Ernestorem

Amnesia Infection

Recommended Posts

necesito ayuda para desencryptar  ransonware nuevo!!!

Your files are now encrypted!

-----BEGIN PERSONAL IDENTIFIER-----
6A02000000000000D3E9BF3D1D928911803008045BE2E7E8BF3137EA184703C7B1C4727ABC37BAA571394BF8F6B97BB467AF
4D8D5779F56D98EBC23226C88B9EC93432473E9ADD74EBD4D4552C9AE71DB75B558694497127568F4A6AF6E6AC28D75E1A44
8D04D2C2AAADECD62288625FC96E46A37491B5FBC270296EABDB9E4ACB191E090757E6B998ABA2440B3B636B4232B3E7393A
B5C76614A571D9068543D95FAA939522B2326C6FE731A0F96BF993C5D2B4CB482D9D22837EE33441B7CEF7EF0C5C2B2530AD
EB4006B4091B438C16C01732B4B1A36D9F5CCF7B10E6B229551E204C9256D76D4934AF404A5AFC3AFE2AD24EC5261349A1B9
35E3A8BCB00A331A7DE485520EF0441428B750C32933B3BE67E0C45498F4513404627ED349592D87814BA8C15BC784ED86CE
D1A5C801C312C07E969BD5909B23C486263852C2D107
-----END PERSONAL IDENTIFIER-----

All your files have been encrypted due to a security problem with your PC.

Now you should send us email with your personal identifier.
This email will be as confirmation you are ready to pay for decryption key.
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us.
After payment we will send you the decryption tool that will decrypt all your files. 

Contact us using this email address: [email protected]
If you don't get a reply or if the email dies, then contact us using Bitmessage.
Register it form here: https://bitmessage.org/
Run it, click New Identity and then send us a message at BM
BM-2cVXsen2VfP29zQmAF2F5xf9cWbKBxUzVC
Free decryption as guarantee!
Before paying you can send us up to 3 files for free decryption.
The total size of files must be less than 10Mb (non archived), and files should not contain
valuable information (databases, backups, large excel sheets, etc.).

                                                                                                  
  How to obtain Bitcoins?                                                                         
 * Create a Bitcoin purse: https://blockchain.info/wallet/new                                                                                        
 * The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click             
   'Buy bitcoins', and select the seller by payment method and price:                             
  https://localbitcoins.com/buy_bitcoins   (Visa/MasterCard, Perfect Money, WU etc.)                                                     
 * Also you can find other places to buy Bitcoins and beginners guide here:                       
    http://www.coindesk.com/information/how-can-i-buy-bitcoins                                  

                                                                                                  
 Attention!                                                                                       
                                                                                                  
 * Do not rename encrypted files.                                                                 
 * Do not try to decrypt your data using third party software, it may cause permanent data loss.  
 * Decryption of your files with the help of third parties may cause increased price              
   (they add their fee to our) or you can become a victim of a scam. 

8czsbchhEXWgisDXaLve0hUC9DEhkrfEkNI0b+SYGFbqc3Fn09RW=KYqXiOIWopez9sXE6vOzsmD8U+swKNmlQ.amnesia

Edited by GT500
Added ransom note to code box.

Share this post


Link to post
Share on other sites

This looks like a variant of Scarab that is using the .amnesia extension:
https://id-ransomware.malwarehunterteam.com/identify.php?case=af6b14482e56f5eb7036a06e4d29234e3bb6fcd8

Scarab uses secure encryption, and in the case of ransomware like this, which uses secure encryption and generates new public/private keys for every computer it infects, usually there is no way to decrypt the files without getting the private key from the criminals who made the ransomware. You can try a tool such as ShadowExplorer, however ransomware like this usually deletes Volume Shadow Copies, so ShadowExplorer will usually find nothing. Even if the Volume Shadow Copies were not deleted, the odds of finding backup copies of files in them is pretty slim, since Windows would normally only leave backup copies of files in the Volume Shadow Copies if you were using Microsoft's own backup software for data backups (although sometimes the System Restore will save copies of files in the Volume Shadow Copies).
http://www.shadowexplorer.com/

In cases where the Volume Shadow Copies are deleted, then note that ransomware doesn't generally delete them securely, so it might be possible to use a file undelete utility to undelete the old Volume Shadow Copies, and then use ShadowExplorer to recover files, however this isn't necessarily straightforward to do (the computer will need to be running from a bootable disk to have write access to the "System Volume Information" folder, or the hard drive will need to be connected to another computer), and even if you can recover the old Volume Shadow Copies, as mentioned above the odds of there being backup copies of important files in them are low to begin with. Note that you may need to find a local computer technician who can assist you with this if you do want to try it.

Here's a link to a list of file recovery tools at Wikipedia:
https://en.wikipedia.org/wiki/List_of_data_recovery_software#File_Recovery

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.