Jump to content


Visiting Expert
  • Posts

  • Joined

  • Last visited

  • Days Won


Amigo-A last won the day on June 18

Amigo-A had the most liked content!


199 Excellent

About Amigo-A

  • Birthday September 1

Contact Methods

  • Website URL

Profile Information

  • Gender
  • Location
    Ransomware Advisory
  • Interests
    Research, collection, categorization, publication of information about Ransomware, and other malware. Cooperating support of 'ID Ransomware' (in English and Russian).

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Only after neutralizing all malicious files ... This is not the decryption, it is the recovery of certain types of files using the features of these files. 1) If you have encrypted ZIP/RAR archives, you can partially recover files. Remove the extension that the ransomware added to the archives, and extract the files in the usual way. Unfortunately, many files can be encrypted or damaged there, but some files can be opened. 2) There is an alternative (additional) way to recover some media files: WAV, MP3, MP4, M4V, MOV, 3GP. https://www.disktuna.com/media_repair-file-repair-for-stop-djvu-mp3-mp4-3gp But before trying the alternative variant with media files, it is recommended that you make a copy of the encrypted files. Something will be restored better, something will be restored worse. Some types of files can be opened (restored) using the application in which they were created. To do this, you must first remove the extension added by the ransomware. Then can try to open the file from the program in which it was created. If you open audio and video files in the editor, it will restore the structure, and upon closing it will offer to save the changes in the file. 3) If you have PDFs or files of other e-books, then they may suffer in part if they were not protected from manual modification. Therefore, after removing the added extension, they can be partially read (~50 - 80%), if get lucky. Unfortunately, it is not yet possible to recover files created in MS Office applications due to their sensitivity to any damage. They can be easily damaged without encryption. It is easier to recover and read text written on paper or on stone than one created in MS Office. --- There is a new way to recover JPG / JPEG image files https://www.jpegmedic.com/tools/jpegmedic-arwe/ The main condition for recovery is to find 1 file from the same series of previously taken photos. When using the program, some antiviruses give a false positive. Don't be alarmed. The program does yet not have a digital signature. You can also ask the developer to help you recover your photo files. The work is not easy, you need to negotiate a fee.
  2. Hello @jacob 91 You need to neutralize all malicious files in the system. This should be done as quickly as possible. Use comprehensive anti-virus software such as Emsisoft Anti-Malware to effectively remove the malware. You can get a free trial 30-days version of Emsisoft Anti-Malware here: https://www.emsisoft.com/en/home/antimalware/ It will help you clean your PC from other malware for free.
  3. https://support.emsisoft.com/forum/83-help-my-files-are-encrypted/ Hello. Read this guide to understand when you can decrypt files.
  4. You need to upload the malware file to the VirusTotal website. Later paste the resulting link into your message here. You can also attach only a ransom note and 2-3 encrypted files here. Only archive them first in the zip archive.
  5. Hello. According to this guide, this 't1' usually means that the files can be decrypted when the decryptor has get the key for that variant. We cannot speed up this process. Usually someone buys a key and volunteers it to help other people.
  6. Hello. Read this guide to check if can decrypt files.
  7. Hello. Read this guide to check if can decrypt files.
  8. https://www.bleepingcomputer.com/forums/t/773613/new-ransomeware-with-extension-pex8tm/ It looks like you've already uploaded files in another forum. Then it is better to continue there. The files are encrypted by a encryptor from the Thanos / Prometheus Ransomware family.
  9. Then use any file sharing website. There are many, I don't know which one will be more convenient for you and will work in your country.
  10. OK. Tongda Ransomware This is different from what you reported above. You need to do the same as I asked you in the post above.
  11. Hello. It will be better if you attach an zip-archive with 2-3 encrypted files and a note to the ransom note which you quoted. Do not edit or delete anything. There are very similar ransomware that are created to confuse identification.
  12. Probably, in the near future or already on Monday, an Emsisoft employee will answer you.
  13. Yes, the computer was hacked and attacked remotely. You need to write to the forum section for curing and restore PC control. https://support.emsisoft.com/forum/6-help-my-pc-is-infected/ Apparently, you have suffered from Conti Ransomware and have been attacked by one of their groups. Malware file analysis results: https://www.virustotal.com/gui/file/e49fd2651d5f3d5ffd999104841edd3e6e6dbd342507df6d2201720bdca65a74 https://analyze.intezer.com/analyses/da61e41d-5e15-489a-8402-26de44d37a28 https://app.any.run/tasks/c9581466-fa42-482b-a276-cfc0fd980f6f https://tria.ge/220618-wg3q3adaa2
  14. Hello. It's good that you attached the note. But for analysis and identification, you need to attach a few more encrypted files. Nothing can be edited or renamed. Files need to be attached only in the form in which you received them after encryption.
  • Create New...