KomendantAndrey Posted May 2, 2019 Report Share Posted May 2, 2019 Hi. All my files were crypted and now they have extention: Formats.xls.[[email protected]].zoro Dr.Web curiet found the next virus on my PC: Adware.ConvertAd.99 I have original files for some crypted files if needed. Can you halp me? Regards, Andrew. Link to comment Share on other sites More sharing options...
GT500 Posted May 2, 2019 Report Share Posted May 2, 2019 8 hours ago, KomendantAndrey said: Dr.Web curiet found the next virus on my PC: Adware.ConvertAd.99 I very much doubt that that was the ransomware. Not just because of the name (adware is not ransomware), but also because most ransomware deletes itself once it is done encrypting files in order to try to make analysis more difficult. 8 hours ago, KomendantAndrey said: All my files were crypted and now they have extention: Formats.xls.[[email protected]].zoro I suspect it's a variant of Dharma, however I recommend uploading a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with:https://id-ransomware.malwarehunterteam.com/ You can paste a link to the results into a reply if you would like for me to review them. Link to comment Share on other sites More sharing options...
KomendantAndrey Posted May 3, 2019 Author Report Share Posted May 3, 2019 21 hours ago, KomendantAndrey said: [[email protected]x.de].zoro Done. Link on result - https://id-ransomware.malwarehunterteam.com/identify.php?case=3bdfb323713647ce376f2c7afaf826612e8e0ec4 Link to comment Share on other sites More sharing options...
Amigo-A Posted May 3, 2019 Report Share Posted May 3, 2019 Quote Trojan.Encoder.18000 V2 Yes, this is Scarab-Bin Ransomware. Andrey, See there the update of April 25, 2019. + My recommendation for the only decoding available now. Это Scarab Ransomware. Андрей, см. там обновление от 25 апреля 2019 г. + Мой совет по единственной доступной расшифровке. Link to comment Share on other sites More sharing options...
GT500 Posted May 3, 2019 Report Share Posted May 3, 2019 10 hours ago, KomendantAndrey said: Done. Link on result - https://id-ransomware.malwarehunterteam.com/identify.php?case=3bdfb323713647ce376f2c7afaf826612e8e0ec4 As far as I know, Amigo-A's recommendation is the only way to potentially decrypt files that have been encrypted by this variant of Scarab. Link to comment Share on other sites More sharing options...
KomendantAndrey Posted May 6, 2019 Author Report Share Posted May 6, 2019 Thanks Amido-A for your advice. I had correspondence with Dr.Web representatives. I provided them with original and encrypted files + registry upload. Unfortunately, they could not help me: (Therefore, I decided to ask for help from you. I will wait for good news that will help both me and other users who have suffered from this Ransomware. Best regards Andrew. Link to comment Share on other sites More sharing options...
Recommended Posts