Amigo-A

Visiting Expert
  • Content Count

    989
  • Joined

  • Last visited

  • Days Won

    17

Everything posted by Amigo-A

  1. In May of this year there was already a case with the same Rapid variant. --- You can to create a decryption request in DrWeb and provide Rapid-encrypted files and a ransom note file How Recovery Files.txt. http://legal.drweb.com/encoder/?lng=en http://legal.drweb.ru/encoder/?lng=ru For request of test-decryption, you do not need to make an advance payment. It's free. But in practice there is no hope of decrypting files after double encryption and after Phobos in particular.
  2. First, your files were encrypted by Phobos Ransomware and received the extension .id[48DD8B75-2415].[[email protected]].Caley Then your files were encrypted by Rapid Ransomware and got the extension .no_more_ransom
  3. To create a decryption request in DrWeb and provide encrypted files and a ransom note file is easy for everyone to do. http://legal.drweb.com/encoder/?lng=en http://legal.drweb.ru/encoder/?lng=ru For request of test-decryption, you do not need to make an advance payment. It's free. I am very busy with work, therefore I will not do it in your place. 😃
  4. This is the result of an attack and format of encrypted file of Phobos Ransomware You need to upload the ransom note and the encrypted file so that the identification on Ransomware ID service is successful.
  5. I have already sent the files that you gave for additional analysis in DrWeb. At least we will know the results.
  6. It is better to do a regular check. Once a week - optimally.
  7. Good, but me need more encrypted files - jpg, png, doc, xls, txt
  8. @tonywong81789 Here is a sample list where you can find the originals of the encrypted files (my list): 1) on flash drives, external drives, CD / DVD, memory cards of the camera, phone; 2) in attachments of emails sent or received by you; 3) among the copies of shared photos of friends, relatives (in their PC) that you gave; 4) among the uploaded photos in the social. networks, including via smartphone and tablet; 5) among the uploaded photos to cloud services (Google Disk, OneDrive, Yandex Disk etc.); 6) on the sites of ads, where you could previously send photos or images; 7) among unencrypted files, copies, renamed files on your PC; 8 ) on an old PC or disk, from where you transferred photos and documents to a new PC; 9) you can re-upload from the Internet previously downloaded photos, pictures, etc .; 10) you can use sample images supplied with Windows; 11) take photos or pictures that you previously posted on the avatar on the forums. 12) extract previously deleted files from the Recycle Bin or restore it with a special program. If decryption failed ... It is possible that the original file was an inaccurate copy of the encrypted. This could be due to the fact that earlier you yourself reduced or corrected it in the editor, or uploaded to social networks, cloud services, and there the file was somehow automatically changed. Look for more files and try different pairs of encrypted and original files with the same name. Very often files can have the same name, but are not a copy of each other. Vocabulary used in any language is limited. The possibilities of PCs, cameras and other devices for taking photos are also limited. In cameras and mobile devices, names for photos are given automatically according to a specific format, so photos with the name from IMG_0001.JPG to IMG_9999.JPG can be quite a lot in different years. Smartphones can give photos more original names, such as IMG_20171012_170451.jpg - here and the date of shooting, and the sequence number, because the repetition of the name is unlikely.
  9. Hello @hatttips Attach 3-5 different encrypted files and a ransom note file. Do not change or edit anything. Put the files in the archive so that nothing is changed by the forum protection. I will transfer the files for further analysis.
  10. Notes should also be conserved. Decryptor developers can not give you any guarantee. This is only a small chance, according to available information. Extortionists can change something or not give anyone a key (no one will buy it).
  11. Original file — the file, that was before encryption. Test 1 2012-04.doc - original file Test 1 2012-04.doc_9Mm5Bz_{[email protected]}.2k19sys - encrypted file
  12. This is a new variant of STOP Ransomware. Statements from victims of this variant began to come to us only yesterday. Of course, the decryptor does not yet support this new variant. It takes time. Your personal ID ends with t1, so there is hope for a decryption of files in the future, when a key for this variant is added to the decryptor.
  13. Buttons work. You need to find the original unencrypted file to calculate the key.
  14. Probably, this is GlobeImposter-2, but the service ID Ransomware says this is Maoloa Ransomware. In fact, this is a known confusion, because it is deliberately confused by extortionists to make identification difficult on the service. For the affected users, it makes no difference, because files, that are encrypted by GlobeImposter and its imposter with name Maoloa Ransomware cannot be decrypted without the key that the extortionists has only.
  15. Hello Tony Identification result >>> It is possible that you are lucky and we have a decryptor that can decrypt your files. But you need to find at least one original file in a pair to the encrypted one in order to extract the decryption key. Emsisoft Decryptor for Paradise for 2k19sys-variant. https://www.emsisoft.com/ransomware-decryption-tools/paradise
  16. https://www.emsisoft.com/ransomware-decryption-tools/stop-djvu Have you tried this tool?
  17. Hello @jaffar There are symbols t1 here, so in the future, a decryption key may be added to this Emsisoft decryptor. You need to wait. When this will be realized, it is not known, maybe soon, maybe not soon. It is regularly updated.
  18. Привет @Jonson16108 А в чем вы виноваты? Надеялись на авось? В принципе это самый популярный народный способ. НО давно нужно было на семейном совете решить купить хороший комплексный антивирус и защищать ПК от актуальных угроз. Жене пора перестать заниматься самолюбованием 60-гигабайт фото и начать уделять больше времени семье и мужу, в том числе выделить 1500-2000 рублей на покупку антивирусной защиты класса Internet Security или Total Security для всех устройств, которая будет защищать ваш ПК и все устройства (смартфоны, планшеты) взрослых и детей так, как того требует сегодняшнее время. Кибер-преступники пользуются безалаберностью и безграмотностью пользователей и ловят их на любую приманку, как рыбу. --- По существу дела. Как и сказал выше GT500. Сразу (моментально) ничего не расшифруется. У STOP Ransomware выпускается множество вариантов. Прочтите здесь, как обстоят дела. Вы не первый и не последний пострадавший. Вариант с расширением .zobm (не zomb!) появился неделю назад. Расшифровать пока ничего не удалось, потому что сначала нужно получить ключи, которыми зашифрованы файлы. Это непросто. В итоге можно расшифровать только те файлы, которые были зашифрованы оффлайн-ключами (когда комп был отключен от Сети). Если файлы зашифрованы онлайн-ключами, то расшифровка невозможна по меркам жизни простых смертных. Но иногда бывает, что часть файлов зашифрованы оффлайн-ключами, когда, пользователь уже выключил комп и пошел спать, тогда такие файлы теоретически могут быть расшифрованы в будущем. Но прежде разработчики дешифровщика должны приобрести оффлайн-ключи (купить или получить у тех, кто заплатил выкуп и поделился). Но последнее не всегда возможно. Что делать? Есть вариант — перенести все зашифрованные файлы вместе с записками от вымогателей на другой диск и систему переустановить. Жене можно пока сказать, что диск заглючил — отдал в ремонт. В personal ID есть информация, которая может подсказать, какими ключами зашифрованы файлы. Вы можете его скопировать из записки и вставить сюда. Мы посмотрим и скажем, есть надежда на расшифровку или нет.
  19. No professional guarantees 100 information recovery during any file recovery work. Maximum - 90% if contacted immediately after loss of information (deleting files to the Recycle Bin with cleaning, deleting without using the Recycle Bin, quick disk formatting, power outage or power failure, temporary failure of the flash drive or other storage medium, "water procedures", reinstallation systems, fall ... — here the percentages decrease with each item). If, after some ransomware encryption, we can decrypt all files using a decryptor, but not all files will be restored to 100%. At least one file of 100-1000 files will be lost forever. It is impossible to name the exact amount of interest in general. Each case is individual, but it will never be 100%! Who is talking about 100% recovery files is a liar or scammer or layman who has decided to make money on someone else’s misfortune.
  20. @AndreiR Programmatically return the Start button. In the settings you need to select the desired background and more. Multilingual, including Russian. http://www.startmenu8.com/ (VT) - Free, Trial Pro, Pro http://www.classicshell.net/ (VT) - Free --- An alternative solution using system tools. No any programs need to be downloaded. https://lifehacker.ru/kak-sdelat-menyu-pusk-v-windows-8-svoimi-rukami/
  21. Hello @Abid You need attach to message 2-3 encrypted files and the original ransom note from extortionists. Several ransomware have used this extension, so I can say more precisely when I get acquainted with the elements of this extortion.
  22. This is new variant of STOP Ransomware (v0187) You need to wait until support for this variant added to the decryptor. It need to analyze. Previous variants contained 't1' at the end of personal ID (if used offline key). If nothing has changed, then your case is associated with an online key. Developers work on it every day. Details here
  23. Probably yes. I do not know any Indian language. 😊
  24. Of course, it is understand. It is from such sites that this infection spreads.