Amigo-A

Visiting Expert
  • Content Count

    381
  • Joined

  • Last visited

  • Days Won

    3

Amigo-A last won the day on June 24

Amigo-A had the most liked content!

Community Reputation

11 Good

1 Follower

About Amigo-A

  • Rank
    Ransomware Expert
  • Birthday August 1

Contact Methods

  • Website URL
    https://id-ransomware.blogspot.com/

Profile Information

  • Gender
    Male
  • Location
    3st station from Sun
  • Interests
    Collection, catalogization and publication of information about Ransomware. Cooperating support of 'ID Ransomware' (in English and Russian). I work without off-time days and holidays. Пишите мне на русском, если знаете этот язык.

Recent Profile Visitors

986 profile views
  1. This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017. The malware variant of STOP ransomware, which has been encrypted files and added the Pumax extension to them, was active in November-December 2018.Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. @Demonslay335 (the developer of the STOPDecrypter) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. A positive result and a lucky chance are not always possible. Download STOP Decrypter >>> First try to decrypt a small group of files, only make copies of them before this. If STOPDecrypter won't be able to recover your files yet, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: https://kb.gt500.org/stopdecrypter While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers, which infect and will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check PC and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums): https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/
  2. @Norddine I uploaded your files for identification on the service. This is the result of automatic identification. https://id-ransomware.malwarehunterteam.com/identify.php?case=00c9e1a49467070520f39e5d94f9d1173fbb1d31
  3. For proper identification, you need to upload a note r8b756g899-readme.txt and one encrypted file. Sodinokibi is identified by a number of known signs. Attach files here or upload to service ID Ransomware.
  4. Hello @Chris The Sodinokibi Ransomware is still under research and not a single file decryption tool has been released. For proper identification, you need to upload a note and one encrypted file. Sodinokibi is identified by a number of known signs.
  5. This is still under research and not a single file decryption tool has been released.
  6. Hello This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017. The malware variant of STOP ransomware, which has been encrypted files and added the Pumax extension to them, was active in November-December 2018.Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. @Demonslay335 (the developer of the STOPDecrypter) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. A positive result and a lucky chance are not always possible. Download STOP Decrypter >>> First try to decrypt a small group of files, only make copies of them before this.
  7. Yes, now it is known for sure, that your files are encrypted by Sodinokibi Ransomware. My identification is accurate. So that there is no doubt, I also uploaded the note file and your encrypted file to the service ID Ransomware. The results of my and automatic identification are the same. https://id-ransomware.malwarehunterteam.com/identify.php?case=ed59f3576d54aefba856f2a26ecf4567fd4c0db0
  8. There is no chance at this time, but in the future a method may appear that will help to do this.
  9. Different malicious programs can hide in different ways. If you did a reinstall as you said, then it should not remain in the system. But perhaps you have saved some files in which there was an installation or boot file of this malware.
  10. @torikf Hello I have already identified the Sodinokibi Ransomware, who encrypted your files, but I need to confirm this. Attach also that original file of ransom note from which you copied this text. Or confirm that the ransom note is called ej5squ-readme.txt It is correctly?
  11. @TecnoMania2020 The logs do not contain information about malicious files. Probably, 360 Total Security did the cleaning.
  12. Michael updated STOPDecrypter v2.1.0.13 with the OFFLINE key for .neras. OFFLINE ID: fl1QN31tuQBZKd6Q43Bemee0EycF0HBYEjwpQTt1 https://download.bleepingcomputer.com/demonslay335/STOPDecrypter.zip
  13. Yes, there is only paid, which provide extortionists. But extortioners cannot be trusted, they can hide with money, they can make a mistake and provide a broken decryptor, or their server can be turned off. There are too many probabilities that the money will be wasted.