Recommended Posts

Hello. It is a pity that this happened ...

I know that the extortionists who use this email and this extension, previously extorted money in another Ransomware-projects.

Where they do it now, I only guess...  With your help we will known out it.

You need to collect different versions of the ransom notes, if you have suffered from 2-3 encryptors.

You also need to collect different encrypted files with different extensions and endings in the name (2-3).

All that I called, attach to your post. We will look at this to advise you on some solution.

Share this post


Link to post
Share on other sites

According to standard, also you need to upload a copy of every ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with to this site here: https://id-ransomware.malwarehunterteam.com/

You can paste a link to the results would like of we to review them and compare.
Sometimes different or incorrect results are possible, because attackers try to deceive ID Ransomware.

Therefore, when multi-encrypting, it is important to use the correct pair — a ransom note and an encrypted file.

I will help you with this.

Share this post


Link to post
Share on other sites
5 hours ago, Aprilianus Eldo said:

I need help, someone doing ransomware to my files, all files become .kiratos extension, he told me to send payment to @india email, pls reply this

 

This may be a case of more than one ransomware. Please attach copies of any ransom notes to a reply, along with an encrypted file, and we will take a look at them.

.kiratos implies a newer variant of the STOP/Djvu ransomware, and it _may_ be possible for Demonslay335 to help figure out your decryption key for you. I recommend following the instructions at the link below, and then sending the information it has you gather directly to Demonslay335 to expedite the process:
https://kb.gt500.org/stopdecrypter

Note that the e-mail address [email protected] is usually associated with another ransomware (Cry36 for instance), and even if Demonslay335 is able to figure out your decryption key for the STOP/Djvu ransomware the odds of being able to reverse the encryption from the other ransomware are not good.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.