Recommended Posts

8 hours ago, KomendantAndrey said:

Dr.Web curiet found the next virus on my PC: Adware.ConvertAd.99

I very much doubt that that was the ransomware. Not just because of the name (adware is not ransomware), but also because most ransomware deletes itself once it is done encrypting files in order to try to make analysis more difficult.

 

8 hours ago, KomendantAndrey said:

All my files were crypted and now they have extention:  Formats.xls.[[email protected]].zoro

I suspect it's a variant of Dharma, however I recommend uploading a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with:
https://id-ransomware.malwarehunterteam.com/

You can paste a link to the results into a reply if you would like for me to review them.

Share this post


Link to post
Share on other sites
Quote

Trojan.Encoder.18000 V2

Yes, this is Scarab-Bin Ransomware. Andrey, See there the update of April 25, 2019. + My recommendation for the only decoding available now.
Это Scarab Ransomware. Андрей, см. там обновление от 25 апреля 2019 г. + Мой совет по единственной доступной расшифровке.

Share this post


Link to post
Share on other sites

Thanks Amido-A for your advice. 

I had correspondence with Dr.Web representatives. I provided them with original and encrypted files + registry upload. Unfortunately, they could not help me: (Therefore, I decided to ask for help from you. I will wait for good news that will help both me and other users who have suffered from this Ransomware.

Best regards

Andrew.

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.