Amigo-A

Visiting Expert
  • Content Count

    77
  • Joined

  • Last visited

Community Reputation

4 Neutral

1 Follower

About Amigo-A

  • Rank
    Active Member
  • Birthday August 1

Profile Information

  • Gender
    Male
  • Location
    3st station from Sun
  • Interests
    Collection, catalogization and publication of information about Ransomware. Concurrent support of the project ID Ransomware (in English and Russian). Пишите мне на русском, если знаете этот язык.

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. I can supplement the information, as I observe the development of this Ransomware-project from the very beginning and from from previous versions. If your files were encrypted with the original Amnesia or Amnesia-2 Ransomware, then they can be decrypted with free Emsisoft tools. If your files were encrypted with the Scarab-Amnesia Ransomware before June 18-19, 2018, they can be decrypted. [I gave this 'Scarab-Amnesia' name to this ransomware, but other sites can borrow it for their own purposes, forgetting to make references to the original source.] But, to our regret, there is no free decryptor, there is only a decryption method that DrWeb offers - a free test-check and the subsequent payment of 150 euro for a Rescue Package with a personalized decryption, which does not work for other victims. Later versions cannot be decrypted in the same way, since the version of the criminal encoder has been updated and the encryption method has changed. If you view the encrypted file using Notepad, then at the end you will see a code that is different from earlier versions.
  2. I thought so, the extension "onwsfp" seemed too random.
  3. Hello, ozgarson The link 'tinypic .com ' does not open for me, here attachments are also not available for download This is previously missed variant of STOP Ransomware. Write me a part of your ID from note, the first 5 characters of ID, so that I can to confirm and add version. Or send the whole ransom note and 2 encrypted files through the service www.sendspace.com And copy the download link hither or in PM. Previously, we did not have this variant STOP Ransomware. It is not new, but further research can help in decrypting. I already told the developer of STOP Decrypter about this variant for confirmation info.
  4. But where to find him, what paths they go, I do not know. 😃 I know, that this is fact and they sell the decryptors for anytime version, but this is all the information. I also listened that they were looking for wholesale buyers. Among those offering services for a fee may be fraudsters, so I warned you - be careful.
  5. We do not know about the free decryption of files encrypted by this Ransomware. But sometimes appear on the horizon are people who have left this ransomware-project, and can decrypt files for a lesser amount than the one requested by extortionists. I don’t know if they can be trusted, so be careful.
  6. This is Dharma Ransomware Michael and Jakub reported him on April 10th.
  7. This is new variant of STOP Ransomware Demonslay335 (Dev of STOPDecrypter) collects information from victims in the main topic of support STOP Ransomware or on Twitter.
  8. pk24 hello Both here and there ... 😃 GT500 Yes, it is real. We call it WDM or DCRTR-WDM Ransomware This Ransomware is not new, because we found and identified him back in November last year. Michael also added it to IDR. ID Ransomware knows the original DCRTR Ransomware and DCRTR-WDM how Dcrtr Ransomware After that, DCRTR-WDM has changed several times. There are samples in my article, also by link pk24 and by another link in the topic on BleepingComputer. New link to archive with exe-files of WDM Ransomware: https://www.sendspace.com/file/khxctl The main EXE-file in the archive is a file svchost.exe23. ------------------------------------------------------------- I hope that after a detailed study by analysts this samples, the detection on VT will be more recognizable. And maybe Emsisoft will recognize how to return the files to the victims.
  9. Michael (dev of ID Ransomware) has already received a message from me and a link to this topic and has already tweeted.
  10. If this happened not the same day, then by the date of the files change you can determine the days of the attack. Analysis of the date of the attack can help identify the weak link (who was working at the PC?) and properly configure the PC protection for the future. If at the PC working you only, then you need to install a complex anti-virus product (e.g. Internet security at 1 month trial) in order to remove the remaining virus files and protect the PC from new attacks. If there is unnamed anti-virus on your PC and no one has been disabled it before the attack, then you need to get rid of it, as soon as possible. AV protection that cannot protect user's files from attacks from outside and even from his wrong actions and from illegitimate programs does not have the right to be on this PC.
  11. Hello. It is a pity that such a thing happened. Instructions with your files.txt - is a note from Paradise Ransomware The extension _c3tfsp_{[email protected]}.sambo added by Paradise Ransomware UQSNORZLPD-MANUAL.txt - is a note from GandCrab 5.2 Ransomware The extension with 10 characters - .uqsnorzlpd - added by GandCrab 5.2 Ransomware Looking at the screenshots I can see that first your files were encrypted by Paradise Ransomware, and then the files were encrypted by GandCrab 5.2 Ransomware
  12. Hello. It is a pity that such a thing happened. I can look at these files, but I cannot download attachments from your message. Send to www.sendspace.com two these ransom notes and give us the download link. And please replace the two non-informative encrypted ini-files to with txt, doc, jpg, png files.
  13. This is new variant of STOP Ransomware (Djvu group). Yesterday there were several requests for help in the Support topic of STOP Ransomware (this is general description in Digest) with norvas extension. This has already been added in ID Ransomware. Therefore, after downloading the ransom note and the encrypted file, you will receive a link to the same support topic.
  14. Yes. Therefore, I trust to Google the auto-translation of the text at my sites into English, because he knows more words and rules in English than I do. But I know more words, phrases, lexical rules, dialects and I have more vocabulary in Russian.