Recommended Posts

On 11/15/2018 at 3:34 PM, GT500 said:

I recommend uploading a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with:
https://id-ransomware.malwarehunterteam.com/

You can paste a link to the results into a reply if you would like for me to review them.

Hi GT500;

     I also have being attacked by this same virus and all my system is encrypted and inaccessible.  I am desperately in need of some help in decrypting my files as I have checked on your existing decrytor and havent found a matching one for this file type. 

    Please help.  much appreciated.

!readme.txt

Anyhour_vpn_access.txt - Copy.DATAWAIT

vpn_access.txt.DATAWAIT

Share this post


Link to post
Share on other sites

I did some searching for information on decrypting files, however I wasn't able to find anything. I've asked some ransomware decryption experts to see what can be done.

Share this post


Link to post
Share on other sites

I thank you soo much GT500 for you pushing this along for me, much appreciated, as this virus has wiped out 5 computer worth of data files and documents.  Unfortunately my backup (passport drive) external disk as attached to the machine and it got encrypted as well.  So now i have nothing .

Share this post


Link to post
Share on other sites

I was told that this was more than likely an alternate extension used by SaveFiles:
https://www.bleepingcomputer.com/news/security/fallout-exploit-kit-pushing-the-savefiles-ransomware/

There doesn't appear to be a known way to decrypt files without first obtaining the private key from the criminals who made/distributed the ransomware.

Share this post


Link to post
Share on other sites

If the topic-starter or other victims will again see this topic.

Variants STOP Ransomware with extensions .DATAWAIT, .INFOWAIT can be decrypted in Dr.Web in private request. 

Share this post


Link to post
Share on other sites
2 hours ago, Amigo-A said:

Variants STOP Ransomware with extensions .DATAWAIT, .INFOWAIT can be decrypted in Dr.Web in private request. 

Just note that Dr.Web only offers assistance decrypting files for customers who have a license key for their business Anti-Virus software.

Share this post


Link to post
Share on other sites

No. This is not entirely true. This is the oldest service. More than 10 years, at least. I don't remember who started to provide it before. At first it was free tools and we could download them.
Over time, as you know, coders became more difficult and shrewd. The computing power of computers and employees cannot always used without payment.
They offer help to anyone who wants to get this help.
User send files, specialists check if they can decrypt, then inform users that the files can be decrypted. When a user pays for a recovery package, he receives a personalized decryptor (decoder).

How much does this service cost?
The actual decryption by Dr.Web experts is free, but to get the decryption key and decrypt all files, you need to get a Rescue Pack (rescue package), which includes Dr.Web Security Space's licensed anti-virus protection for 2 years.
For users from Russia, the package price is 5299 rubles, and for foreigners - 150 € (euro). The service without the rescue package of Dr.Web is not available. 

I personally have nothing to do with this. Any of my help to those who are affected from Ransomware is provided without any conditions and free of charge. 

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.