Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by Thurmus

  1. Thanks gents for casting an eye over this for me. I will keep an eye out for any updates but I believe with how BigBobRoss works and the fact the victim machine had internet access that the likelyhood of decrypting is remote. Would this be fair to say?
  2. Hi guys and girls, I am wondering if you can assist me with a server that has become encrypted. All of the files have had .cheetah added at the end and [id=XXXXXXXX] appended. I have tried a couple of online ID sites. One of them detects it as BigBobRoss but your and Avast's decrypting tool do not work with either a before and after file or the ransom note. The EEK Kit and a site which checks against multiple vendors detects it as Gen:Variant.Ransom.Stop.2 and a couple of other types. I have saved the following which are available at the link below as I couldn't work out how to attach them as per your guide.: 1. A zipped before and after file 2. The EEK and FRST logs zipped 3. A copy of the encryption message text file 4. The file that the EEK kit detected as infected zipped 5. A screen shot from the multi-site detection 6. A screen shot of the MAC address information https://1drv.ms/f/s!AvxCaWVUudYwvTPFX9Huw5ZRP0Z6 Thanks in advance for your time.
  • Create New...