Jump to content

Amigo-A

Visiting Expert
  • Posts

    2436
  • Joined

  • Last visited

  • Days Won

    61

Everything posted by Amigo-A

  1. amro genidy You should know that this is not a simple infection that is easy to delete and unlock files with one click of the mouse. This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017, this is earlier than many antivirus programs. Some of them announced the discovery of one of the variants of this Ransomware only in August 2018, when there was a massive attack on residents of many countries. Unfortunately, this attack continues. Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. This is possible only in case where the files were encrypted with offline keys and an instance of the malware was detected. Demonslay335 (the developer of the STOPDecrypter) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files.
  2. Hello This is the result of an attack of a new variant of STOP Ransomware. ID Ransomware can confirm that, and can let you know if STOPDecrypter can recover your files. You need to wait until the new version of the decryptor is released, which will support this variant with muslat extension. While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers, that will encrypt any new files saved and will encrypt any files you manage to decrypt. We recommended to check PC and make sure that no such components have been left behind, so following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious now on your computer/ https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ Please attach the log files FRST saves to a reply to this topic. It is recommended to send the log files FRST as soon as possible.
  3. Attach 2 encrypted files and a file _readme.txt to the message.
  4. This is a variant of STOP Ransomware has been encrypt your files. You can use the service ID Ransomware to confirm identification of this Ransomware. You should know that this is not a simple infection that is easy to delete and unlock files with one click of the mouse. I have been tracking the malicious work of this program since December 2017, this is earlier than many antivirus programs. Some of them announced the discovery of one of the variants of this Ransomware only in August 2018, when there was a massive attack on residents of many countries. Unfortunately, this attack continues. Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. This is possible only in case where the files were encrypted with offline keys and an instance of the malware was detected. Demonslay335 (the developer of the decoder) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files.
  5. This is a new variant of STOP Ransomware has been encrypt your files. You should know that this is not a simple infection that is easy to delete and unlock files with one click of the mouse. I have been tracking the malicious work of this program since December 2017, this is earlier than many antivirus programs. Some of them announced the discovery of one of the variants of this Ransomware only in August 2018, when there was a massive attack on residents of many countries. Unfortunately, this attack continues. Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. This is possible only in case where the files were encrypted with offline keys and an instance of the malware was detected. Demonslay335 (the developer of the decoder) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. At the moment, it not been added to ID Ransomware (not been message), but it will soon be added.
  6. This is a new variant of STOP Ransomware has been encrypt your files. At the moment, it not been added to ID Ransomware (not been message), but it will soon be added. --- You should know that this is not a simple infection that is easy to delete and unlock files with one click of the mouse. This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017, this is earlier than many antivirus programs. Some of them announced the discovery of one of the variants of this Ransomware only in August 2018, when there was a massive attack on residents of many countries. Unfortunately, this attack continues. Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. This is possible only in case where the files were encrypted with offline keys and an instance of the malware was detected. Demonslay335 (the developer of the STOPDecrypter) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files.
  7. Yes, this is a previous version, whose files can be decrypted. Link to the decryption files you have. Try to decrypt files, as was written above. Important note. Folders containing encrypted files must have English names (for example, New Folder) or numbers as 1234567890 Earlier there were cases when the letters other languages interfered with decoding. It is possible that the developers have already fixed this error. But you just keep that in mind.
  8. Probably, the extension .DOCM is added to the encrypted files. In the next topic described a similar case. There I already answered you. Look, if all the data matches, then your PC was also attacked by the GlobeImposter Ransomware. There is no free way and no free file decryption tool.
  9. khan1 This is what is in the updates in my article GlobeImposter Ransomware. I found several similar variants here and in another forum. Also victims sent me samples. Test results: VT + VMR Perhaps they will help decryption specialists figure out something. Update June 3, 2019: Extension: .DOCM R/n: Restore-My-Files.txt Email: [email protected] Tor URL: xxxx://decrmbgpvh6kvmti.onion/ xxxx://helpinfh6vj47ift.onion/ Text on alternative site: If you want to buy a decryptor send e-mail to [email protected] There is no free way and no free file decryption tool. Alas.
  10. The version should be written in a note QPDQR-DECRYPT.txt. The QPDQR-DECRYPT.txt format is characteristic of previous versions that have been decrypted.
  11. Probably, this is GANDCRAB v.5 More precisely, it should be written in your note QPDQR-DECRYPT.txt, which you did not attach to the message ... We don't have anything that can decrypt files that have been encrypted by GandCrab. BitDefender does have a decrypter for GandCrab, however they obtain the decryption keys for it by working with law enforcement to gain access to the servers being used by the criminals... I recommend making a backup of your encrypted files and the ransom notes before try decryption files. Decryption tool: https://labs.bitdefender.com/2018/10/gandcrab-ransomware-decryption-tool-available-for-free/
  12. Hello, Nuwan This is the result of the STOP Ransomware attack. Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. This is possible only in case where the files were encrypted with offline keys and an instance of the malware was detected. Demonslay335 (the developer of the decoder) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. To identify this Ransomware and confirm my information, you can use the service ID Ransomware.He will give you a link to the support topic on the BleepingComputer forum, you need to read the first post of the topic and inform the requested information there or here - Mac-address of network device. --- If STOPDecrypter can't recover your files, then it can be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: https://kb.gt500.org/stopdecrypter Also, while most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums): https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ The support team will review the logs and tell you what to do. Do not depart from the topic, it is important for you, wait for the answer of the specialist and the final decision.
  13. Hello, Vikrant This is the result of the STOP Ransomware attack. Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. This is possible only in case where the files were encrypted with offline keys and an instance of the malware was detected. Demonslay335 (the developer of the decoder) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. To identify this Ransomware and confirm my information, you can use the service ID Ransomware.He will give you a link to the support topic on the BleepingComputer forum, you need to read the first post of the topic and inform the requested information there or here - Mac-address of network device. --- If STOPDecrypter can't recover your files, then it can be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: https://kb.gt500.org/stopdecrypter Also, while most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums): https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ The support team will review the logs and tell you what to do. Do not depart from the topic, it is important for you, wait for the answer of the specialist and the final decision.
  14. kevinliangts Instructions approved by the forum support service are located above.
  15. I'm happy for you. It helps if an offline key was found and added to the decryptor. Files encrypted with online keys can only be decrypted by extortionists.
  16. Look at the topic, there is a case similar to yours. Attach here some encrypted files and a note, we will say more precisely.
  17. For him there is no free public decryptor for several years.
  18. This is the result of the Dharma Ransomware attack. You can check it with the help of the service ID Ransomware
  19. So I thought. They have copy a picture of a JSWorm Ransomware from my article. Apparently liked. 😃
  20. Did you manage to decrypt the files or are you trying to say something else? Use a Google-translator, he knows many languages. https://translate.google.ru
  21. Hello We need more data. Attach to your post: - a ransom notes with the demands of redemption (all that you will find); - several encrypted files (jpg, png, doc, txt).
  22. The support team will review the logs and tell you what to do. Do not depart from the topic, it is important for you, wait for the answer of the specialist and the final decision.
  23. This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017, this is earlier than many antivirus programs. Some of them announced the discovery of one of the variants of this Ransomware only in August 2018, when there was a massive attack on residents of many countries. Unfortunately, this attack continues. Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. This is possible only in case where the files were encrypted with offline keys and an instance of the malware was detected. Demonslay335 (the developer of the decoder) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. To identify this Ransomware and confirm my information, you can use the service ID Ransomware. He will give you a link to the support topic on the BleepingComputer forum, you need to read the first post of the topic and inform the requested information there or here - Mac-address of network device. --- If STOPDecrypter can't recover your files, then it can be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: https://kb.gt500.org/stopdecrypter Also, while most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums): https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/
  24. Hello It is advisable alwais to translate your text into English, so that most experts understand. Use Google translator. Arabic language and letter is very different from other languages and we will not be able talking. Google translator helped us understand your text along with the word .stone
  25. The support team will review the logs and tell you what to do. Do not depart from the topic, it is important for you, wait for the answer of the specialist and the final decision.
×
×
  • Create New...