Recommended Posts

     I request for your aid in the suggestion of what should I do since my pc has been affected by ransomware that I don't know. Please kindly give me some advice on what should i use to recover my files. They changed all my picture and videos into this format here are some pictures sample

57503788_385833412144400_3163944382231478272_n.jpg?_nc_cat=102&_nc_ht=scontent.fdac17-1.fna&oh=501f65109e22a432b0881981b930d47a&oe=5D37297E

58374982_893333064339464_13895920009609216_n.jpg?_nc_cat=101&_nc_ht=scontent.fdac17-1.fna&oh=aef20290621befb2cdfe28d1c233afc1&oe=5D44206F

57618468_667683313666907_8883524284178235392_n.jpg?_nc_cat=104&_nc_ht=scontent.fdac17-1.fna&oh=beead8d810c28af8c9cea285a3e95616&oe=5D3870AF

Share this post


Link to post
Share on other sites

I recommend uploading a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with:
https://id-ransomware.malwarehunterteam.com/

You can paste a link to the results into a reply if you would like one of our experts to review them.

Share this post


Link to post
Share on other sites

Hello. It is a pity that such a thing happened.

Instructions with your files.txt - is a note from Paradise Ransomware
The extension _c3tfsp_{[email protected]}.sambo added by Paradise Ransomware

UQSNORZLPD-MANUAL.txt - is a note from GandCrab 5.2 Ransomware
The extension with 10 characters - .uqsnorzlpd - added by GandCrab 5.2 Ransomware

Looking at the screenshots I can see that first your files were encrypted by Paradise Ransomware, and then the files were encrypted by GandCrab 5.2 Ransomware

 

Share this post


Link to post
Share on other sites

If this happened not the same day, then by the date of the files change you can determine the days of the attack.
Analysis of the date of the attack can help identify the weak link (who was working at the PC?) and properly configure the PC protection for the future.

If at the PC working you only, then you need to install a complex anti-virus product (e.g. Internet security at 1 month trial) in order to remove the remaining virus files and protect the PC from new attacks.
If there is unnamed anti-virus on your PC and no one has been disabled it before the attack, then you need to get rid of it, as soon as possible.

AV protection that cannot protect user's files from attacks from outside and even from his wrong actions and from illegitimate programs does not have the right to be on this PC.

 

Share this post


Link to post
Share on other sites
3 hours ago, Amigo-A said:

If this happened not the same day, then by the date of the files change you can determine the days of the attack.
Analysis of the date of the attack can help identify the weak link (who was working at the PC?) and properly configure the PC protection for the future.

If at the PC working you only, then you need to install a complex anti-virus product (e.g. Internet security at 1 month trial) in order to remove the remaining virus files and protect the PC from new attacks.
If there is unnamed anti-virus on your PC and no one has been disabled it before the attack, then you need to get rid of it, as soon as possible.

AV protection that cannot protect user's files from attacks from outside and even from his wrong actions and from illegitimate programs does not have the right to be on this PC.

 

yes the anti-virus i have been using was advance system care but my validity had ended two weeks ago i will be sure to change it, and do please look up a solution about it thank you very much

Share this post


Link to post
Share on other sites
5 hours ago, stapp said:

I recommend uploading a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with:
https://id-ransomware.malwarehunterteam.com/

You can paste a link to the results into a reply if you would like one of our experts to review them.

yes, then I will send them there then and thank you very much.

Share this post


Link to post
Share on other sites
Quote

yes, then I will send them there then and thank you very much.

Michael (dev of ID Ransomware) has already received a message from me and a link to this topic and has already tweeted

Share this post


Link to post
Share on other sites
23 hours ago, Amigo-A said:

Michael (dev of ID Ransomware) has already received a message from me and a link to this topic and has already tweeted

Thank you so much. I will wait for the solution you guys create thank you for your hard work.

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.