Amigo-A

Visiting Expert
  • Content Count

    664
  • Joined

  • Last visited

  • Days Won

    9

Amigo-A last won the day on August 11

Amigo-A had the most liked content!

Community Reputation

24 Excellent

2 Followers

About Amigo-A

  • Rank
    Ransomware Expert
  • Birthday August 1

Contact Methods

  • Website URL
    https://id-ransomware.blogspot.com/

Profile Information

  • Gender
    Male
  • Location
    3st station from Sun
  • Interests
    Collection, catalogization and publication of information about Ransomware. Cooperating support of 'ID Ransomware' (in English and Russian). I work without off-time days and holidays. Пишите мне на русском, если знаете этот язык.

Recent Profile Visitors

1669 profile views
  1. Some files are partially encrypted and can be fixed in another way. But this is a very small percentage.
  2. I do not see the ID here, therefore, it is not clear with which key the files were encrypted. If your ID does not have the following code after the first three digits gyTwIW8EFRyrHBHcn0bFVHerzI3NtAa14YK0kst1 then your files cannot be decrypted right now.
  3. You did not add a note, as I requested above. So then you need to read the news on this link and do all yourself.
  4. You did not add a note, as I requested above. So then you need to read the news on this link and do all yourself.
  5. The result of the verification in the IDR will be as follows: Phobos Ransomware I have not added this variant to the update section yet, but previous variants ones with this extension are already known.
  6. Hello This variant .nacro has not yet been added to the STOP Decrypter. Attach your file _readme.txt to message to see how the type of ID is.
  7. This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017. Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. You need to attach a ransom note _readme.txt to the message, or farther act by himself. @Demonslay335 (the developer of the STOPDecrypter) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. A positive result and a lucky chance are not always possible. You can try to decrypt files with STOPDecrypter. Download STOP Decrypter now >>> I recommend to you start decrypt with a small group of files, but first you need to make copies of these files. If STOPDecrypter won't be able to recover your files, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter and paste to a new message: https://kb.gt500.org/stopdecrypter
  8. This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017. Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. You have already attached the note _readme.txt to the message and you can proceed further by yourself. @Demonslay335 (the developer of the STOPDecrypter) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. A positive result and a lucky chance are not always possible. You can try to decrypt files with STOPDecrypter. Download STOP Decrypter now >>> I recommend to you start decrypt with a small group of files, but first you need to make copies of these files. If STOPDecrypter won't be able to recover your files, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter and paste to a new message: https://kb.gt500.org/stopdecrypter
  9. This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017. Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. You need to attach a ransom note _readme.txt to the message, or farther act by himself. @Demonslay335 (the developer of the STOPDecrypter) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. A positive result and a lucky chance are not always possible. You can try to decrypt files with STOPDecrypter. Download STOP Decrypter now >>> I recommend to you start decrypt with a small group of files, but first you need to make copies of these files. If STOPDecrypter won't be able to recover your files, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter and paste to a new message: https://kb.gt500.org/stopdecrypter
  10. Secondarily... While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums):https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ Then, after checking and cleaning, you will need to change the passwords on the accounts in browsers. Ransomware do not come by just one, they come with backdoors, trojans and password-stealers to inflict maximum damage and take more money.
  11. I have been tracking the malicious work of this program since December 2017. This was much earlier than the well-known anti-virus companies. Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. Firstly... You need to attach a ransom note _readme.txt to the message, or farther act by himself. @Demonslay335 (the developer of the STOPDecrypter) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. A positive result and a lucky chance are not always possible. Download STOP Decrypter now >>> I recommend to you start decrypt with a small group of files, but first you need to make copies of these files. If STOPDecrypter won't be able to recover your files, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: https://kb.gt500.org/stopdecrypter
  12. There is no separate ransomware with that name. This is varint of STOP Ransomware Look at the list in The versions numbers and extensions of STOP-Djvu Ransomware - extension .mtogas under #144 An international criminal group, behind this criminal business, infects sites, software distributions, key generators and other tools for hacking and illegal use of paid programs. If you became a victim of this ransomware, it means that you poorly protected your PC, probably using free anti-virus programs that a priori will not protect against ransomware and similar complex attacks. Their functionality is limited and almost useless. Also, the new Windows 10, even loaded with the latest updates and critical patches, will not protect against ransomware. This has been tested by my test team many times.
  13. Hello @Tahir Moeen We cannot predict the time. 😊
  14. Dear @rizwanigf2011 It seems to me that I have already told you. I will say it again. As a result of the attack, you had double encryption with two different encryption variants of STOP Ransomware (this is lapoi and todar). They worked one after another. The last was variant todar, it encrypted files with an online key. After it, it is impossible to decrypt files using a STOPDecrypter by Demonslay335. The STOPDecrypter can decrypt files that have been encrypted off-line with a off-line key if it was added to the STOPDecrypter. We do not know other ways.
  15. Hello @Din OK Your information will be archived by STOP Decrypter's developer. He often views topics here. This does not mean that today he will write a messages to everyone. There are a lot of victims of STOP Ransomware. Now it is the most active and successful ransomware-program for extortionists. You can tell him about your case. Enough to do this only once. Understand that there are many victims, but he alone makes and updates the freeware STOP Decrypter.