Amigo-A

Visiting Expert
  • Content Count

    755
  • Joined

  • Last visited

  • Days Won

    13

Amigo-A last won the day on September 16

Amigo-A had the most liked content!

Community Reputation

32 Excellent

3 Followers

About Amigo-A

  • Rank
    Ransomware Expert
  • Birthday August 1

Contact Methods

  • Website URL
    https://id-ransomware.blogspot.com/

Profile Information

  • Gender
    Male
  • Location
    3st station from Sun
  • Interests
    Collection, catalogization and publication of information about Ransomware. Cooperating support of 'ID Ransomware' (in English and Russian). I work without off-time days and holidays. Пишите мне на русском, если знаете этот язык.

Recent Profile Visitors

2011 profile views
  1. Extortionists have long mastered this trick and use it.
  2. Perhaps this is the only chance to return some of their files. You can add this links to the sample on the VT website in the ticket. DrWeb experts will gain access to it through an affiliate program. https://www.virustotal.com/gui/file/5106d847e6fecd52295ab7e01ce2e7525e3107f6a2d4dd3fc2956a8db970e799/detection https://www.vmray.com/analyses/5106d847e6fe/report/overview.html
  3. DrWeb can decrypt some files that STOP-Decrypter cannot decrypt, only in another way. Only .pdf encrypted files and all the Office documents .doc, xls, docx, xlsx, ppt, pps, etc … Unfortunatly with this way can't will decrypt photo, video, audio and many files with other extensions. If free test decrypt these files will successful, the fees requested by Dr.Web experts 150 EUR for Rescue Pack (Personal decryptor + 2-year DrWeb Security Space protection). There is no alternative to receiving this service. If the test-decrypt will fails, no payment will be required. Tell me, if this way suits you, I will let you know what files you need to collect for this. I do not participate in this process and do not provide any help except this information. I not having any financial benefit and is not involved in this decryption service at all.
  4. In addition, the STOP-Djvu Ransomware does the following: 1) leaves behind a software module that steals personal information from browsers and other programs; 2) modifies the hosts file to prevent browsers from opening anti-virus companies' websites and forums (like this one) that helps victims. For these targets: 1) after checking and cleaning the PC, when it is be confirmed that there are no other malicious modules, you need to replace the passwords for all sites with more complex ones (at least 12-16 characters, including A-a, Z-z, 0-9, @ # $). 2) you need to reset or delete the modified hosts file, without it, all legitimate sites will be available to you. The path to this file is: C:\Windows\System32\drivers\etc\
  5. Most ransomwares will automatically delete themselves after they finish encrypting files, but some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best practice to check and make sure that no such components have been left behind, so we recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (just attach the log files FRST saves to your message): https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/
  6. Hello @Mido This is the result of the STOP-Djvu Ransomware attack. I have been tracking the malicious work of this program since December 2017. Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. Extension .kvag - this is new variant of STOP Ransomware. Until recently, it was possible to collect some information and add it to STOP-Decrypter. Now this does not help. We expect changes in the decryption method. But so far there is no such news and the victims remain with encrypted files. I repeat, there is no way to decrypt files yet. Any site that offers decryption for this variant may be a scam site. Be careful.
  7. Hello @SYED Please read my height above. At this point in time, this is the only chance to return some of their files. This is not a simple job that can be done as 1-2 min. It takes time, the work of analysts and the computing power of PC's of specialists.
  8. In addition, Buran was launched as a project that can be bought and remade in order to complicate the detection by antiviruses, transfer data to the server, and key the key in a secure way that cannot be obtained otherwise. We have already seen several projects redone from the original Buran. Service ID Ransomware identifies everything under one name, so only a specialist can find the differences.
  9. Hello @Asif Ali Please read my height above. At this point in time, this is the only chance to return some of their files. This is not a simple job that can be done as 1-2 min. It takes time, the work of analysts and the computing power of PC's of specialists.
  10. Hello @RaphaelPavarini We have received new information! There is only an free experimental tool, but not for all file types. Try it, as the link says.
  11. We have received new information! There is only an free experimental tool, but not for all file types. Try it, as the link says.
  12. Buran Ransomware known since May 2019 year. There are no decryption methods without keys extortionists.
  13. I think support representatives will say something more about FRST log and advise you to do a check PC with Emsisoft Emergency Kit Then, after checking the PC, the report from Quarantine (from the context menu) can be saved to a text file or take a screenshot to attach them to your message.
  14. I looked at the log-file and made sure that not a single comprehensive antivirus was protecting your computer, so the ransomware attack was successful. Free antiviruses are not able to protect against such attacks. Even if on all billboards write that "Protects from extortionists!" Do not believe it! Will not protect in reality! A very small percentage of real protection. First of all, you need to choose one, but comprehensive antivirus with protection of class Internet or Total Security and stop using programs like [email protected] and other illegitimate activators. Otherwise, attacks like this one will continue and your computer will suffer again. Uninstall or remove manually. Uninstall like a useless load.