Jump to content

Amigo-A

Visiting Expert
  • Posts

    2343
  • Joined

  • Last visited

  • Days Won

    61

Everything posted by Amigo-A

  1. Hello. There are several uses of this name. I have several articles with a similar title. Sometimes it is the legal name of an Ransomware, sometimes it is just words that extortionists use to intimidate victims. You need to upload the ransom note and one encrypted file so that ID Ransomware identifies "your" ransomware correctly.
  2. pmarty I can not download attachments here. Better send it to www.sendspace.com or my email (PM)
  3. OK. You have done a great and useful work. Now, users should not be mistaken in this matter. --- Google translator used several wrong phrases, but in general, the meaning should be clear. Улыбнуло: "рядовой пользователь". 😃
  4. See the next topic. The incident is similar to your. The same recommendations for you.
  5. pmarty Yes. Send me such files for comparison.
  6. Да, но только если ЭТОТ компьютер использовался во время атаки и заражения, а ЭТО сетевое устройство (встроенная сетевая карта, вторая сетевая карта, USB-LAN-устройство, Wi-Fi, USB flash-модем, и т.д.) в этот момент был использован. Каждое сетевое устройство имеет свой собственный MAC-адрес, и если вы отправите другой, который программа покажет на другом сетевом устройстве или другом ПК, расшифровка не будет выполнена правильно. Demonslay335 пишет from FAQ
  7. Description MegaLocker Ransomware Albert-S Your information corresponds to the description + March 8, 2019 update with extension .nampohyu Can you add anything? For example, about what preceded the attack, was the download of suspicious files, the reloading of lan-hardware.
  8. Hello If you ask about it Phobos Ransomware No one has made a free decoder yet.
  9. balumka13 If you will apply for decryption in DrWeb or ESET, then you can provide them with all these files, information and a link that you published here. It is possible that this will help. Please tell us about the results. This code is very short, usually there are more than 100 characters. But inside the file itself there may be more information. Do not change anything there.
  10. Ok. Thank to H6T9, balumka13 In short: your files were encrypted by Scarab-Gefest Ransomware, from the Scarab family. No free decoder. You can get the private decryption that DrWeb and ESET do if they have an encoder file. Request for decryption 1) DrWeb makes a free test-decryption, used only encrypted files, registry files and a ransom note file. Link. If they can decrypt, then they offer to first buy a 'Rescue Package' with DrWeb Security Space for 2 years, then give a decoder for the encrypted files. And user will under their protection for 2 years. For users from Russia, the package price is 5299 rubles, and for foreigners - 150 € (euro). The service without the rescue package of Dr.Web is not available. 2) ESET first offers to buy their commercial antivirus, and then make a test-decryption. Link. Recently I told how to make a request in ESET, if you're interested, see the link on the BleepingComputer forum. Starting with post # 554. I have nothing to do with them and can’t influence their prices. I also believe that it was possible to make this service cheaper, if the user gets support for the first time. Later he would still buy protection if she would provide real security for a year. If details Ransomware are interesting: What is this Scarab, I realized immediately when I carefully looked at the results of ID-Ransomware. But extortionists often confuse traces: they take the name of someone else's note, the text of the ransom, imitate the ID and so on. I talked about the fifth element, in fact there are more of them and they came together before I saw the note itself. It was also clear to me exactly which version of the Scarab and which group is currently engaged in this variant. The hint is the BM-address from the note. Previously, the same people spread Hermes, then another and Scarab. Then Hermes was sold and the actors went to other projects. When the basic encryptor of Scarab was updated last year, many extortionists switched to using it. I wrote about some, who switched to the Scarab and came from other projects. The Scarab Ransomware-project employs many groups from different countries, they work in groups and individually.
  11. If you do not know how to find the MAC (physical) address, then look at the screenshot there. Write only the address of the network card you used to access the Internet at the time you received the infection (wired or wireless (W-Fi)). Do not write both addresses! Determine exactly. This is not difficult. It is necessary for you more, than for the developer of STOPDecrypter. Such common errors lead to the fact that files cannot be decrypted.
  12. If you do not know how to find the MAC (physical) address, then look at the screenshot there. Write only the address of the network card you used to access the Internet at the time you received the infection (wired or wireless (W-Fi)). Do not write both addresses! Determine exactly. This is not difficult. It is necessary for you more, than for the developer of STOPDecrypter. Such common errors lead to the fact that files cannot be decrypted.
  13. If you do not know how to find the MAC (physical) address, then look at the screenshot there. Write only the address of the network card you used to access the Internet at the time you received the infection (wired or wireless (W-Fi)). Do not write both addresses! Determine exactly. This is not difficult. It is necessary for you more, than for the developer of STOPDecrypter. Such common errors lead to the fact that files cannot be decrypted.
  14. If you do not know how to find the MAC (physical) address, then look at the screenshot there. Write only the address of the network card you used to access the Internet at the time you received the infection (wired or wireless (W-Fi)). Do not write both addresses! Determine exactly. This is not difficult. It is necessary for you more, than for the developer of STOPDecrypter. Such common errors lead to the fact that files cannot be decrypted.
  15. scryba This is a new version of STOP-Djvu Ransomware You need to leave the application to the developer STOPDecryptor at the link on the forum BleepingComputer. Only there are collected all the requests and cases where the decrypting failed. You need to carefully read the first post of the topic to find out what you need to provide. If you do not want to read there, provide the following information: 1) the extension on your encrypted files; 2) MAC (physical) address of the network card that was used to access the Internet at the time of the attack (others are not needed!!!); 3) personal ID from a ransom note or attach a this text file to your message; 4) ID, which unsupported from the STOPDecrypter, only if you have already tried to decrypt and your extension is supported by STOPDecrypter. But at the moment STOPDecrypter your extension does not support. Therefore, your message should be left there as soon as possible.
  16. This is a new version of STOP-Djvu Ransomware You need to leave the application to the developer STOPDecryptor at the link on the forum BleepingComputer. Only there are collected all the requests and cases where the decrypting failed. You need to carefully read the first post of the topic to find out what you need to provide. If you do not want to read there, provide the following information: 1) the extension on your encrypted files; 2) MAC (physical) address of the network card that was used to access the Internet at the time of the attack (others are not needed!!!); 3) personal ID from a ransom note or attach a this text file to your message; 4) ID, which unsupported from the STOPDecrypter, only if you have already tried to decrypt and your extension is supported by STOPDecrypter. But at the moment STOPDecrypter your extension does not support. Therefore, your message should be left there as soon as possible.
  17. This is a new version of STOP-Djvu Ransomware You need to leave the application to the developer STOPDecryptor at the link on the forum BleepingComputer. Only there are collected all the requests and cases where the decrypting failed. You need to carefully read the first post of the topic to find out what you need to provide. If you do not want to read there, provide the following information: 1) the extension on your encrypted files; 2) MAC (physical) address of the network card that was used to access the Internet at the time of the attack (others are not needed!!!); 3) personal ID from a ransom note or attach a this text file to your message; 4) ID, which unsupported from the STOPDecrypter, only if you have already tried to decrypt and your extension is supported by STOPDecrypter. But at the moment STOPDecrypter your extension does not support. Therefore, your message should be left there as soon as possible.
  18. This is a new version of STOP-Djvu Ransomware You need to leave the application to the developer STOPDecryptor at the link on the forum BleepingComputer. Only there are collected all the requests and cases where the decrypting failed. You need to carefully read the first post of the topic to find out what you need to provide. If you do not want to read there, provide the following information: 1) the extension on your encrypted files; 2) MAC (physical) address of the network card that was used to access the Internet at the time of the attack (others are not needed!!!); 3) personal ID from a ransom note or attach a this text file to your message; 4) ID, which unsupported from the STOPDecrypter, only if you have already tried to decrypt and your extension is supported by STOPDecrypter. But at the moment STOPDecrypter your extension does not support. Therefore, your message should be left there as soon as possible.
  19. No. Please use the www.sendspace.com service to download the file and give us a link. Forum settings do not allow me to download attachments.
  20. Hello. I asked you to send to me a ransom note (text file) left by the extortionists in each folder with encrypted files... There is not enough of the fifth element to add his to the puzzle.
  21. Yes. On the BleepingComputer forum, on twitter, here on the Emsisoft forum also. And on my two sites too (they are in my signature), a translation into English in the title of each new article.
  22. In fact, a lot of them. Michael told me a month ago that he already had about 600 cases. After that, he was able to update the STOPDecrypter 2 times. It is necessary to hope for the best, but do not forget that decoding is not always possible.
  23. H6T9 In this case, the identify ID Ransomware may be wrong, because extortionists specially selected similar items. Give me a note (here or in PM), I will immediately tell you who it was. Use the www.sendspace.com service to download the file and give us a link.
  24. Hello. This is new variant of STOP-Djvu Ransomware It is not yet in the decryption list. You ou need to leave a request to the developer of STOPDecryptor.
  25. It's good. It would be even better if the victim soon received the files back.
×
×
  • Create New...