Ricardo 0 Posted November 24, 2017 Report Share Posted November 24, 2017 Hi, i need help! any files are encrypted YOUR FILES ARE ENCRYPTED TO DECRYPT, FOLLOW THE INSTRUCTIONS To recover data you need decryptor. To get the decryptor you should: Send 1 crypted test image, text file or document to [email protected] (Or [email protected]) In the letter include your personal ID (look at the beginning of this document). We will give you the decrypted file and assign the price for decryption all files After we send you instruction how to pay for decrypt and after payment you will receive a decryptor and instructions We can decrypt one file in quality the evidence that we have the decoder. ranzan 1.png.black Quote Link to post Share on other sites
GT500 873 Posted November 24, 2017 Report Share Posted November 24, 2017 From the extension, it appears to be a variant of GlobeImposer 2.0:https://id-ransomware.malwarehunterteam.com/identify.php?case=d17f6d40394a9f95e75dd4e6ded3eae5637511c0 In the case of ransomware like this, which uses secure encryption and generates new public/private keys for every computer it infects, usually there is no way to decrypt the files without getting the private key from the criminals who made the ransomware. You can try a tool such as ShadowExplorer, however ransomware like this usually deletes Volume Shadow Copies, so ShadowExplorer will usually find nothing. Even if the Volume Shadow Copies were not deleted, the odds of finding backup copies of files in them is pretty slim, since Windows would normally only leave backup copies of files in the Volume Shadow Copies if you were using Microsoft's own backup software for data backups (although sometimes the System Restore will save copies of files in the Volume Shadow Copies).http://www.shadowexplorer.com/ In cases where the Volume Shadow Copies are deleted, then note that ransomware doesn't generally delete them securely, so it might be possible to use a file undelete utility to undelete the old Volume Shadow Copies, and then use ShadowExplorer to recover files, however this isn't necessarily straightforward to do (the computer will need to be running from a bootable disk to have write access to the "System Volume Information" folder, or the hard drive will need to be connected to another computer), and even if you can recover the old Volume Shadow Copies, as mentioned above the odds of there being backup copies of important files in them are low to begin with. Note that you may need to find a local computer technician who can assist you with this if you do want to try it. Here's a link to a list of file recovery tools at Wikipedia:https://en.wikipedia.org/wiki/List_of_data_recovery_software#File_Recovery Quote Link to post Share on other sites
Ricardo 0 Posted November 24, 2017 Author Report Share Posted November 24, 2017 oh my good Quote Link to post Share on other sites
GT500 873 Posted November 27, 2017 Report Share Posted November 27, 2017 I'm sorry I couldn't have better news for you. If nothing else, you can make a backup of the encrypted files, and wait and see if the master decryption keys get released or someone finds a vulnerability they can exploit some time in the future to decrypt the files. Quote Link to post Share on other sites
Ricardo 0 Posted November 29, 2017 Author Report Share Posted November 29, 2017 I'll wait for a solution Quote Link to post Share on other sites
Ricardo Ds 0 Posted December 4, 2017 Report Share Posted December 4, 2017 @Ricardo have you found a solution to decrypt the files? We are with the same problem here in Brazil. Quote Link to post Share on other sites
Ricardo 0 Posted December 4, 2017 Author Report Share Posted December 4, 2017 12 minutes ago, Ricardo Ds said: @Ricardo have you found a solution to decrypt the files? We are with the same problem here in Brazil. por enquanto ainda não... também sou do Brasil... Quote Link to post Share on other sites
GT500 873 Posted December 5, 2017 Report Share Posted December 5, 2017 I'm not aware of any new developments in regards to this particular ransomware, however please note that if there is any news about a way to decrypt your files that it will more than likely be published on BleepingComputer's news feed:https://www.bleepingcomputer.com/ 1 Quote Link to post Share on other sites
Ricardo 0 Posted December 7, 2017 Author Report Share Posted December 7, 2017 thank you! Quote Link to post Share on other sites
GT500 873 Posted December 8, 2017 Report Share Posted December 8, 2017 You're welcome. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.