Jump to content

Amigo-A

Visiting Expert
  • Posts

    2288
  • Joined

  • Last visited

  • Days Won

    56

Everything posted by Amigo-A

  1. Hello. We are pity this happened. It is Rapid Ransomware Extension: .no_more_ransom Email: [email protected], [email protected] ID pattern: ID - ID-XXXXXXXX This version of Rapid Ransomware has no known way of decrypting data at this time.
  2. No one has reported so far that he can decrypt files. Samples still collect. You do not need to panic, and patiently wait for the answer decryption specialists. Perhaps they have something to say to you.
  3. Yes, this malware called Sodinokibi Ransomware or BlueBackground Ransomware https://id-ransomware.blogspot.com/2019/04/sodinokibi-ransomware.html In ID Ransomware it is also called Sodinokibi Extension: .<random_personal> Ransom note" <random_personal>-readme.txt At the moment I’ve prepared several variants for publicationid my Digest, but only the first one is described. Samples for research are in my article.
  4. Hello. We are pity this happened. Information about the added extension in this case is not enough. We can assume that your case belongs to the list of known ones, but without additional information we cannot say for sure. Please collect a ransom note (perhaps this is how_to_back_files.html) and several encrypted files of various formats (jpg, png, txt, doc). Be sure to place them in the archive. Attach to a new post. If the size is more than 10 MB, then upload to the service www.sendspace.com and give us a link to download.
  5. Hello. Ransomware with .cheetah and [id=<XXXXXXXX>] is BigBobRoss Ransomware - it's not STOP Ransomware! Detections on VT are incorrect. The extortionists tried very hard to make detection AV-engines VT wrong regarding this instance, but we will not here go into the technical details. I described his early version this ransomware as BigBobRoss Ransomware back in January 2019, then he did not have a name and I gave him this name (by login email of [email protected]). Later this name stuck to this extortionist, since then he has already changed several times. The variant with .cheetah extension also exists in several variants. Emsisoft released a firm decrypter for three variants of BigBobRoss Ransomware, among them only the first variant with .cheetah extension. In your case, you probably got a newer version, with other keys, so the decoder did not work. Wait for a response from the support service.
  6. Yes. This is Matrix Ransomware At the moment there is no known free way to decrypt files after this Ransomware. Alas.
  7. Extension .codnat to encrypted files — this is the result of the work of STOP Ransomware You need to find the _readme.txt file - this is a ransom note from extortionists. It is very important and will be needed for decryption. Follow the instructions in the first post of this support topic and FAQ and provide the personal ID and MAC addresses of the infected machine ASAP. You at now do not need to hurry and do not need to try to decrypt the files yet. The most important thing now for your files is to read the instructions and provide the required data. ----------------------------- For more information STOP Ransomware encrypts files all over the world, in all countries where there is high-speed Internet. Only one volunteer specialist Demonslay335 decrypts the files. He found a way to decrypt files encrypted with offline keys in some cases. If your files were encrypted using offline keys, then the files can be decrypted. If the offline key was partially used (after the Internet connection was disconnected), only part of the files can be decrypted. This method 'using offline keys' has been implemented in STOPDecrypter.
  8. Hello I think I know, which Ransomware worked here. Attach the file #_#RAD_README#_#.rtf to the message
  9. Extension .fordan to encrypted files — this is the result of the work of STOP Ransomware You need to find the _readme.txt file Make sure you download the correct program from the official link. https://download.bleepingcomputer.com/demonslay335/STOPDecrypter.zip STOP Ransomware encrypts files all over the world, in all countries where there is high-speed Internet. Only one volunteer specialist Demonslay335 decrypts the files. He found a way to decrypt files encrypted with offline keys in some cases. If your files were encrypted using offline keys, then the files can be decrypted. If the offline key was partially used (after the Internet connection was disconnected), only part of the files can be decrypted. This method 'using offline keys' has been implemented in STOPDecrypter.
  10. Tom Calderon Just read what needs to be done and post this information for Demonslay335.
  11. If this happened to your files, then you probably badly protected your PC and / or used software with Trojan programs that caused infection and encryption. Only one volunteer specialist Demonslay335 decrypts the files. He found a way to decrypt files encrypted with offline keys in some cases. You have received the result of the files analysis. They gave you a link to go to the topic of support, where Demonslay335 collects info-data from the victims. He also collects them in this forum.
  12. I agree. This is a dubious and, as it turned out, the most dangerous option in all this "Sinology"... External access could be a “software pad” that could be to order be made. This directive could come from 'Above'.
  13. Yes, this is a new variant of STOP Ransomware There is another new variant with .codnat1 extension
  14. Albert-S Thank you for the detailed coverage of the issue. If you be added some screenshots for the important settings, then this would be a complete user manual. It would be more than the developers could write if they wanted. But they didn’t really like or knew how to write a manual, they never did, because they talked to themselves "We don’t care. We don’t care. We don’t care"... By the way, it is this meaning "We don’t care" that is expressed in the phrase NamPoHyu, if it read in Russian, and exclude obscene vocabulary.
  15. Yes. Text files are fine. Only one way out: to ask to attach files in the archives.
  16. Thus, files encrypted first by Dharma, then covered with new encryption from Ransomnix .id-EE8B9148.[[email protected]].bgtx + .charm This .bgtx-variant of Dharma Ransomware appeared in early October 2018. This variant of Ransomnix-Charm was also noted by me in October 2018.
  17. I know which Ransomware left the extension .charm This is Ransomnix, which I know from the summer of 2017. It is described in my article Ransomnix Ransomware. Then Michael added him to ID Ransomware. The variant with the .charm extension appeared a year later, I added it as an update in October 2018. In January 2019, a new version was seen with an extension .mdk4y The sample is here.
  18. Hello, wallyworld After this recommendation, please attach to your message 2-3 encrypted files and files with the ransom requirements. There should be 1 text file and one file with the extension hta or html. Place them in the archive before attaching to the message. If the file size is more than 10 megabytes, then use the www.sendspace.com service to upload the file there and give us a link to download and research.
  19. Identification result for your files on ID Ransomware GlobeImposter 2.0 does not have a free public decryptor. Alas.
  20. GT500 Now I tried to download another attachment from GlobeImposter (in another topic). The situation is analogical. Screenshot attached.
  21. There is a separate topic on this Ransomware. There are all the answers to many questions. Join there to stay informed.
  22. There is a separate topic on this Ransomware. There are all the answers to many questions. Join there to stay informed.
  23. After you make these recommendations, please check: 1) the accuracy of the filename with the extension added full_name_your_file.id-XXXXXXXX.[[email protected]].com 2) ransom notes: FILES ENCRYPTED, Info.hta 3) Email from ransom notes: [email protected], [email protected] If all of this data is the same, then your files are exactly encrypted Dharma Ransomware. Now a 1.5 year there is no successful decryption, no free public decrypters for files after Dharma.
  24. Hm, this is the second time I've downloaded such an edited file from the additions on this forum. So I, of course, thought it was such a setting of secure. The user sent me an emails extortionists and I received them still elsewhere. This addresses and variant of this Ransomware received confirmation.
×
×
  • Create New...