Jump to content

Amigo-A

Visiting Expert
  • Posts

    2281
  • Joined

  • Last visited

  • Days Won

    56

Everything posted by Amigo-A

  1. This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017, this is earlier than many antivirus programs. Some of them announced the discovery of one of the variants of this Ransomware only in August 2018, when there was a massive attack on residents of many countries. Unfortunately, this attack continues. Now on the forum a lot of victims from different options of this extortionist. In some cases, the files can be decrypted. This is possible only in case where the files were encrypted with offline keys and an instance of the malware was detected. Demonslay335 (the developer of the decoder) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. Note: To identify this Ransomware and confirm my information, you can use the service ID Ransomware.He will give you a link to the support topic on the BleepingComputer forum, you need to read the first post of the topic and inform the requested information there or here - Mac-address of network device. --- If STOPDecrypter can't recover your files, then note that it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: https://kb.gt500.org/stopdecrypter Also, while most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums): https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/
  2. This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017, this is earlier than many antivirus programs. Some of them announced the discovery of one of the variants of this Ransomware only in August 2018, when there was a massive attack on residents of many countries. Unfortunately, this attack continues. Now on the forum a lot of victims from different options of this extortionist. In some cases, the files can be decrypted. This is possible only in case where the files were encrypted with offline keys and an instance of the malware was detected. Demonslay335 (the developer of the decoder) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. Note: To identify this Ransomware and confirm my information, you can use the service ID Ransomware.He will give you a link to the support topic on the BleepingComputer forum, you need to read the first post of the topic and inform the requested information there or here - Mac-address of network device. --- If STOPDecrypter can't recover your files, then note that it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: https://kb.gt500.org/stopdecrypter Also, while most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums): https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/
  3. Attach to the message a few encrypted files of different types (jpg, png, txt, doc) and original unedited ransom note, so that we can check.
  4. This is yes, but not quite. The user did not report any errors and did not attach any screenshots with errors. If not have the .NET Framework 4.5.2 installed and the newer version, then such errors should be displayed in the dialog boxes. LINK for Download Plus, important components for the work of your decrypters and Emsisoft decrypter, is the presence of installed service packs Microsoft Visual C ++ 2008 Redistributable / 2010/2013 and newer But even without them, the user would receive an error messages.
  5. yash shah I wonder what variant you have - one of mine, or quite another?
  6. If there was no imitation, then the identification result is likely to indicate to Phobos Ransomware --- More than a week ago, I determined that Ransomware with the extension is a new version of the Phobos Ransomware. Extension: .actin Full extension: .id[XXXXXXXX-1104].[[email protected]].actin Email: [email protected] Ransom notes: info.hta and info.txt I also found and submitted samples of this version. - VirusTotal >> - Hybrid Analysis >> There is also an original decoder (this is a new version, it used to be different): 2ph_decrypt.exe at VirusTotal >> --- Recently, another variant was found with the .actin extension Extension: .actin Full extension: .id[XXXXXXXX-1159].[[email protected]].actin Email: [email protected]
  7. Hello While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums):https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ Your PC may also have another infection that does not allow files to run.
  8. kaylaio But this does not mean that it is impossible to decipher. It is important for you to leave the data provided by the extortionists and collect the encrypted files in a separate a place. Do not change the location of the files - let them be in the same folders, as now. Experience shows that sometimes it matters.
  9. Do not leave your PC without protection even for a short time. Emsisoft Anti-Malware for 30 days free
  10. The support team will review the logs and tell you what to do. Do not depart from the topic, it is important for you, wait for the answer of the specialist and the final decision.
  11. This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017, this is earlier than many antivirus programs. Some of them announced the discovery of one of the variants of this Ransomware only in August 2018, when there was a massive attack on residents of many countries. Unfortunately, this attack continues. Now on the forum a lot of victims from different options of this extortionist. In some cases, the files can be decrypted. This is possible only in case where the files were encrypted with offline keys and an instance of the malware was detected. Demonslay335 (the developer of the decoder) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. Note: To identify this Ransomware and confirm my information, you can use the service ID Ransomware.He will give you a link to the support topic on the BleepingComputer forum, you need to read the first post of the topic and inform the requested information there or here - Mac-address of network device. --- If STOPDecrypter can't recover your files, then note that it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: https://kb.gt500.org/stopdecrypter Also, while most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums): https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/
  12. kaylaio The fact that this Magniber can be seen by ransom note. No one else has that does not have this text. Description Magniber Ransomware (in the title there is a link to English from Google) The early attack was aimed only at Korea. Korean antivirus company AhnLab was able to collect variants and released a decoder. Later, the attack was redirected to other countries of South-East Asia, and then to other countries. No one else tried to decrypt files after the attack of Magniber. No one tried !!!
  13. This is random extension. Many different encryptors use randomly generated extensions. For example, GandCrab, Magniber and anothers. Upload a ransom note and one encrypted file to the site ID-Ransomware to identify the encryptor who encrypted your files. Also upload a ransom note and 2-3 different encrypted files (jpg, png, txt, doc) in your next message so that we can verify and confirm the identification.
  14. There are some more vulnerable programs in the list that can be used by attackers. But they will be under control if there work Emsisoft Anti-Malware comprehensive anti-virus protection or another, which has Internet Security in its name. Anky Tell me, did you install Avast, WinRAR and IObit yourself? There are cases when malicious programs, under the guise of these programs, have installed malware to carry out an attack. One file or several legitimate files of these programs can be hidden installed, and later will then be used by attackers to attack.
  15. On your system now there are several antivirus and support programs. This does not enhance protection, but only hinders. It is advisable to remove everything and install one, but a comprehensive anti-virus solution that will control all possible ways of penetration of malicious programs, including through remote access. For Windows Professional, you must install all critical patches from Microsoft, including to protect the RDP from all known vulnerabilities. STOP Ransomware, which attacked your PC, uses a very tricky method, which is associated with the penetration through the RDP-utility, which free antiviruses always miss.
  16. Anky Please, be patient. Support specialists may not respond during the weekend. This is indicated in the forum rules. Among other things, I want to note that your Google Chrome browser is also infected. Reset its settings, replace the start page with google.com, remove third-party extensions. What is now ruling there can lead your browser to sites that have become the cause of infection and encryption.
  17. sunny parmar Please, be patient. Support specialists may not respond during the weekend. This is indicated in the forum rules. The solution of the problem may come not very quickly. Do not depart from the topic, it is important for you, wait for the answer of the specialist and the final decision.
  18. The support team will review the logs and tell you what to do. Do not depart from the topic, it is important for you, wait for the answer of the specialist and the final decision.
  19. This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017, this is earlier than many antivirus programs. Some of them announced the discovery of one of the variants of this Ransomware only in August 2018, when there was a massive attack on residents of many countries. Unfortunately, this attack continues. Now on the forum a lot of victims from different options of this extortionist. In some cases, the files can be decrypted. This is possible only in case where the files were encrypted with offline keys and an instance of the malware was detected. Demonslay335 (the developer of the decoder) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. Note: To identify this Ransomware and confirm my information, you can use the service ID Ransomware.He will give you a link to the support topic on the BleepingComputer forum, you need to read the first post of the topic and inform the requested information there or here - Mac-address of network device. --- If STOPDecrypter can't recover your files, then note that it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: https://kb.gt500.org/stopdecrypter Also, while most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums): https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/
  20. Please, be patient. Support specialists may not respond during the weekend. This is indicated in the forum rules. The solution of the problem may come not very quickly. Do not depart from the topic, it is important for you, wait for the answer of the specialist and the final decision.
  21. ARNEST Please, be patient. Support specialists may not respond during the weekend. This is indicated in the forum rules. The solution of the problem may come not very quickly. Do not depart from the topic, it is important for you, wait for the answer of the specialist and the final decision.
  22. The support team will review the logs and tell you what to do. Do not depart from the topic, it is important for you, wait for the answer of the specialist and the final decision.
  23. This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017, this is earlier than many antivirus programs. Some of them announced the discovery of one of the variants of this Ransomware only in August 2018, when there was a massive attack on residents of many countries. Unfortunately, this attack continues. Now on the forum a lot of victims from different options of this extortionist. In some cases, the files can be decrypted. This is possible only in case where the files were encrypted with offline keys and an instance of the malware was detected. Demonslay335 (the developer of the decoder) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. Note: To identify this Ransomware and confirm my information, you can use the service ID Ransomware.He will give you a link to the support topic on the BleepingComputer forum, you need to read the first post of the topic and inform the requested information there or here - Mac-address of network device. --- If STOPDecrypter can't recover your files, then note that it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: https://kb.gt500.org/stopdecrypter Also, while most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums): https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/
  24. Unfortunately, the note on the purchase of JURASIK-DECRYPT was not provided, nor here, nor on the BC forum.
×
×
  • Create New...