clapton82 0 Posted March 27, 2018 Report Share Posted March 27, 2018 A ''sort' of Amnesia , because the 'mode' of attack , is typical of the Amnesia , same effects that are described here : https://www.cyber.nj.gov/threat-profiles/ransomware-variants/amnesia and the same ransom note file HOW TO RECOVER ENCRYPTED FILES.TXT , but with a different text (as you can see by the attached file),and different extension (all files are crypted with the .please extension). I tryed the Amnesia emsisoft decrypted, and it seems to work , attempting a brutal attack mode, but when key space exhausted, arrive at 100% an alert says that there is no possibility to decrypt that file ( the files in input are the same, same size , the oly difference is that one of those is crypted as suggested by the program manual). After a lot of reasearch on internet , im sure that is the Amnesia. It s only little bit different. There s someone that could help me please? Thank you! HOW TO RECOVER ENCRYPTED FILES.TXT Quote Link to post Share on other sites
stapp 152 Posted March 27, 2018 Report Share Posted March 27, 2018 It is recommended to upload a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with:https://id-ransomware.malwarehunterteam.com/ You can then paste a link to the results into a reply and an expert will review them. Quote Link to post Share on other sites
clapton82 0 Posted March 27, 2018 Author Report Share Posted March 27, 2018 I already uploaded the ransom note and infected file and the result is Scarab. https://id-ransomware.malwarehunterteam.com/identify.php?case=f731981637d0c487275fabf2a5b595db2aec71ba But the modus operandi of this ransonware is more similar to Amnesia than the Scarab one Quote Link to post Share on other sites
GT500 854 Posted March 27, 2018 Report Share Posted March 27, 2018 There's a version of Scarab that uses the .amnesia extension. It's not decryptable (at least not without somehow getting the private key from the criminals who made the ransomware). Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.