bryanclemente

External Hard Drives Are Infected By Ransomware!

Recommended Posts

Hi!

I was infected by Ransomware last month. And I thought my local hard drive is the only one infected. But unfortunately, my external hard drives that are connected are also infected.

Please help... I'm willing to spend time and follow instructions this time. The name of the ransomware is .promoz.

Thank you for the big help!

FRST.txt Addition.txt FRAME 2.jpg.promoz _readme.txt

Share this post


Link to post
Share on other sites

I recommend uploading a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with:
https://id-ransomware.malwarehunterteam.com/

You can paste a link to the results into a reply if you would like one of our experts to review them.

Share this post


Link to post
Share on other sites

That's a variant of the STOP ransomware:
https://id-ransomware.malwarehunterteam.com/identify.php?case=1f114e09723aff0219904a02fac3b34e2fd10da6

Your ID doesn't appear to be an offline ID, so the chances of being able to decrypt your files is slim. That being said, if you download STOPDecrypter from the following link, run it, and copy and paste the ID and MAC it gives you into a reply then I can forward them to the create of STOPDecrypter in case he is able to figure out your decryption key at some point in the future:
https://download.bleepingcomputer.com/demonslay335/STOPDecrypter.zip

Share this post


Link to post
Share on other sites

Hi @stapp, here's the result. 

1 Result

STOP (Djvu)

 This ransomware may be decryptable under certain circumstances.

Please refer to the appropriate guide for more information.

Identified by

  • ransomnote_email: [email protected]
  • sample_extension: .promoz
  • sample_bytes: [0x35061 - 0x3507B] 0x7B33364136393842392D443637432D344530372D424538322D3045433542313442344446357D

 

Click here for more information about STOP (Djvu)

Share this post


Link to post
Share on other sites

Hi @GT500,

I want to try this but is it safe to do it on my working pc? Cause, I read that it's pretty dangerous to try this as if it fails it might damage my files.

Should I do it on a usb and a different pc that won't affect any files? I want to try doing this on my Mac since I just reformatted it but I don't think there's a Mac version for this. Right?

I just want to know the safety measures in trying this. Thank you @GT500!

Share this post


Link to post
Share on other sites
9 hours ago, bryanclemente said:

I want to try this but is it safe to do it on my working pc? Cause, I read that it's pretty dangerous to try this as if it fails it might damage my files.

It won't try to decrypt your files if it can't find a key for your ID, and I'm about 90% certain it won't have a key for your ID, so as long as you don't try to manually enter a key then your files shouldn't remain unaffected.

 

9 hours ago, bryanclemente said:

Should I do it on a usb and a different pc that won't affect any files?

You should be able to do that if you want to. I think all you need is a copy of an encrypted file and the ransom note for the decrypter to get the ID from.

 

9 hours ago, bryanclemente said:

I want to try doing this on my Mac since I just reformatted it but I don't think there's a Mac version for this. Right?

You are correct that there is no Mac version. If you want to do it on your Mac, then you'd have to use a Virtual Machine to run Windows on the Mac.

Share this post


Link to post
Share on other sites

@GT500

Okay, I'll try do this. Hopefully, it'll work.

So my best chances of decrypting this is by trying this and waiting for the future decrypting tool.

If ever where can I follow up the future decrypting tool?

Share this post


Link to post
Share on other sites
12 hours ago, bryanclemente said:

So my best chances of decrypting this is by trying this and waiting for the future decrypting tool.

You won't need a new decryption tool, you'll just need a decryption key to enter into STOPDecrypter so that it can decrypt your files.

 

12 hours ago, bryanclemente said:

If ever where can I follow up the future decrypting tool?

If the creator of STOPDecrypter is ever able to figure out your decryption key, then either he will contact you directly, or he'll let me know and I'll contact you.

Share this post


Link to post
Share on other sites
On 4/11/2019 at 1:39 AM, GT500 said:

If the creator of STOPDecrypter is ever able to figure out your decryption key, then either he will contact you directly, or he'll let me know and I'll contact you.

Does he knows about our conversation? or can I contact him?

Share this post


Link to post
Share on other sites
On 4/13/2019 at 1:28 PM, bryanclemente said:

Does he knows about our conversation? or can I contact him?

He'll know about our conversation when I send him your ID and MAC. Once he has that information, he'll be able to contact you if he figures out your decryption key.

Share this post


Link to post
Share on other sites
On 4/16/2019 at 2:06 AM, GT500 said:

He'll know about our conversation when I send him your ID and MAC. Once he has that information, he'll be able to contact you if he figures out your decryption key.

Alright!! Thank you so much Sir!

Share this post


Link to post
Share on other sites

You're welcome.

If you need any help with the instructions, then let me know. If you'd prefer to post your ID and MAC address on BleepingComputer as mentioned in the instructions, then feel free to do so.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.