Amigo-A

Visiting Expert
  • Content Count

    1178
  • Joined

  • Last visited

  • Days Won

    19

Everything posted by Amigo-A

  1. I added this variant to my article, made a link to this topic. Unfortunately, that’s all I can help. It is recommended that you store encrypted files in a safe place. It is possible that in the future a new decryption method will be found or decryption keys will get to decryption specialists. So it was with other encryptors.
  2. Hello. It’s good that you presented screenshots of ransom-notes. I can identify this ransomware. This is one of the new Phobos Ransomware options. The extortionists from Phobos have been behind this for many years have been attacking computers of people around the world with impunity. They use a secure encryption method, so it is not possible to obtain a decryption key even with an original decoder/decryptor. Specialists from different countries tried to get decryption keys in alternative ways. While there is no way to get decryption keys without paying a ransom. We do not recommend paying ransomware, as this stimulates them to new attacks. But if the encrypted files are very dear to you, you can use an alternative contact method with extortionists, which representatives of the support service will tell you about if they read this topic.
  3. TheDRM Ransomware Aliases: DMR64, Clown, NotFound, Clown+ There are already several variants that have been studied and described, in fact, there may be more. There are no free decryptors yet. Let's wait what GT500 says be.
  4. https://www.emsisoft.com/ransomware-decryption-tools/stop-djvu - Emsisoft Decryptor for STOP Djvu
  5. Yes. This is a new variant, there are no decryption keys for it yet.
  6. .nuksus (149) .vesrato (150) These variants of STOP Ransomware were active in August 2019. Read this guide
  7. .id[XXXXXXXX-2704].[[email protected]].Devos - this is the file format encrypted by Phobos Ransomware file. Probably Michael wanted to say Phobos Ransomware is not decryptable without paying a ransom, which we do not recommend.
  8. Here are answers to questions that you may have.
  9. Yes. This is a newer variant of STOP Ransomware , and if your identifier is a offline identifier (t1 in end), it means that in the future it will be possible to decrypt your files. At the moment no key to decrypt. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  10. Hello, @Behnia This will be possible after the decryptor supports this variant. To do this, you first need to get the key and add it to the decryptor. Check once a week.
  11. Yes. I fixed. Thanks.
  12. Hello One word 'If' is lost, it should be like this: If your ID is an online ID, so there is currently no way to decrypt your files. It was assumed that you be read the link
  13. This is a newer variant of STOP Ransomware , and if your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  14. This is a newer variant of STOP Ransomware , and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  15. This is a newer variant of STOP Ransomware , and if your identifier is a offline identifier, it means that in the future it will be possible to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  16. This is a result of attack of STOP Ransomware v.215 (0215) with .npsk extension for encrypted files This is a good sign, and in the future, when encryption keys are received, probably, your files can be decrypted. Up to this point, your PC should be checked for the presence of an active infection and cleaned of harmful elements. Otherwise, repeated encryption may.
  17. Emsisoft Decryptor for with "NamPoHyu Virus" only. https://www.emsisoft.com/ransomware-decryption-tools/megalocker
  18. Attach _readme.txt file to your message.
  19. Need a ransom note file and several encrypted files. They need to be attached to the message. Quoting is not necessary.
  20. Attach a ransom note and several encrypted files to message. If nothing has changed, then this is Phobos Ransomware. But we need to look at the files to confirm this.
  21. Attach several encrypted files to message.
  22. It is equally important to check the PC for the presence of malware, they can still remain in the system. If the ransomware re-encrypts files using an online key, then it will be impossible to decrypt them. You may use Emsisoft Anti-Malware https://www.emsisoft.com/en/home/antimalware/#anti-ransomware Later then attach the report here.
  23. Click HOT-STOP to check version >> .rezm - v0211 of STOP Ransomware A decryptor will work when the decryption key for rezm-variant is detected. Information about the list of extensions of Gero group (RSA) of STOP Ransomware: .gero, .hese, .geno, .xoza*, .seto, .peta, .moka, .meds, .kvag, .domn, .karl, .nesa, .boot*, .noos, .kuub, .reco, .bora, .leto*, .nols, .werd, .coot, .derp, .nakw*, .meka, .toec*, .mosk, .lokf*, .peet, .grod*, .mbed, .kodg, .zobm, .rote*, .msop, .hets, .righ, .gesd*, .merl*, .mkos, .nbes, .piny*, .redl*, .kodc*, .nosu*, .reha, .topi, .npsg*, .btos*, .repp, .alka, .bboo*, .rooe*, .mmnn*, .ooss*, .mool*, .nppp, .rezm*, .lokd*, .foop*, .remk* The * sign indicates that the decryption key has not yet been received. You need to wait until the developers receive the decryption key.
  24. Click HOT-STOP to check version >> .remk - v0214 of STOP Ransomware