Jump to content

Amigo-A

Visiting Expert
  • Posts

    2466
  • Joined

  • Last visited

  • Days Won

    63

Everything posted by Amigo-A

  1. Да, но только если ЭТОТ компьютер использовался во время атаки и заражения, а ЭТО сетевое устройство (встроенная сетевая карта, вторая сетевая карта, USB-LAN-устройство, Wi-Fi, USB flash-модем, и т.д.) в этот момент был использован. Каждое сетевое устройство имеет свой собственный MAC-адрес, и если вы отправите другой, который программа покажет на другом сетевом устройстве или другом ПК, расшифровка не будет выполнена правильно. Demonslay335 пишет from FAQ
  2. Description MegaLocker Ransomware Albert-S Your information corresponds to the description + March 8, 2019 update with extension .nampohyu Can you add anything? For example, about what preceded the attack, was the download of suspicious files, the reloading of lan-hardware.
  3. Hello If you ask about it Phobos Ransomware No one has made a free decoder yet.
  4. balumka13 If you will apply for decryption in DrWeb or ESET, then you can provide them with all these files, information and a link that you published here. It is possible that this will help. Please tell us about the results. This code is very short, usually there are more than 100 characters. But inside the file itself there may be more information. Do not change anything there.
  5. Ok. Thank to H6T9, balumka13 In short: your files were encrypted by Scarab-Gefest Ransomware, from the Scarab family. No free decoder. You can get the private decryption that DrWeb and ESET do if they have an encoder file. Request for decryption 1) DrWeb makes a free test-decryption, used only encrypted files, registry files and a ransom note file. Link. If they can decrypt, then they offer to first buy a 'Rescue Package' with DrWeb Security Space for 2 years, then give a decoder for the encrypted files. And user will under their protection for 2 years. For users from Russia, the package price is 5299 rubles, and for foreigners - 150 € (euro). The service without the rescue package of Dr.Web is not available. 2) ESET first offers to buy their commercial antivirus, and then make a test-decryption. Link. Recently I told how to make a request in ESET, if you're interested, see the link on the BleepingComputer forum. Starting with post # 554. I have nothing to do with them and can’t influence their prices. I also believe that it was possible to make this service cheaper, if the user gets support for the first time. Later he would still buy protection if she would provide real security for a year. If details Ransomware are interesting: What is this Scarab, I realized immediately when I carefully looked at the results of ID-Ransomware. But extortionists often confuse traces: they take the name of someone else's note, the text of the ransom, imitate the ID and so on. I talked about the fifth element, in fact there are more of them and they came together before I saw the note itself. It was also clear to me exactly which version of the Scarab and which group is currently engaged in this variant. The hint is the BM-address from the note. Previously, the same people spread Hermes, then another and Scarab. Then Hermes was sold and the actors went to other projects. When the basic encryptor of Scarab was updated last year, many extortionists switched to using it. I wrote about some, who switched to the Scarab and came from other projects. The Scarab Ransomware-project employs many groups from different countries, they work in groups and individually.
  6. If you do not know how to find the MAC (physical) address, then look at the screenshot there. Write only the address of the network card you used to access the Internet at the time you received the infection (wired or wireless (W-Fi)). Do not write both addresses! Determine exactly. This is not difficult. It is necessary for you more, than for the developer of STOPDecrypter. Such common errors lead to the fact that files cannot be decrypted.
  7. If you do not know how to find the MAC (physical) address, then look at the screenshot there. Write only the address of the network card you used to access the Internet at the time you received the infection (wired or wireless (W-Fi)). Do not write both addresses! Determine exactly. This is not difficult. It is necessary for you more, than for the developer of STOPDecrypter. Such common errors lead to the fact that files cannot be decrypted.
  8. If you do not know how to find the MAC (physical) address, then look at the screenshot there. Write only the address of the network card you used to access the Internet at the time you received the infection (wired or wireless (W-Fi)). Do not write both addresses! Determine exactly. This is not difficult. It is necessary for you more, than for the developer of STOPDecrypter. Such common errors lead to the fact that files cannot be decrypted.
  9. If you do not know how to find the MAC (physical) address, then look at the screenshot there. Write only the address of the network card you used to access the Internet at the time you received the infection (wired or wireless (W-Fi)). Do not write both addresses! Determine exactly. This is not difficult. It is necessary for you more, than for the developer of STOPDecrypter. Such common errors lead to the fact that files cannot be decrypted.
  10. scryba This is a new version of STOP-Djvu Ransomware You need to leave the application to the developer STOPDecryptor at the link on the forum BleepingComputer. Only there are collected all the requests and cases where the decrypting failed. You need to carefully read the first post of the topic to find out what you need to provide. If you do not want to read there, provide the following information: 1) the extension on your encrypted files; 2) MAC (physical) address of the network card that was used to access the Internet at the time of the attack (others are not needed!!!); 3) personal ID from a ransom note or attach a this text file to your message; 4) ID, which unsupported from the STOPDecrypter, only if you have already tried to decrypt and your extension is supported by STOPDecrypter. But at the moment STOPDecrypter your extension does not support. Therefore, your message should be left there as soon as possible.
  11. This is a new version of STOP-Djvu Ransomware You need to leave the application to the developer STOPDecryptor at the link on the forum BleepingComputer. Only there are collected all the requests and cases where the decrypting failed. You need to carefully read the first post of the topic to find out what you need to provide. If you do not want to read there, provide the following information: 1) the extension on your encrypted files; 2) MAC (physical) address of the network card that was used to access the Internet at the time of the attack (others are not needed!!!); 3) personal ID from a ransom note or attach a this text file to your message; 4) ID, which unsupported from the STOPDecrypter, only if you have already tried to decrypt and your extension is supported by STOPDecrypter. But at the moment STOPDecrypter your extension does not support. Therefore, your message should be left there as soon as possible.
  12. This is a new version of STOP-Djvu Ransomware You need to leave the application to the developer STOPDecryptor at the link on the forum BleepingComputer. Only there are collected all the requests and cases where the decrypting failed. You need to carefully read the first post of the topic to find out what you need to provide. If you do not want to read there, provide the following information: 1) the extension on your encrypted files; 2) MAC (physical) address of the network card that was used to access the Internet at the time of the attack (others are not needed!!!); 3) personal ID from a ransom note or attach a this text file to your message; 4) ID, which unsupported from the STOPDecrypter, only if you have already tried to decrypt and your extension is supported by STOPDecrypter. But at the moment STOPDecrypter your extension does not support. Therefore, your message should be left there as soon as possible.
  13. This is a new version of STOP-Djvu Ransomware You need to leave the application to the developer STOPDecryptor at the link on the forum BleepingComputer. Only there are collected all the requests and cases where the decrypting failed. You need to carefully read the first post of the topic to find out what you need to provide. If you do not want to read there, provide the following information: 1) the extension on your encrypted files; 2) MAC (physical) address of the network card that was used to access the Internet at the time of the attack (others are not needed!!!); 3) personal ID from a ransom note or attach a this text file to your message; 4) ID, which unsupported from the STOPDecrypter, only if you have already tried to decrypt and your extension is supported by STOPDecrypter. But at the moment STOPDecrypter your extension does not support. Therefore, your message should be left there as soon as possible.
  14. No. Please use the www.sendspace.com service to download the file and give us a link. Forum settings do not allow me to download attachments.
  15. Hello. I asked you to send to me a ransom note (text file) left by the extortionists in each folder with encrypted files... There is not enough of the fifth element to add his to the puzzle.
  16. Yes. On the BleepingComputer forum, on twitter, here on the Emsisoft forum also. And on my two sites too (they are in my signature), a translation into English in the title of each new article.
  17. In fact, a lot of them. Michael told me a month ago that he already had about 600 cases. After that, he was able to update the STOPDecrypter 2 times. It is necessary to hope for the best, but do not forget that decoding is not always possible.
  18. H6T9 In this case, the identify ID Ransomware may be wrong, because extortionists specially selected similar items. Give me a note (here or in PM), I will immediately tell you who it was. Use the www.sendspace.com service to download the file and give us a link.
  19. Hello. This is new variant of STOP-Djvu Ransomware It is not yet in the decryption list. You ou need to leave a request to the developer of STOPDecryptor.
  20. It's good. It would be even better if the victim soon received the files back.
  21. Hello. Only info of extension is not enough. You need to upload the ransom note file from Ransomware (what is it named?), A few encrypted files for specialists to get some help on this issue. If the text of the note is small, you can insert it here, without changing anything.
  22. This is new variant of STOP-Djvu Ransomware It is not yet in the decryption list. You need to leave a request to the developer of STOPDecryptor.
  23. This is new variant of STOP-Djvu Ransomware This extension (.grovat) is in the decryption list, but your files are not can't decrypted yet. I checked. You need to leave a request to the developer of STOPDecryptor.
  24. This is new variant of STOP Ransomware (General description of all variants of STOP Ransomware + Translation into English) Support topic on Bleeping Computer >> STOPDecrypter has support for this extension of encrypted files since March 28. Regarding your particular case - you need to publish data in the support topic Bleeping computer.
  25. This is new variant of STOP Ransomware (General description of all variants of STOP Ransomware + Translation into English) Support topic on Bleeping Computer >> The STOPDecrypter is not yet configured for this variant. Wait for the news.
×
×
  • Create New...