Jump to content

Amigo-A

Visiting Expert
  • Posts

    2436
  • Joined

  • Last visited

  • Days Won

    61

Everything posted by Amigo-A

  1. If it is determined that the online key was used, then decryption is impossible. If someone somewhere claims that he can decrypt the files, then he is lying or conspiring with the extortionists.
  2. 1) Despite this, we recommend that you save the encrypted files on an external medium and disconnect it from the PC. Perhaps in the future, after the arrest of extortionists or their servers, decryption keys will be obtained. 2) I can recommend that you do some steps to recover some important files if you have the desire, time, and patience. This is not decryption, this is the use of alternative possibilities. Only advice, no technical support, at your peril.
  3. 1) Despite this, we recommend that you save the encrypted files on an external medium and disconnect it from the PC. Perhaps in the future, after the arrest of extortionists or their servers, decryption keys will be obtained. 2) I can recommend that you do some steps to recover some important files if you have the desire, time, and patience. This is not decryption, this is the use of alternative possibilities. Only advice, no technical support, at your peril.
  4. 1) Despite this, we recommend that you save the encrypted files on an external medium and disconnect it from the PC. Perhaps in the future, after the arrest of extortionists or their servers, decryption keys will be obtained. 2) I can recommend that you do some steps to recover some important files if you have the desire, time, and patience. This is not decryption, this is the use of alternative possibilities. Only advice, no technical support, at your peril.
  5. 1) Despite this, we recommend that you save the encrypted files on an external medium and disconnect it from the PC. Perhaps in the future, after the arrest of extortionists or their servers, decryption keys will be obtained. 2) I can recommend that you do some steps to recover some important files if you have the desire, time, and patience. This is not decryption, this is the use of alternative possibilities. Only advice, no technical support, at your peril.
  6. If it is determined that the online key was used, then decryption is impossible. If someone somewhere claims that he can decrypt the files, then he is lying or conspiring with the extortionists.
  7. If it is determined that the online key was used, then decryption is impossible. If someone somewhere claims that he can decrypt the files, then he is lying or conspiring with the extortionists.
  8. If it is determined that the online key was used, then decryption is impossible. If someone somewhere claims that he can decrypt the files, then he is lying or conspiring with the extortionists.
  9. Need to read this Guide. https://support.emsisoft.com/forum/83-help-my-files-are-encrypted/ If it is determined that the online key was used, then decryption is impossible. If someone somewhere claims that he can decrypt the files, then he is lying or conspiring with the extortionists.
  10. Need to read this Guide. https://support.emsisoft.com/forum/83-help-my-files-are-encrypted/
  11. Hello vostoski! I looked in my database and found no match. For this case, a new description has been compiled in the Digest "Crypto-Ransomware". Problem Ransomware --- You need to do an in-depth search for the malware file. First, look at the Downloads folder and the location where you downloaded the files. If you usually use a browser, you can start your search from the "Downloads" section. If you find suspicious files, do not run them to view. Place each such file in a separate archive with the password "infected" and pass it on to us. Next, you should check the temporary directories "Temp". Hope you haven't cleaned anything before. %WINDIR%\Temp\ %TEMP%\<random>.tmp\ %TEMP%\<random>.tmp\<random>\ %TEMP%\<random>\ Disk C:\Users\%USERNAME%\AppData\Local\Temp\ Folder "AppData" applies to hidden directories. You will need to first enable a view of hidden and system files. If there are a lot of files, then focus on the date when the files were encrypted. It is better to collect everything in one big zip archive here. Also, put a password (preferably a non-standard one) and share the link to the place where you upload it.
  12. Place a ransom note and 2-3 encrypted files in the zip archive and attach them to the message. Or give us the download link. Do not change anything in the files or their names.
  13. What can you do while waiting for a happy day? 1) Consider your line of defense to avoid re-encrypting files with malicious files. Very often, victims of ransomware do not fix bugs and continue to use basic or free antivirus protection. First of all, you need to understand that this is only 1 percent protection and the next time the same will happen. Extortionists anew will use ransomware to attack PCs and steal data, encrypt files, and the victim anew will have to pay a ransom or lose files. 2) Save encrypted files or only the most valuable to an external drive. Disconnect it from your PC. This will save your files from being re-encrypted or otherwise encrypted. We have seen many cases where encryption was repeated and files were encrypted by another variant of the ransomware that left no chance of salvation.
  14. We just don't know when it will happen. Someone buys a key, gives it to the Emsisoft Decryptor developers, here on the forum. Then the developers will add the key to the Decryptor database. After that, anyone affected by this variant of ransomware can it used.
  15. @Yasir Try to recover PSD files using this site if it justifies the costs https://onlinefile.repair/photoshop You can also recover other files on the site that were not fully encrypted. There is a charge, but you can try if the end justifies the means.
  16. This is the result of a Zeppelin Ransomware attack. They are configured individually for each company. The creation of a common decryptor is still problematic. If you need professional help for an individual investigation, leave a request to the Emsisoft specialists.
  17. Hello This is BigLock Ransomware This variant has been known since autumn, but a newer one, which also attacked your files, has been known since the beginning of December. It is still being studied, so there are no public tools for decrypting the files. You can leave a request to Emsisoft specialists, they will contact you and carry out an investigation of an individual case.
  18. @nicolenick04 Hello. Attach a ransom note to your message so that we can add this variant of VoidCrypt Ransomware to the database. Or share the link to download the file via private messages.
  19. É melhor você usar um tradutor para tornar a tradução mais fácil de entender. Letras maiúsculas podem impedir que o texto seja traduzido corretamente. https://translate.google.com
  20. Txt files cannot be recovered. I talked about it. For the success of working with JPG first need to find at least one unencrypted file from the same series of images. File recovery without 1 such file is useless.
  21. Here is a rough list of ways you can find the originals of encrypted files: 1 ) on flash drives, external drives, CD / DVD, memory cards of the camera, smartphone; 2 ) in attachments of emails sent or received by you; 3 ) among the copies of shared photos of friends, relatives (on their PC) that you gave; 4 ) among the uploaded photos on the social networks, including via smartphone and tablet; 5 ) among the uploaded photos to cloud services (Google Disk, OneDrive, Dropbox, etc.); 6 ) among unencrypted files, copies, renamed files on your PC; 7 ) on an old PC or disk, from where you transferred photos and documents to a new PC; 8 ) you can re-upload from the Internet previously downloaded photos, pictures, etc .; 9 ) use photos or pictures that you previously posted on the avatar or attached to messages on forums. 10 ) you can use sample images supplied with Windows (link);
  22. There is a new way to recover JPG / JPEG image files https://www.jpegmedic.com/tools/jpegmedic-arwe/ The main condition for recovery is to find 1 file from the same series of previously taken photos. When using the program, some antiviruses give a false positive. Don't be alarmed. The program does yet not have a digital signature.
  23. Only after neutralizing all malicious files ... This is not the decryption, it is the recovery of certain types of files using the features of these files. 1) If you have encrypted ZIP/RAR archives, you can partially recover files. Remove the extension that the ransomware added to the archives, and extract the files in the usual way. Unfortunately, many files can be encrypted or damaged there, but some files can be opened. 2) There is an alternative (additional) way to recover some media files: WAV, MP3, MP4, M4V, MOV, 3GP. https://www.disktuna.com/media_repair-file-repair-for-stop-djvu-mp3-mp4-3gp But before trying the alternative variant with media files, it is recommended that you make a copy of the encrypted files. Something will be restored better, something will be restored worse. Some types of files can be opened (restored) using the application in which they were created. To do this, you must first remove the extension added by the ransomware. Then can try to open the file from the program in which it was created. If you open audio and video files in the editor, it will restore the structure, and upon closing it will offer to save the changes in the file. 3) If you have PDFs or files of other e-books, then they may suffer in part if they were not protected from manual modification. Therefore, after removing the added extension, they can be partially read (~50 - 80%), if get lucky. Unfortunately, it is not yet possible to recover files created in MS Office applications due to their sensitivity to any damage. They can be easily damaged without encryption. It is easier to recover and read text written on paper or on stone than one created in MS Office. An alternative method for other files has not yet been found. I understand that this will not be enough, but recovering some of the files is better than losing everything...
×
×
  • Create New...