Jump to content

Amigo-A

Visiting Expert
  • Posts

    2281
  • Joined

  • Last visited

  • Days Won

    56

Everything posted by Amigo-A

  1. amroaref If your files are encrypted and now have an .berost extension, then this is the result of an attack from the STOP Ransomware. STOP Ransomware encrypts files of users in many countries due to the fact that they download and run hacked software (MS Windows, MS Office, other repacked or patched programs), from which someone removed the activation, making them free and dangerous at the same time due of this malicious code. Before you decrypt the files, you need to make sure that there is neither this infection nor any other infection on the PC. We have seen cases when those who suffered from previous versions STOP Ransomware successfully decrypted files, but then they were attacked by the same encryptor, which encrypted files with a different extension, and used an encryption key that cannot be calculated. In punishment for haste and complacency, the user lost his files a second time and, possibly, forever. As experience shows, very often after encryption on a PC, this or another infection remains, which you could get together with the encryptor.Malicious programs often work in groups: trojans of a different type, password hijackers, backdoors, dormant malware, dangerous browser plugins. If you need help checking your PC for malware, you can make a request in the next section. You can also download the free tool Emsisoft Emergency Kit yourself and check the computer.
  2. If your files are encrypted and now have an .norvas extension, then this is the result of an attack from the STOP Ransomware. STOP Ransomware encrypts files of users in many countries due to the fact that they download and run hacked software (MS Windows, MS Office, other repacked or patched programs), from which someone removed the activation, making them free and dangerous at the same time due of this malicious code. Before you decrypt the files, you need to make sure that there is neither this infection nor any other infection on the PC. We have seen cases when those who suffered from previous versions STOP Ransomware successfully decrypted files, but then they were attacked by the same encryptor, which encrypted files with a different extension, and used an encryption key that cannot be calculated. In punishment for haste and complacency, the user lost his files a second time and, possibly, forever. As experience shows, very often after encryption on a PC, this or another infection remains, which you could get together with the encryptor.Malicious programs often work in groups: trojans of a different type, password hijackers, backdoors, dormant malware, dangerous browser plugins. If you need help checking your PC for malware, you can make a request in the next section. You can also download the free tool Emsisoft Emergency Kit yourself and check the computer.
  3. As experience shows, very often after encryption on a PC, this or another infection remains, which you could get together with the encryptor.Malicious programs often work in groups: trojans of a different type, password hijackers, backdoors, dormant malware, dangerous browser plugins.Therefore, I advise you to check your PC for active and dormant malware. This can be done here in the forum in the next section. This must be done in any case. You can also download the free tool Emsisoft Emergency Kit yourself and check the computer. STOP Ransomware encrypts files of users in many countries due to the fact that they download and run hacked software (MS Windows, MS Office, other repacked or patched programs), from which someone removed the activation, making them free and dangerous at the same time due of this malicious code.
  4. More precisely, you have collected all your encrypted files and reinstalled the OS Windows 7. Have you checked the saved files with an antivirus program, so as not to suffer again from a hidden infection? Have you installed anti-virus protection for 30 days or more? I hope this is not Free Antivirus, because none of the Free Antivirus will protect against encryptors.
  5. More precisely, now you have all the files encrypted and have the extension .codnat STOP Ransomware encrypted your files. Before you decrypt the files, you need to make sure that there is neither this infection nor any other infection on the PC. We have seen cases when those who suffered from previous versions STOP Ransomware successfully decrypted files, but then they were attacked by the same encryptor, which encrypted files with a different extension, and used an encryption key that cannot be calculated. In punishment for haste and complacency, the user lost his files a second time and, possibly, forever.
  6. Since there was not given answer from the victim, it is important in any case not to leave the topic hanging on mid of word. Yes, according to such scant information that the victim provided and disappeared in an unknown direction, we can determine relatively precisely that the files were encrypted with one of the variants of GlobeImposter-2 Ransomware ...and even I can show the sample of the malware that did this bad deed. Extension: .restorefiles666 Ransom note: how_to_back_files.html Email: [email protected], [email protected] Analysis result: VT The date of the appearance of the variant with .restorefiles666 extension is April 1-2, 2019. But earlier there were the same variants, but with a different extension. Extortionists often change external signs of Ransomware, but do not change the real version of their program As can be seen in the analysis results, Emsisoft Anti-Virus correctly identified this malicious file. So, if the victim's PC was under the protection of one of the antivirus solutions of Emsisoft, then the files would remain intact and were not encrypted.
  7. For previous versions, there is GandCrab v5.1 Decryptor. Your files may have been encrypted an early or latest version that is not yet decrypted. But before you hurry to do decrypt the files, you need to make sure that there is neither this infection nor any other infection on the PC. We have seen cases when those who suffered from previous versions successfully decrypted files, but then they were attacked by the same encryptor, which encrypted files with a different extension, and used an encryption key that cannot be calculated. In punishment for haste and complacency, the user lost his files a second time and, possibly, forever. As experience shows, very often after encryption on a PC, this or another infection remains, which you could get together with the encryptor. Malicious programs often work in groups: trojans of a different type, password hijackers, backdoors, dormant malware, dangerous browser plugins. Therefore, I advise you to check your PC for active and dormant malware. This can be done here in the forum in the next section. You can also download the free tool Emsisoft Emergency Kit yourself and check the computer.
  8. melatr Yes. STOP Ransomware encrypted your files. Before you decrypt the files, you need to make sure that there is neither this infection nor any other infection on the PC. We have seen cases when those who suffered from previous versions STOP Ransomware successfully decrypted files, but then they were attacked by the same encryptor, which encrypted files with a different extension, and used an encryption key that cannot be calculated. In punishment for haste and complacency, the user lost his files a second time and, possibly, forever. As experience shows, very often after encryption on a PC, this or another infection remains, which you could get together with the encryptor. Malicious programs often work in groups: trojans of a different type, password hijackers, backdoors, dormant malware, dangerous browser plugins. Therefore, I advise you to check your PC for active and dormant malware. This can be done here in the forum in the next section. You can also download the free tool Emsisoft Emergency Kit yourself and check the computer.
  9. Arman Before you decrypt the files, you need to make sure that there is neither this infection nor any other infection on the PC. We have seen cases when those who suffered from previous versions STOP Ransomware successfully decrypted files, but then they were attacked by the same encryptor, which encrypted files with a different extension, and used an encryption key that cannot be calculated. In punishment for haste and complacency, the user lost his files a second time and, possibly, forever. As experience shows, very often after encryption on a PC, this or another infection remains, which you could get together with the encryptor. Malicious programs often work in groups: trojans of a different type, password hijackers, backdoors, dormant malware, dangerous browser plugins. Therefore, I advise you to check your PC for active and dormant malware. This can be done here in the forum in the next section. You can also download the free tool Emsisoft Emergency Kit yourself and check the computer.
  10. Renzo Surya dinata Before you decrypt the files, you need to make sure that there is neither this infection nor any other infection on the PC. We have seen cases when those who suffered from previous versions successfully decrypted files, but then they were attacked by the same encryptor, which encrypted files with a different extension, and used an encryption key that cannot be calculated. In punishment for haste and complacency, the user lost his files a second time and, possibly, forever. As experience shows, very often after encryption on a PC, this or another infection remains, which you could get together with the encryptor. Malicious programs often work in groups: trojans of a different type, password hijackers, backdoors, dormant malware, dangerous browser plugins. Therefore, I advise you to check your PC for active and dormant malware. This can be done here in the forum in the next section.
  11. Blue22 Before you decrypt the files, you need to make sure that there is neither this infection nor any other infection on the PC. We have seen cases when those who suffered from previous versions successfully decrypted files, but then they were attacked by the same encryptor, which encrypted files with a different extension, and used an encryption key that cannot be calculated. In punishment for haste and complacency, the user lost his files a second time and, possibly, forever. As experience shows, very often after encryption on a PC, this or another infection remains, which you could get together with the encryptor. Malicious programs often work in groups: trojans of a different type, password hijackers, backdoors, dormant malware, dangerous browser plugins. Therefore, I advise you to check your PC for active and dormant malware. This can be done here in the forum in the next section. You can also download the free tool Emsisoft Emergency Kit yourself and check the computer.
  12. hemdan_711 Before you decrypt the files, you need to make sure that there is neither this infection nor any other infection on the PC. We have seen cases when those who suffered from previous versions successfully decrypted files, but then they were attacked by the same encryptor, which encrypted files with a different extension, and used an encryption key that cannot be calculated. In punishment for haste and complacency, the user lost his files a second time and, possibly, forever. As experience shows, very often after encryption on a PC, this or another infection remains, which you could get together with the encryptor. Malicious programs often work in groups: trojans of a different type, password hijackers, backdoors, dormant malware, dangerous browser plugins. Therefore, I advise you to check your PC for active and dormant malware. This can be done here in the forum in the next section. You can also download the free tool Emsisoft Emergency Kit yourself and check the computer.
  13. Yes. Well, many, looking at such "names", make conclusions about the element being analyzed and the impossibility of decoding. There were many cases when seeing such "names" of samples on the forums, the helpers did not even look further. But the stubborn user-victim go to for help elsewhere, and he found real help, the result of which was decryption of files. Today time with the power of enthusiasts and independent researchers can decrypt files after an attack very by well-known encryptors.
  14. Hello Such a random extension could be the result of a GandCrab Ransomware attack. Therefore, if you deleted a note after reading it, then perhaps remember this word "GandCrab", because it is written in the title of the ransomware message. Still, if you do not remember anything that was in the note, then it is possible that the malicious file is still on your PC in the archive that you downloaded before launching the malicious content. Look in the downloads, you can transfer all the archives with the programs and the recent exe-files to any cloud storage and by your link to these files we will look at all the files for harmfulness and relevance to the similar attack. Only it must be done in the current day, later it will go to the background and I cannot already help you.
  15. Extension .bufas - this is the result of the attack of new variant Stop Ransomware This was confirmed yesterday.
  16. It BigBobRoss-Cheetah, which was decrypted (link) This is probably his newer variant (link) I do not know for sure, but this is most likely, if look at the detections of anti-virus engines. This speaks in favor of the fact that they can be deceived if someone wants to do this.
  17. Since the middle of last year, the crypto-builder of encrypter has been updated several times and each time experts from the anti-virus companies DrWeb and ESET, which previously successfully decrypted the files, inform the victims that they can no longer help. If you need information on how and where to turn for private decryption, tell me and I will give you links here. I have nothing to do with them, these are just links in which other victims had previously received help with decrypting files. Nothing is eternal... Alas.
  18. This is Scarab-Bin Ransomware I separate usually o them into groups based on a some of signs and VIDs. For the most part, if extortionists use an updated encryptor for they variants, it is very difficult to decrypt the files and there is not a single free decrypter.
  19. Hello. We are pity this happened. It is Rapid Ransomware Extension: .no_more_ransom Email: [email protected], [email protected] ID pattern: ID - ID-XXXXXXXX This version of Rapid Ransomware has no known way of decrypting data at this time.
  20. No one has reported so far that he can decrypt files. Samples still collect. You do not need to panic, and patiently wait for the answer decryption specialists. Perhaps they have something to say to you.
  21. Yes, this malware called Sodinokibi Ransomware or BlueBackground Ransomware https://id-ransomware.blogspot.com/2019/04/sodinokibi-ransomware.html In ID Ransomware it is also called Sodinokibi Extension: .<random_personal> Ransom note" <random_personal>-readme.txt At the moment I’ve prepared several variants for publicationid my Digest, but only the first one is described. Samples for research are in my article.
  22. Hello. We are pity this happened. Information about the added extension in this case is not enough. We can assume that your case belongs to the list of known ones, but without additional information we cannot say for sure. Please collect a ransom note (perhaps this is how_to_back_files.html) and several encrypted files of various formats (jpg, png, txt, doc). Be sure to place them in the archive. Attach to a new post. If the size is more than 10 MB, then upload to the service www.sendspace.com and give us a link to download.
  23. Hello. Ransomware with .cheetah and [id=<XXXXXXXX>] is BigBobRoss Ransomware - it's not STOP Ransomware! Detections on VT are incorrect. The extortionists tried very hard to make detection AV-engines VT wrong regarding this instance, but we will not here go into the technical details. I described his early version this ransomware as BigBobRoss Ransomware back in January 2019, then he did not have a name and I gave him this name (by login email of [email protected]). Later this name stuck to this extortionist, since then he has already changed several times. The variant with .cheetah extension also exists in several variants. Emsisoft released a firm decrypter for three variants of BigBobRoss Ransomware, among them only the first variant with .cheetah extension. In your case, you probably got a newer version, with other keys, so the decoder did not work. Wait for a response from the support service.
  24. Yes. This is Matrix Ransomware At the moment there is no known free way to decrypt files after this Ransomware. Alas.
  25. Extension .codnat to encrypted files — this is the result of the work of STOP Ransomware You need to find the _readme.txt file - this is a ransom note from extortionists. It is very important and will be needed for decryption. Follow the instructions in the first post of this support topic and FAQ and provide the personal ID and MAC addresses of the infected machine ASAP. You at now do not need to hurry and do not need to try to decrypt the files yet. The most important thing now for your files is to read the instructions and provide the required data. ----------------------------- For more information STOP Ransomware encrypts files all over the world, in all countries where there is high-speed Internet. Only one volunteer specialist Demonslay335 decrypts the files. He found a way to decrypt files encrypted with offline keys in some cases. If your files were encrypted using offline keys, then the files can be decrypted. If the offline key was partially used (after the Internet connection was disconnected), only part of the files can be decrypted. This method 'using offline keys' has been implemented in STOPDecrypter.
×
×
  • Create New...