this will be the correct date. Among the programs published in the Digest "Crypto-Ransomware", there are three ransomware that used the word "xcrypt", but only one of them used the .xcrypt extension in its pure form. If the encryption date is closer than 2016, then it could be one of the other well-known ransomware that borrowed this extension.
  5. In addition, archive files are not fully encrypted. Usually, the first 1-2 files are damaged. You can extract all the files, and then determine which file with errors is damaged.
  6. But the service page you are trying to use is for files that were encrypted by the old version. In your case, the omfl extension refers to the new version STOP Ransomware.
  7. No. Encrypted file - a file with OMFL extension. Original file - an unencrypted file that has not yet been encrypted. The ransom note _readme.txt is not needed here.
  8. @Lara_H Selam. Günaydın! It is possible that when translated into Turkish, the recommendation changes its meaning. The word order in the Turkish sentence is different from the English one. You must find at least one unencrypted file and use it along with its encrypted copy. If you find a file with the same name, but not the one that was encrypted, then decryption will not work. Here is a sample list, use it you can find the originals of the encrypted files: 1) on flash drives, external drives, CD / DVD, memory cards of the camera, phone; 2) in email-attach
  9. Yes. It is recommended to keep encrypted files. They can be decrypted when the key appears and is added to the Emsisoft Decryptor. Guide about this
  10. You need to attach the _readme.txt file to the message.
  11. You can even install .NET Framework 4.7 / from the same link provided.
  12. The STOP ransomware does not fully encrypt files. Sometimes it may seem that the file's code is being read, but in fact, any change is critical for the file. If you use programs for data recovery, including those using a special recovery script by file type, you can get a little result, but these will be pieces (scraps) of files. A full file will not be restored. The music file can be listened to, but the video file is likely to be damaged due to the file type in which the codecs are used (native encoding-decoding). The situation is better in archives, where only 1-2 files can be damaged.
  13. It's Alco (Maoloa-Alco) Ransomware In fact, the Alco variants appeared before those that received the name Maoloa. None of the variants were deciphered without paying the ransom.
  • Create New...