Amigo-A

Visiting Expert
  • Content Count

    812
  • Joined

  • Last visited

  • Days Won

    15

Amigo-A last won the day on October 9

Amigo-A had the most liked content!

Community Reputation

36 Excellent

3 Followers

About Amigo-A

  • Rank
    Ransomware Expert
  • Birthday August 1

Contact Methods

  • Website URL
    https://id-ransomware.blogspot.com/

Profile Information

  • Gender
    Male
  • Location
    3st station from Sun
  • Interests
    Collection, catalogization and publication of information about Ransomware. Cooperating support of 'ID Ransomware' (in English and Russian). I work without off-time days and holidays. Пишите мне на русском, если знаете этот язык.

Recent Profile Visitors

2185 profile views
  1. На этот вопрос лучше ответить по-русски, т.к. некоторые словесные обороты будут неправильно переведены. Все софт-коммерсы жаждут продвинуться и развиться, поэтому наблюдение и отслеживание (в т.ч. шпионаж и слежка до кучи) у них стоят во главе угла. Эти действия, скорее всего, будут носить характер сбора информации о другом ПО и предпочтениях пользователя. Так повелось изначально, без этого им не выжить. Но у этого сбора инфы есть другая более опасная сторона. Скорее всего эти мелкие компашки будут кем-то взломаны и база данных о клиентах утечет со всеми вытекающими последствиями. Вам это надо? Нет, разумеется.
  2. Hello @andrey Your new computer must have the latest software and is trusted protected. This is the best solution. When done in parts is expensive, then buying a PC with a preinstalled OS manufacturer is more economical. At the same time, if us compare a PC with a house and a protected private territory, then you should know all the equipment that is used: for water supply, for electricity metering, reliable door locks, video surveillance, etc. It is unlikely that you will use for all this what is lying in the garbage dump. At the same time, you invite external specialists to whom you trust or do everything yourself to install the purchased equipment. You will not entrust this work to unknown people who have an unknown reputation and you will not leave a stranger in your house without observing him. Also should be with software. If the pre-installed programs were set by the PC manufacturer or its partners, then these are not your partners, these are completely alien people with their intentions and commercial purpose. You do not know what they set and what goals they pursued. Therefore, the verdict should be unambiguous - delete all pre-installed programs without a doubt. Your PC is your property, your fortress, your territory, there is no place for a strangers here! /// Ваш новый ПК должен иметь актуальное ПО и надежно защищен. Это наилучшее решение. Когда все по частям собирать дорого, то покупка ПК с предустановленной производителем ОС экономичнее. При этом, если сравнить ПК с домом и охраняемой частной территорией, то вы должны знать все оборудование, которое используется: для водоснабжения, для учета электричества, надежные замки на дверях, видеонаблюдение и прочее. Вряд ли вы будете использовать для всего этого то, что валяется на мусорной свалке. При этом вы приглашаете для установки купленного оборудования внешних специалистов, которым вы доверяете или делаете все самостоятельно. Вы не доверите эту работу неизвестным людям, у которых неизвестная репутация и вы не оставите чужого человека в вашем доме без наблюдения за ним. Также должно быть с программным обеспечением. Если предустановленные программы поставил производитель ПК или его партнеры, то это не ваши партнеры, это совершенно чужие люди со своими намерениями и коммерческой целью. Вы не знаете, что они установили и какие цели они преследовали. Поэтому, вердикт должен быть однозначен — удалять все предустановленные программы без сомнения. Ваш ПК - ваша собственность, ваша крепость, ваша территория, чужим здесь не место!
  3. @GT500 From the information provided, it can be seen that this applies to Estemani Ransomware, which I discovered and described back in August. Several updates are known, but not all published. Here are a few samples... https://www.virustotal.com/gui/file/c2203c894ed7f4daa70a40ceefb4a3a05f16baed2f7a7fbd4d1f922bd6b859aa/detection https://www.virustotal.com/gui/file/c2203c894ed7f4daa70a40ceefb4a3a05f16baed2f7a7fbd4d1f922bd6b859aa/detection https://www.virustotal.com/gui/file/3d60014bcc1e20033ade8dcd41336b2a8c353104e474b6e27bb9f05d31cce485/detection https://www.virustotal.com/gui/file/97f15370088409941f8e7fcf2fe80364ee244874a98151e58c0d273ebcf9397a/detection
  4. DataKeeper Ransomware description + Translation into English Unfortunately, Emsisoft do not have a decryptor for files after this encryptor.
  5. Yes, I probably know which encryptor did this, but I need confirmation. Attach the original file of ransom note and several encrypted files to your message.
  6. Yes, I probably know which encryptor did this, but I need confirmation. Attach the original file of ransom note and several encrypted files to your message.
  7. In newer versions, the number of characters in the identifier may be the same for 'online' and 'offline' encrypted files. But at the end should be t1 But nothing prevents the extortionists from changing something so that it does not correspond to what we know. A lot of time has already passed to do this. There are no good news, so new versions may remain not decrypted.' We can not influence this in any way. Also, you will not find anything better than those decrypters, because the extortionists has changed the encryption process for the better for them.
  8. Hello .bora - this is variant of STOP Ransomware The ability to decrypt depends on how the files were encrypted. The only tool that is available so far does still not support this variant. Details >>
  9. .reco - this is variant of STOP Ransomware The ability to decrypt depends on how the files were encrypted. Currently not decryptable. The only tool that is available so far does still not support this variant. Details >>
  10. .kuub - this is variant of STOP Ransomware The ability to decrypt depends on how the files were encrypted. If encryption was done using an offline key, you can use the decryptor - link
  11. Yes. This is Ranion Ransomware We know about this ransomware and its iterations from the beginning of 2017. Unfortunately, Emsisoft do not have a decryptor for files after this encryptor. https://www.emsisoft.com/ransomware-decryption-tools/free-download I also have not heard anyone release a decryptor for this problem. As a results of the Internet search, you can find sites that report decryption. All this is a fraud and a lie.
  12. .meds - this is variant of STOP Ransomware The ability to decrypt depends on how the files were encrypted. If encryption was done using an offline key, you can use the decryptor - link # 1, link # 2.
  13. I can’t know for sure. We always hope that the files can be returned, if not now, then in the future.
  14. The .helpinc extension in GlobeImposter is known from August 2019 or earlier. You can find and provide us with a ransom note. It could be an html file. It must be archived with the password 123 and attached to the message.
  15. This file is encrypted twice with different encryptors. .guesswho - this is Rapid-GuessWho Ransomware .helpinc - this is GlobeImposter Ransomware After GlobeImposter's attack files are can not decrypted without the key, which only extortionists have. Victim ID in encrypted file from GlobeImposter