Jump to content

.gate ransomware

Marsel
 Share Followers 1

Recommended Posts

Amigo-A

Amigo-A 161

Posted
Posted

Hello, Marsel

Identification does not end there. Sometimes automatic identification may be incorrect.
Therefore, adjustment and study is required.

Prior to our answer, we ask you not to look for any methods for decrypting the Internet. A lot of sites that offer download software solution, that "will do everything". THIS IS A LIE!

We continue to investigate files, even if we know that there is currently no way to decrypt.

I ask you to tell us the identification results and attach to your message 2-3 encrypted files and files with the ransom requirements. There should be 1 text file and one file with the extension hta or html.
Place them in the archive before attaching to the message.
If the file size is more than 10 megabytes, then use the www.sendspace.com service to upload the file there and give us a link to download and research.

Link to post
Share on other sites
Marsel

Marsel 0

Posted
  • Author
Posted

Hello and thank you for your reply

Below is a screenshoot from 

https://id-ransomware.malwarehunterteam.com/

For readme file i have only one file called : FILES ENCRYPTED.txt and inside the file is 

all your data has been locked us

You want return ?

write email [email protected]

image.png.700c21432bfc05e587f8889e58a8f9ce.png

The link below have 3 encrypted file

 

https://www.sendspace.com/filegroup/ycBF19qI8SZocJkdNdsSoe7rBtZK3%2FHR

 

Thanks

 

Attached are 2 files 

image.png

Link to post
Share on other sites
Amigo-A

Amigo-A 161

Posted
Posted

Marsel

Yes, now I can confirm this result.
In my article on Dharma Ransomware this extension occurs many times.
But it is not used as a separate item, but only as part of a group.

For your file ACE.dll.id-16B37617.[[email protected]].gate was used an compound extension .id-16B37617.[[email protected]].gate
Email [email protected] is an address of extortionists. 

This '16B37617' is your ID as victim of Ransomware.

This is a general pattern of Dharma Ransomware .id-<id>.[<email>].gate for encrypted files of version with extension .gate

Link to post
Share on other sites
Amigo-A

Amigo-A 161

Posted
Posted

Unfortunately, this is one of the successful extortionists and no one has yet been able to decrypt the current versions.

In the past, there have been cases of decrypting some variants, thanks to a leak of keys.

Link to post
Share on other sites
GT500

GT500 890

Posted
Posted
2 hours ago, Marsel said:

Ok, please if any of members find a solution , post it here. I wi keep all my encryptet files if in the futee anyone need to test

Thanks

Be careful. The criminals who created the ransomware are more likely to contact you with a "solution" than anyone else. Either that or a scam artist who will offer you a "solution", and ask you for money, but give you nothing in return.

Your best bet is to back up your files and wait until authorities and computer security companies are able to liberate the database of decryption keys from the criminals so that they can make a decryption tool.

Link to post
Share on other sites
  • 4 months later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Followers 1
Go to topic listing

  • Recently Browsing   0 members

    No registered users viewing this page.

Products & Services

Ransomware/Malware Removal

Partners

Resources

Company

© 2003-2021 Emsisoft - 07/25/2021 - Legal Notice - Terms - Bug Bounty - System Status - Privacy Policy

×
×
  • Create New...