Amigo-A
-
Posts
2466 -
Joined
-
Last visited
-
Days Won
63
Posts posted by Amigo-A
-
-
Hello @jacob 91
You need to neutralize all malicious files in the system. This should be done as quickly as possible.
Use comprehensive anti-virus software such as Emsisoft Anti-Malware to effectively remove the malware.
You can get a free trial 30-days version of Emsisoft Anti-Malware here: https://www.emsisoft.com/en/home/antimalware/It will help you clean your PC from other malware for free.
-
https://support.emsisoft.com/forum/83-help-my-files-are-encrypted/
Hello.
Read this guide to understand when you can decrypt files.
-
You need to upload the malware file to the VirusTotal website. Later paste the resulting link into your message here.
You can also attach only a ransom note and 2-3 encrypted files here. Only archive them first in the zip archive. -
Quote
t1
Hello. According to this guide, this 't1' usually means that the files can be decrypted when the decryptor has get the key for that variant.
We cannot speed up this process. Usually someone buys a key and volunteers it to help other people. -
Hello.
Read this guide to check if can decrypt files.
-
Hello.
Read this guide to check if can decrypt files.
-
This is Makop Ransomware
-
https://www.bleepingcomputer.com/forums/t/773613/new-ransomeware-with-extension-pex8tm/
It looks like you've already uploaded files in another forum.
Then it is better to continue there.
The files are encrypted by a encryptor from the Thanos / Prometheus Ransomware family.
-
Then use any file sharing website.
There are many, I don't know which one will be more convenient for you and will work in your country.
-
This is different from what you reported above. You need to do the same as I asked you in the post above.
22 hours ago, Amigo-A said:It will be better if you attach an zip-archive with 2-3 encrypted files and a note to the ransom note which you quoted.
Do not edit or delete anything.
There are very similar ransomware that are created to confuse identification. -
Hello.
It will be better if you attach an zip-archive with 2-3 encrypted files and a note to the ransom note which you quoted.
Do not edit or delete anything.
There are very similar ransomware that are created to confuse identification. -
Probably, in the near future or already on Monday, an Emsisoft employee will answer you.
-
1
-
-
Yes, the computer was hacked and attacked remotely.
You need to write to the forum section for curing and restore PC control. https://support.emsisoft.com/forum/6-help-my-pc-is-infected/Apparently, you have suffered from Conti Ransomware and have been attacked by one of their groups.
Malware file analysis results:
https://www.virustotal.com/gui/file/e49fd2651d5f3d5ffd999104841edd3e6e6dbd342507df6d2201720bdca65a74
https://analyze.intezer.com/analyses/da61e41d-5e15-489a-8402-26de44d37a28
https://app.any.run/tasks/c9581466-fa42-482b-a276-cfc0fd980f6f
https://tria.ge/220618-wg3q3adaa2 -
Hello.
It's good that you attached the note. But for analysis and identification, you need to attach a few more encrypted files.
Nothing can be edited or renamed.
Files need to be attached only in the form in which you received them after encryption. -
You need to read this guide, at least the first part.
-
2 hours ago, help pls said:
when will online IDs turn to offline IDs
Never.
Briefly:
An Online ID is used when the computer is connected to the Internet and nothing prevents the encryptor from contacting its server and receiving an encryption key randomly generated on that server.
The Offline ID built into the program is used when the computer is disconnected from the Internet and/or communication with the ransomware server is not possible. -
This is Pipikaki Ransomware
Marker 5391F333MONSTER is added to the end of the code of the encrypted file.
We saw the same case on the Bleeping Computer forum.
-
This is STOP ransomware - 492 (0492): extension .rrcc
QuoteYour personal ID:
0492JIjdmBHpSVNd77FPAmbpHrvY5Cbf9rowI7dq46RAGXgulonline ID
-
When were the files encrypted?
-
So far, none of the researchers have reported that they can encrypt the files.
It is advisable to save the ransom notes and encrypted files on an external drive.
-
Yes, this is a new variant of Venus Ransomware.
It adds a 'gooodgamer' marker to encrypted files.This has been little researched so far.
Malicious file from March of this year. It may be of interest to decryption specialists.
-
Hello. Yes, we know which ransomware encrypted your files.
You need attach a ransom note README.txt to message or with a different name, if changed.
-
1 hour ago, VEER123 said:
t1
Yes, decryption MAY be possible in the future
When the developers receive the decryption key, they can add it to the Emsisoft Decryptor. When this event will happen, no one knows. It doesn't depend on them. The key can be given by the person who paid the ransom and decrypt the files.
-
1
-
-
.wwka - such an extension is used by the 'STOP Ransomware'.
Rhino or Marvel Ransomware is another ransomware.
25.06.2022 Help, my files are encrypted!
in Help, my files are encrypted!
Posted
Only after neutralizing all malicious files ...
This is not the decryption, it is the recovery of certain types of files using the features of these files.
1) If you have encrypted ZIP/RAR archives, you can partially recover files. Remove the extension that the ransomware added to the archives, and extract the files in the usual way. Unfortunately, many files can be encrypted or damaged there, but some files can be opened.
2) There is an alternative (additional) way to recover some media files:
WAV, MP3, MP4, M4V, MOV, 3GP.
https://www.disktuna.com/media_repair-file-repair-for-stop-djvu-mp3-mp4-3gp
But before trying the alternative variant with media files, it is recommended that you make a copy of the encrypted files. Something will be restored better, something will be restored worse.
Some types of files can be opened (restored) using the application in which they were created. To do this, you must first remove the extension added by the ransomware. Then can try to open the file from the program in which it was created. If you open audio and video files in the editor, it will restore the structure, and upon closing it will offer to save the changes in the file.
3) If you have PDFs or files of other e-books, then they may suffer in part if they were not protected from manual modification. Therefore, after removing the added extension, they can be partially read (~50 - 80%), if get lucky.
Unfortunately, it is not yet possible to recover files created in MS Office applications due to their sensitivity to any damage. They can be easily damaged without encryption. It is easier to recover and read text written on paper or on stone than one created in MS Office.
---
There is a new way to recover JPG / JPEG image files
https://www.jpegmedic.com/tools/jpegmedic-arwe/
The main condition for recovery is to find 1 file from the same series of previously taken photos.
When using the program, some antiviruses give a false positive. Don't be alarmed. The program does yet not have a digital signature. You can also ask the developer to help you recover your photo files. The work is not easy, you need to negotiate a fee.