Morty

Stampado (I think) trying to decrypt.

Recommended Posts

Hi so a few days ago my PC got infected with ransomware, the first time I have ever seen it. I reacted very quickly when I saw the ransom screen pop up and tried to system restore. When that didn't work I immediately removed the virus without thinking to copy down the ID.

So I have been looking to decrypt my files that got locked. ID Ransomware says it's either Stampado or Philadelphia. I have tried running the Philadelphia decryptor multiple times with different files and it has not been able to find a key. Looking at screenshots of the ransom message I'm positive it's Stampado. Now my problem is I have no idea of finding out the ID. I checked the ransom note file and all other files it left behind on my PC and no ID! However it did leave me a file named   'recover my files'  it is an .exe. Will clicking that bring my window up that contains my ID? You guys would know better than I would and I'm not going to go starting up more sketchy exe files without a full backup and removal of all other storage devices.
I also still have the original rar files that contained the virus.

Any help would be so very much appreciated. Majority of the files that got locked are either backed up or not important but there are a few I would really like to have still, and I'd much rather win that lose here.

Thank you!!

Share this post


Link to post
Share on other sites

Hi Morty,

The 'recover my files.exe' is a 0 byte file. If it is Stampado, we will need the malware file, as without the ID we will not have much identifying what specific variant hit you.

Regards,

Sarah

Share this post


Link to post
Share on other sites

Hi Sarah

Okay I wasn't sure what the deal was with that file thank you for clearing that up for me. I have attached the .7z with the file I believe caused the infection.
Again thank you so much for your help!

Ransom.7z

Share this post


Link to post
Share on other sites

Hi Morty,

Sorry about the delay, took a little while to add what we needed, but please download the newest version of the decrypter .

You will need to go to options and insert Wosar is a pig dancing on the wardrobe. as the salt (needs to be exactly this), and [email protected] as the email. Then click calculate for the ID. 

After that, you can return to the Decrypter tab and then click decrypt.

Regards,

Sarah

Share this post


Link to post
Share on other sites

Hi Sarah

I ran the decrypter and majority of the files were successfully decrypted!
Thank you so much for all the help I really do appreciate it. I will send an email in regards of sending a donation, you guys rock.

 

Share this post


Link to post
Share on other sites

Hi Morty,

I'm glad we could help, let me know if there were any issues with some files not decrypting properly.

A good backup procedure is very important and well worth the investment. As a note, Emsisoft Anti-Malware would have prevented your system from being compromised and encrypted in the first place. So if you appreciate our support, why not do yourself and your files a favour and check our product out, and consider buying it.

Regards,

Sarah

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.