Sign in to follow this  
Darren Lau

id-ACDA3C4B.[[email protected]].java

Recommended Posts

This appears to be a variant of the Dharma/Cezar ransomware:
https://id-ransomware.malwarehunterteam.com/identify.php?case=64e9857cf7a6e8fc8015f598ddd9a96a98c2a299

In the case of ransomware like this, which uses secure encryption and generates new public/private keys for every computer it infects, usually there is no way to decrypt the files without getting the private key from the criminals who made the ransomware. You can try a tool such as ShadowExplorer, however ransomware like this usually deletes Volume Shadow Copies, so ShadowExplorer will usually find nothing. Even if the Volume Shadow Copies were not deleted, the odds of finding backup copies of files in them is pretty slim, since Windows would normally only leave backup copies of files in the Volume Shadow Copies if you were using Microsoft's own backup software for data backups (although sometimes the System Restore will save copies of files in the Volume Shadow Copies).
http://www.shadowexplorer.com/

In cases where the Volume Shadow Copies are deleted, then note that ransomware doesn't generally delete them securely, so it might be possible to use a file undelete utility to undelete the old Volume Shadow Copies, and then use ShadowExplorer to recover files, however this isn't necessarily straightforward to do (the computer will need to be running from a bootable disk to have write access to the "System Volume Information" folder, or the hard drive will need to be connected to another computer), and even if you can recover the old Volume Shadow Copies, as mentioned above the odds of there being backup copies of important files in them are low to begin with. Note that you may need to find a local computer technician who can assist you with this if you do want to try it.

Here's a link to a list of file recovery tools at Wikipedia:
https://en.wikipedia.org/wiki/List_of_data_recovery_software#File_Recovery

Share this post


Link to post
Share on other sites

Maybe i can help whit this .java files, send email **********. I have a program and a decryption key, i try download your file, but i can't, Emsisoft problem.

Edited by GT500
Removed e-mail address.

Share this post


Link to post
Share on other sites
17 hours ago, Akkudrak said:

Maybe i can help whit this .java files, send email **********. I have a program and a decryption key, i try download your file, but i can't, Emsisoft problem.

Please do not post here offering assistance. Please do not contact anyone privately to ask for or offer assistance. If there is a way for victims to recover their files without paying the ransom, then we will let them know.

If anyone wants to keep an eye out for whether or not a free decryption tool has been made available, then we recommend checking BleepingComputer's news feed, as they will almost certainly report on it:
https://www.bleepingcomputer.com/

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.