Visiting Expert
  • Content Count

  • Joined

  • Last visited

  • Days Won


Amigo-A last won the day on July 5

Amigo-A had the most liked content!

Community Reputation

123 Excellent

About Amigo-A

  • Rank
    Ransomware Expert
  • Birthday August 1

Contact Methods

  • Website URL

Profile Information

  • Gender
  • Location
    3st station from Sun
  • Interests
    Collection, catalogization and publication of information about Ransomware. Cooperating support of 'ID Ransomware' (in English and Russian). I work without off-time days and holidays. Пишите мне на русском, если знаете этот язык.

Recent Profile Visitors

3749 profile views
  1. Hello @SDVinoth To know in advance, check your ID in the note _readme.txt. Is there t1 at the end? Details here
  2. Check several a ransom note _readme.txt in different folders - whether the IDs match.
  3. I have already looked through a lot of files. I have no way to decrypt them. Extortionists has changed encryption. You need to send to Dr Web files. They will let you know when files can be decrypted. It may happen in the future. They re-open the ticket and report by email. It is important not to drop email. There will be no other means of communication.
  4. Hello @cann When decryption specialists can get decryption keys for this 'STOP Ransomware' variant, then the files can be decrypted. To do this, it will take from a few days to several weeks. Unfortunately, this does not depend on the work of specialists. While waiting, you need to take measures to protect your PC. It is necessary to conduct a full PC scan and eliminate the threat and consequences. STOP Ransomware includes elements of theft of information from browsers and instant messengers. They remain active even after removing the encryptor.
  5. This information may help specialists. I have added even more samples on my article. We will try to analyze all incoming samples in the hope that something will change. You need to collect all encrypted files. If decryption becomes possible, information will be published and you will receive a message from support specialists. A rare specialist works on weekends. I work daily, but unfortunately my strength and desire to help you is not enough to decrypt.
  6. 12 days have passed since I sent the files and samples. No news yet. I check e-mail every day.
  7. In the sample, that encrypts files with the .avdn extension, there is no code from the real MedusaLocker Ransomware. There is a small piece of code in the another sample that adds a 'random' extension to encrypted files, but this piece is not base. He is well defined by antivirus engines as Avaddon Ransomware.
  8. DrWeb support usually do not use international names of ransomware.
  9. Results of checking your files:
  10. Necessary requirements are indicated on the page and in the form of sending files, they can be attached to the message. For different decryption, different elements may be needed. File pairs may not be needed if there is an encoder file that was found. But what will happen in each case, I do not know. You can try to send only encrypted files and a note with ID. The encoder name in the DrWeb database is Trojan.DownLoader33.50335, Trojan.DownLoader33.59028 SHA-256: 05af0cf40590aef24b28fa04c6b4998b7ab3b7f26e60c507adb84f3d837778f2 SHA-256: fa4626e2c5984d7868a685c5102530bd8260d0b31ef06d2ce2da7636da48d2d6 But you can only specify a link to the article. It has both earlier and newer Avaddon Ransomware samples.
  11. DrWeb has been producing free decoders for many years, and was the first to start doing it. He continues to do free decryption for his licensed users around the world. Test decryption is done for free. It is better, than paying first, and then saying that decryption is impossible. I made a request — separately the decryption service is not provided. Only within the scope of 'Rescue Package'. Now more computing power is required to provide a decryption service, therefore it cannot be absolutely free to all affected users.
  12. For files that received the .avdn extension after encryption, I provided 2 different samples of the encryptor in DrWeb. In the newer version, files already receive 'random' extensions. These are other samples of the encryptor. Most likely, newer ones will cardinally differ from earlier ones. I contact Dr.Web specialists as a usual user. But I collect and provide all available information, encryptor samples and everything else that is needed. Main link: Support works in 10 languages. Anyone can order a test decryption by providing: - 5 different encrypted files and unencrypted original files; - a original unedited ransom note. No need to change anything in the files. If the victim has not previously used DrWeb products and there was no active DrWeb protection on his PC when the files were encrypted, then after a successful tested decrypt, you will need to purchase the Rescue Package for 150 euros. Support specialists will tell you what needs to be done.
  13. Key calculation is not finished yet, there are no final results. There is also no message that decryption is not possible, as is often the case.
  14. For reference: Previously, this method was still in CryptoMix Ransomware and some other ransomware. In the same way, it was possible to decrypt files encrypted offline with keys if the PC was disconnected from the Internet or the ransomware server was inaccessible.