Jump to content

Amigo-A

Visiting Expert
  • Posts

    2436
  • Joined

  • Last visited

  • Days Won

    61

Everything posted by Amigo-A

  1. Hello. Adding a key to the Emsisoft Decryptor depends on the case, for example, when someone buys it from ransomware and voluntarily shares it with the developers of the decryptor, and this key will be compatible with the one used to encrypt your files. This is the simplest explanation. Sometimes it happens quickly, and sometimes it never happens. We have no influence on the acceleration of this process. It is recommended to periodically download a new version of the decryptor and check the possibility of decrypting your files. For example, once every 2 weeks. It is advisable to transfer the encrypted files to an external drive and disconnect it from the PC. Leave only several folders with copies of these files to periodically check for decryption.
  2. @Ankush Emsisoft Employee has already answered your questions. I'll add a little. Methods for restoring DOC files damaged under normal conditions will not help restore a file after encryption. We understand that files are important to you, but we are not wizards to wave our hand and turn things around. This is impossible, alas.
  3. I also want to warn you against feverishly searching the Internet for other decryptors. They don't exist, but there are sites and their actors that lure users to their site and plant a fake decryption tool that is unlikely to prove empty and harmless. More likely, it will steal personal information from browsers and online wallets that is still on your PC or was entered by you after the attack.
  4. Hello, @Marco Dilak First, you need to read this guide to understand what happened. Read at least the first part, download and run the decryptor, it will tell you if your files can be decrypted with it.
  5. I also want to warn you against feverishly searching the Internet for other decryptors. They don't exist, but there are sites and their actors that lure users to their site and plant a fake decryption tool that is unlikely to prove empty and harmless. More likely, it will steal personal information from browsers and online wallets that is still on your PC or was entered by you after the attack.
  6. Hello, @Ankush @omar elkady This guide says if the files are encrypted with an online key, it is impossible to decrypt them without paying a ransom. Paying the ransom is not recommended so as not to sponsor extortionists to commit new acts. It is recommended to collect the encrypted files and transfer them to an external drive to disconnect them from the PC later. It is possible that extortionists will be arrested in the future and decryption keys will be added to the new decryptor.
  7. Hello. This guide says if the files are encrypted with an online key, it is impossible to decrypt them without paying a ransom. Paying the ransom is not recommended so as not to sponsor extortionists to commit new acts. It is recommended to collect the encrypted files and transfer them to an external drive to disconnect them from the PC later. It is possible that extortionists will be arrested in the future and decryption keys will be added to the new decryptor.
  8. Hello. This guide says if the files are encrypted with an online key, it is impossible to decrypt them without paying a ransom. Paying the ransom is not recommended so as not to sponsor extortionists to commit new acts. It is recommended to collect the encrypted files and transfer them to an external drive to disconnect them from the PC later. It is possible that extortionists will be arrested in the future and decryption keys will be added to the new decryptor.
  9. Hello. This guide says if the files are encrypted with an online key, it is impossible to decrypt them without paying a ransom. Read at least the first part. Download the decryptor and know what it tells you.
  10. Hello. This guide says if the files are encrypted with an online key, it is impossible to decrypt them without paying a ransom. Paying the ransom is not recommended so as not to sponsor extortionists to commit new acts. It is recommended to collect the encrypted files and transfer them to an external drive to disconnect them from the PC later. It is possible that extortionists will be arrested in the future and decryption keys will be added to the new decryptor.
  11. You can install this software from the official website. After installing NET Framework, you need to restart the PC. https://dotnet.microsoft.com/en-us/download/dotnet-framework
  12. If during encryption the computer was connected to the Internet, then an online key generated randomly on a remote server was used to encrypt the files. It is impossible to calculate up this key even using a supercomputer.
  13. Hello. These items are related to STOP Ransomware. The details are described in this guide. Read at least the first part of it.
  14. Yes, this is a new variant of STOP Ransomware. Unfortunately, the personal ID indicates that the encryption used an encryption key generated on the server of extortionists. In this case, it is recommended to save the files to an external drive; perhaps decryption keys will be released in the future or law enforcement will seize the server of extortionists. Both cases are unlikely, but sometimes they happen.
  15. Hello @Xenshyo Yes, technology is advancing. But someone is always using it for other purposes, like creating deadly weapons and selling them to kill people. Or to create ransomware that uses encryption. Encryption has been developed since ancient times, later a certain group of smart people created strong encryption and related technologies. Now people who create ransomware use these technologies for criminal activities and take money from people. However, the money issue is also quite ancient, they are used to pay for goods/things and/or get rich, all technologies are tied to money or their more expensive equivalents in one way or another. Nowadays, even the best supercomputer is not powerful enough to calculate and search through all the possible decryption keys. Moreover, who would lend it to us? In addition, we can hope that the extortionists will stop their criminal activities and someday publish the decryption keys for all the victims. Such cases are quite rare, but they do happen, so it is better to save encrypted files for the future.
  16. As it turned out, this variant with .fopa extension is still unknown to me. 'ID-Ransomware' can detect it, but in order to tell you something, I need a ransom note _readme.txt and 2-3 encrypted files. Attach the archive with the files to the message. Do not change or edit anything, this is very important.
  17. Hello. Read this guide, at least the first part. There is very little chance of decrypt this in the future. Good circumstances are the use of an offline key when encrypting.
  18. Read this guide, at least the first part. There is very little chance of decrypt this in the future. Good circumstances are the use of an offline key when encrypting.
  19. Read this guide, at least the first part. There is very little chance of decrypt this in the future. Good circumstances are the use of an offline key when encrypting.
  20. Specialists have original Phobos decryption tools, but each victim must have their own decryption key. Without the decryption key, the files cannot be decrypted.
  21. => OK. These programs can recover some files other than those that can no longer be recovered due to a broken state.
  22. https://translate.google.com/?hl=ru&tab=wT&sl=auto&tl=en&text=مرحبا ...عندى صيغة التشفير CHK ممكن اجد لها حل ؟ &op=translate Are you sure the files are encrypted? Or are you talking about files that are in FOUND folders on your drive? They most often occur after fixing disk errors with CHKDSK. In this case, you can use file recovery software. http://www.ericphelps.com/uncheck/ https://translate.google.com/ --- But if your files were encrypted after a ransomware attack, then attach a zip-archive to the message, in which you put a ransom note and several small encrypted files.
  23. If you have not reinstalled the system or filled the contents of the drive to capacity, you can recover the ransom notes files using data recovery software. All the ransom notes should have the same content. Even if only one note out of several hundred is recovered, it will be the decisive one.
  24. Hello. In order for us to tell you something, you need to attach a zip archive with encrypted files and a the ransom note file.
  25. Hello. The extension .qnty belongs to a different version - 0393, but your screenshot shows version 0395. Probably, you had two encryptions. In this case, the files could get the extensions .ccps and .qnty Check folders with encrypted files, look at _readme.txt notes. It is possible that they have a different line with 'Your personal ID'. Put different notes in two different folders and zip archive them in one file. Attach the zip archive to the post.
×
×
  • Create New...