Jump to content

Amigo-A

Visiting Expert
  • Posts

    2436
  • Joined

  • Last visited

  • Days Won

    61

Posts posted by Amigo-A

  1. Hello @ahmedmahmoud

    If you think that your files have been attacked, for example, encrypted or blocked, then you need to attach an zip-archive with files to the message.
    Place 2-3 encrypted (blocked) files and a ransom note in the zip-archive.
    Usually, when hackers encrypt or lock files, they leave a ransom note where they write their demands, indicate the amount of the ransom.
    We will try to determine which ransomware attacked your files.

  2. Quote

    w6IKbZ9nGWp1wM5W7MK8obmynSc0Hx2FVdvsSzt1
    Notice: this ID appears be an offline ID, decryption MAY be possible in the future

    If the identifier ends with "t1", then decryption is technically possible in the future, when the Emsisoft Decryptor receives the key for this variant.
    Sometimes someone buys such a key and voluntarily gives it to the developers of the Emsisoft Decryptor. Then the key will be added to this decryptor. We cannot speed up this process.

    More info >>

    It is recommended that every 2 weeks or once a month you download the decryptor again and test the decryptability of the encrypted files. The encrypted files should be moved to an external drive and one folder with the files should be left to be checked. 
    If some other ransomware gets onto your computer, it may re-encrypt the files. Then the chances of decryption will be even less.

  3. Hello

    Quote

    ***t1

    If the identifier ends with "t1", then decryption is technically possible in the future, when the Emsisoft Decryptor receives the key for this variant.
    Sometimes someone buys such a key and voluntarily gives it to the developers of the Emsisoft Decryptor. Then the key will be added to this decryptor. We cannot speed up this process.

    More info >>

    It is recommended that every 2 weeks or once a month you download the decryptor again and test the decryptability of the encrypted files. The encrypted files should be moved to an external drive and one folder with the files should be left to be checked. 
    If some other ransomware gets onto your computer, it may re-encrypt the files. Then the chances of decryption will be even less.

  4. Hello

    Quote

    ***t1

    If the identifier ends with "t1", then decryption is technically possible in the future, when the Emsisoft Decryptor receives the key for this variant.
    Sometimes someone buys such a key and voluntarily gives it to the developers of the Emsisoft Decryptor. Then the key will be added to this decryptor. We cannot speed up this process.

    More info >>

    It is recommended that every 2 weeks or once a month you download the decryptor again and test the decryptability of the encrypted files. The encrypted files should be moved to an external drive and one folder with the files should be left to be checked. 
    If some other ransomware gets onto your computer, it may re-encrypt the files. Then the chances of decryption will be even less.

  5. Quote

    Stop Djavu com extensões de arquivos .voom e .udla.

    Ola @CleitoDias

    Você precisa usar o Google Tradutor. https://translate.google.com

    Unfortunately, this is the result of a STOP Ransomware attack. The extortionists behind him have been involved in extortion for almost 5,5 years. Until now, the police have not been ordered to neutralize them, so extortionists act arrogantly and with impunity.

    The problem is serious and it is impossible to decrypt the files if an online key was used during encryption. You can read more in the article. You need use Google Translator.

    If your files received two different extensions after encryption, then you were attacked twice. In each case, a different key may be used.

    If the online key was used twice, then decrypting the files is even more problematic. You can check the ransom notes in each folder and compare the Personal ID.

  6. Hola Carlos!

    If say correct, then it is an .jhbg extension. At the beginning of the ID there are numbers 0460. 

    Unfortunately, this is the result of a STOP Ransomware attack. The extortionists behind him have been involved in extortion for almost 5,5 years. Until now, the police have not been ordered to neutralize them, so extortionists act arrogantly and with impunity.

    The problem is serious and it is impossible to decrypt the files if an online key was used during encryption. You can read more in the article. You need use Google Translator.

     

  7. Hola Federico!

    Quote

    *.dmay and *.msjd extension


    Unfortunately, this is the result of a STOP Ransomware attack. The extortionists behind him have been involved in extortion for almost 5,5 years. Until now, the police have not been ordered to neutralize them, so extortionists act arrogantly and with impunity.

    The problem is serious and it is impossible to decrypt the files if an online key was used during encryption. You can read more in the article. You need use Google Translator.

    If your files received two different extensions after encryption, then you were attacked twice. In each case, a different key may be used.

    If the online key was used twice, then decrypting the files is even more problematic. You can check the ransom notes in each folder and compare the Personal ID.

  8. Quote

    Your personal ID:
    0452***t1 

    En el futuro será posible descifrar archivos. Debe transferir todos los archivos cifrados a una unidad externa y desconectarla de su computadora.
    Deje solo una carpeta con archivos cifrados (copia) en su computadora y periódicamente (una vez cada dos semanas), descargue un nuevo descifrador y verifique la capacidad de descifrar archivos.
    No podemos acelerar el proceso de descifrado. Alguien tiene que comprar la clave del ransomware y dársela a los desarrolladores para que la agreguen al descifrador.

     

  9. On 4/13/2022 at 3:54 PM, Akki said:

    Error: No key for New Variant offline ID: dYUDKE4rrBmSPsf8srHMsyP40jle9uyxDDCfdxt1
    Notice: this ID appears be an offline ID, decryption MAY be possible in the future

    Hello. This is not a bug in the program. Thus, the Emsisoft Decryptor reports that it does not yet have a key for the variant that encrypted your files. Check the possibility of decryption every 2 weeks, or every month. Perhaps someone will pass the decryption key to the developers and they will add it to the Decryptor.

×
×
  • Create New...