willyG

my pc was infected from downloading a file containing malware

Recommended Posts

my pc is windows 7 64bit. whlie i was using my pc yesterday and suddenly all my installed application disappeared with a .STOPDATA extension. and a Ransome note "!!!RESTORE_DATA!!!.txt  

the note said "All your important files were encrypted on this PC.All files with .STOPDATA extension are encrypted.Encryption was produced using unique private key RSA-1024 generated for this computer.To decrypt your files, you need to obtain private key + decrypt software.To retrieve the private key and decrypt software, you need to contact us by email [email protected] send us an email your !!!RESTORE_DATA!!!.txt file and wait for further instructions.For you to be sure, that we can decrypt your files - you can send us a 1-3 any not very big encrypted files and we will send you back it in a original form FREE.Price for decryption $200 if you contact us first 72 hours.Your personal id:pSRcFGQdBDYBZfaO5DLNLgmF9mFF5Rh84GyYTcW5E-mail address to contact us:[email protected] e-mail address to contact us:[email protected] "

so far i have tried booting my pc in safe mode and delete my temp files, i have deleted some suspicious files in my roaming folder in app data, deleted some entries in 'host' file in windows and also tried restoring my data but i had no backup so i couldnt do that. 

i am not sure if the malware is removed and also need help decrypt my data. 

i am willing to provide any further information about the situation to fix and retrieve my data 

please help

 

 

 

 

Share this post


Link to post
Share on other sites

Without being able to see the ransom note or a copy of an encrypted file, it might be this ransomware:
https://id-ransomware.malwarehunterteam.com/identify.php?case=f56be9d715b0578fb0b0680d587a5d7e2ec020c7

That guess is based entirely on one of the e-mail addresses you posted, and it may be an e-mail address that the criminal behind the ransomware has reused for more than one ransomware distribution campaign, meaning it may not be the same ransomware that ID Ransomware flagged.

Share this post


Link to post
Share on other sites

It looks like that is more than likely the STOP ransomware. Unfortunately it doesn't looks like there's any way for us to help you decrypt the files.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.