Jump to content

Amigo-A

Visiting Expert
  • Posts

    2288
  • Joined

  • Last visited

  • Days Won

    56

Everything posted by Amigo-A

  1. You should give us more information. Upload the ransom note here. --- Probably, this is new variant of STOP Ransomware. There is a STOP Decrypter, but about official support for this variant has not yet been reported. Now is the weekend. Wait for a response from the support service soon.
  2. Hola, JAVIER F El Emsisoft GlobeImposter Decrypter se lanzó en 2016 y estaba destinado a las primeras versiones GlobeImposter. Los archivos cifrados con GlobeImposter-2 no se descifran utilizando este Decrypter. Puede verificar la versión usted mismo y obtener información si aún no lo ha hecho. https://id-ransomware.malwarehunterteam.com/index.php?lang=es_ES
  3. This is exactly Dharma Ransomware. Michael reported this variant on April 10th. He is still active. VT sample >>
  4. Yes, this is Scarab-Bin Ransomware. Andrey, See there the update of April 25, 2019. + My recommendation for the only decoding available now. Это Scarab Ransomware. Андрей, см. там обновление от 25 апреля 2019 г. + Мой совет по единственной доступной расшифровке.
  5. sikandarrouf This means only one thing - you used the protection, that did not protect your files from encryption. There is no free decrypter for encrypted files after the attack of Dharma Ransomware variant, what used email [email protected]
  6. Let us know the results of the actions recommended to you by GT500. Extortionists often borrow information from each other (program code, texts from notes, extensions to be added to files, etc.), to confuse the victims, force them to search for a solution on the Internet, find the wrong, try do something, do fail, and return to the extortionists, to pay of ransom for decryption. One possible outcome could be Scarab. This means that your files were encrypted too by Scarab-Gefest Ransomware, from the Scarab family. In the article in === BLOCK OF UPDATES === (below the main article) there is a description in Update April 7-14, 2019. Alas. No free decoder. You can get the private decryption that DrWeb and ESET do if they have an encoder file (requires payment for services). Recently, I have already talked about this in detail in the other topic. In order for me not to repeat, please read this on the link in the next topic.
  7. You did the right thing. .BUP files are intended for backup restoration .IFO files.
  8. The result of uploading a notes and files will be the same as I described above. Because ID Ransomware will react to the pattern and the known extension, and if already know, then to the email also. But email can already be used in other projects from which extortionists are moving. (They usually roam like beetles from one feeder to another). Dharma Ransomware also used the typical file marker and the typical name of the project for a long time. This is easy to see, but extortionists can get rid of these easily recognizable elements of "folk art". In some variants this happened.
  9. Dear itmefx Everything I wrote above for Sai applies to you as well. You have the same case. Please read and do the same. Okay? Ask if something is unclear. But first read the FAQ from the developer. He has 200 requests per day, impossible to answer to everyone. https://www.bleepingcomputer.com/forums/t/671473/?p=4682102
  10. Dear Sai You also need to analyze the situation and identify the facts that caused such an attack, so that be this incident no longer repeats with your PC and your files. We saw a case where, within one month, the sufferer, who received his data after decryption, again asked for help after the attack of the new variant of the same Ransomware. This is not an isolated case, others were embarrassed to ask for help under the same nickname and created a new one. So read carefully and get me right. Okay? Have you used hacked or patched or otherwise broken software? Did you or other users download it in recent days? Most STOP Ransomware variants are distributed in this way. Such programs can be on the PC for a long time and wait for some opportunity to receive a command for attack from outside. Did you use a paid antivirus solution or use a free one? You should know that no free antivirus software is able to protect against attacks of this kind. Even if name this program is written on all fences and adboards, all over the Internet this program receives awards, in fact it is not true. Any free software is intended for marketing and advertising of the paid versions. It can catch a virus in simulated situations, but in the user's real life it will play poorly and miss a 'goal' into your gate. Answer is not necessary. You have to figure it out yourself and make the right decision.
  11. Sai It's simple. You need to copy and write the result from STOP Decrypter. This can be done here or on that other forum where Demonslay335 has published a new version of the STOP Decrypter.
  12. But besides this, you must understand that you can no longer use this device as you used it before. Extortionists who attacked your devices exploited several vulnerabilities. Some NAS ships with a Samba server to ensure compatibility when sharing files between different operating systems. Samba developers fix vulnerabilities regularly. After solving the problem with the files, you need to install all the released patches, if this has not been done before. Official page with patches and descriptions of each vulnerability: https://www.samba.org/samba/history/security.html 
  13. There is no public decrypter, but there is another solution. In the near future another Visiting Expert will contact you about this problem. Perhaps you will succeed. There is hope, but this is not a 100% solution. Emsisoft released Decryptor for MegaLocker with .nampohyu extension https://www.emsisoft.com/decrypter/megalocker
  14. Hello. It is a pity that this happened ... This .id-E4BCBE4B.[[email protected]].com added to your files This 'E4BCBE4B' is your ID as victim of Ransomware This '[email protected]' is an address of extortionists This '.com' is an ending extension for encrypted files This '.id-E4BCBE4B.[[email protected]].com' is an compound extension for your encrypted files This '.id-<id>.[<email>].com' is a general pattern of Dharma Ransomware for encrypted files This '.id-<id>.[[email protected]].com' is a pattern of Dharma Ransomware for your encrypted files For this version Dharma Ransomware there is no free decryptors. i'm pity...
  15. Hello. Your files are encrypted with the new STOP Ransomware variant with extension .kiratos This STOP Ransomware successfully, to our general pity, attacks users around the world already a 1,5 year... Decrypting files in some cases is possible with the efforts of Demonslay335 (developer STOP Decrypter). You need to read important information on the link. In the next topics, the other users has already received a solution to the problems. This is not always possible. Probably, Demonslay335 can help you today...
  16. guilhermepeace You need to stop the infection of the computer. Use an antivirus product to treat PC. https://www.emsisoft.com/en/home/antimalware/#scan-and-clean 30 days free trial Only after that you can collect files and try to decrypt them.
  17. Thank you for sharing this good news. Glad for you. Now you need to strengthen the protection of your computer. Do not save on protection, the next time a lucky chance may not happen. If you need more detailed advice, the Emsisoft specialists will help you.
  18. Ficharr You noticed correctly! This encryptor modifies the hosts file and adds more than 150 site addresses to the ban list. You need to delete this file hosts manually, if you have never edited it for being needed and all sites will unlocked. His location in thon the inserted imagee system: C:\Windows\System32\drivers\etc\hosts See also picture below. On the inserted image shows a small part of the sites blocked in the hosts file. The site emsisoft.com is also there
  19. Ficharr This STOP Ransomware successfully, to our general pity, attacks users around the world already a 1,5 year... Decrypting files in some cases is possible with the efforts of Demonslay335 (developer STOP Decrypter). You need to read important information on the link and and write Demonsla335 yourself.. Today is a weekend, he may not reach you, because he has nearly ~1,160 victims in the queue as of yesterday.
  20. Extortionists who attacked your devices exploited several vulnerabilities. Some NAS ships with a Samba server to ensure compatibility when sharing files between different operating systems. Samba developers fix vulnerabilities regularly. It is urgent to install all released patches, if this has not been done before. Official page with patches and descriptions of each vulnerability: https://www.samba.org/samba/history/security.html --- If you want to hear my opinion about all this... 💬 Of course, extortion is a crime, but selling devices that are defenseless and have wide opened doors is also a crime. If you draw an analogy with society and life, it turns out that a person bought a safe, put valuables there and put it on the street where does it rain, blowing the wind and walk the passersby. So, the castle rusted, the cunning hacker opened it with a special key, took everything valuable and threw what he could not carry into the dirt. Now, even if the injured party pays the ransom, it still will not return all of their valuables.
  21. Hello. Your files are encrypted with the new STOP Ransomware variant with extension .kiratos This STOP Ransomware successfully, to our general pity, attacks users around the world already a 1,5 year... Decrypting files in some cases is possible with the efforts of Demonslay335 (developer STOP Decrypter). You need to read important information on the link. In the next topic, the other user has already received a solution to the problem. He got lucky. This is not always possible. To some Demonslay335 can help now, but to help everyone is unreal, to our general regret. Demonslay335 updated the STOPDecryptor for new variants.
  22. It is not enough to know only the extension. This extension adds to the encrypted files two known Ransomware (eg. Paradise and GlobeImposter). To be say more precise, you need to attach a ransom note about and several encrypted files to your message or download them through the service www.sendspace.com We will look at your files and inform you more accurately.
  23. Hello. It is a pity that this happened ... You need attach a ransom note and a few encrypted doc, jpg, png files to your first or new post. ---------------------------------------------- Let's also are clarify: Extension look like this? - .ETH Encrypted files look like this? - original_filename.id-XXXXXXXX.[[email protected]].ETH Under XXXXXXXX are letters and numbers. If so, this means that the files are encrypted Dharma Ransomware. Read more: This '.id-XXXXXXXX.[phobos.encrypt@qq.com].ETH' added to your files This 'XXXXXXXX' is your ID as victim of Ransomware This 'phobos.encrypt@qq.com' is an address of extortionists This '.ETH' is an ending extension for your encrypted files This '.id-XXXXXXXX.[phobos.encrypt@qq.com].ETH' is an compound extension for your encrypted files This is a general pattern of Dharma Ransomware .id-<id>.[<email>].ETH for encrypted files of version with extension .ETH This is a pattern of Dharma Ransomware .id-<id>.[phobos.encrypt@qq.com].ETH for your encrypted files
  24. Hello. Your files are encrypted with the new STOP Ransomware variant with extension .kiratos This STOP Ransomware successfully, to our general pity, attacks users around the world already a 1,5 year... Decrypting files in some cases is possible with the efforts of Demonslay335 (developer STOP Decrypter). You need to read important information on the link. Also attach a ransom note and a few encrypted doc, jpg, png files to your first or new post.
  25. According to standard, also you need to upload a copy of every ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with to this site here: https://id-ransomware.malwarehunterteam.com/ You can paste a link to the results would like of we to review them and compare. Sometimes different or incorrect results are possible, because attackers try to deceive ID Ransomware. Therefore, when multi-encrypting, it is important to use the correct pair — a ransom note and an encrypted file. I will help you with this.
×
×
  • Create New...