Marsel 0 Posted May 8, 2019 Report Share Posted May 8, 2019 Hello 2 days before all my files are encrypted with a .gate ransomware Anybody has any idea how to decrypt ? Regards Quote Link to post Share on other sites
stapp 153 Posted May 8, 2019 Report Share Posted May 8, 2019 It is recommended to upload a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with to this site here:https://id-ransomware.malwarehunterteam.com/ You can paste a link to the results into a reply if you would like one of our experts to review them. Quote Link to post Share on other sites
Amigo-A 136 Posted May 8, 2019 Report Share Posted May 8, 2019 Hello, Marsel Identification does not end there. Sometimes automatic identification may be incorrect. Therefore, adjustment and study is required. Prior to our answer, we ask you not to look for any methods for decrypting the Internet. A lot of sites that offer download software solution, that "will do everything". THIS IS A LIE! We continue to investigate files, even if we know that there is currently no way to decrypt. I ask you to tell us the identification results and attach to your message 2-3 encrypted files and files with the ransom requirements. There should be 1 text file and one file with the extension hta or html. Place them in the archive before attaching to the message. If the file size is more than 10 megabytes, then use the www.sendspace.com service to upload the file there and give us a link to download and research. Quote Link to post Share on other sites
Marsel 0 Posted May 8, 2019 Author Report Share Posted May 8, 2019 Hello and thank you for your reply Below is a screenshoot from https://id-ransomware.malwarehunterteam.com/ For readme file i have only one file called : FILES ENCRYPTED.txt and inside the file is all your data has been locked us You want return ? write email [email protected] The link below have 3 encrypted file https://www.sendspace.com/filegroup/ycBF19qI8SZocJkdNdsSoe7rBtZK3%2FHR Thanks Attached are 2 files Quote Link to post Share on other sites
Amigo-A 136 Posted May 8, 2019 Report Share Posted May 8, 2019 Marsel Yes, now I can confirm this result. In my article on Dharma Ransomware this extension occurs many times. But it is not used as a separate item, but only as part of a group. For your file ACE.dll.id-16B37617.[[email protected]].gate was used an compound extension .id-16B37617.[[email protected]].gate Email [email protected] is an address of extortionists. This '16B37617' is your ID as victim of Ransomware. This is a general pattern of Dharma Ransomware .id-<id>.[<email>].gate for encrypted files of version with extension .gate Quote Link to post Share on other sites
Amigo-A 136 Posted May 8, 2019 Report Share Posted May 8, 2019 Unfortunately, this is one of the successful extortionists and no one has yet been able to decrypt the current versions. In the past, there have been cases of decrypting some variants, thanks to a leak of keys. Quote Link to post Share on other sites
Marsel 0 Posted May 8, 2019 Author Report Share Posted May 8, 2019 Ok, please if any of members find a solution , post it here. I wi keep all my encryptet files if in the futee anyone need to test Thanks Quote Link to post Share on other sites
GT500 873 Posted May 8, 2019 Report Share Posted May 8, 2019 2 hours ago, Marsel said: Ok, please if any of members find a solution , post it here. I wi keep all my encryptet files if in the futee anyone need to test Thanks Be careful. The criminals who created the ransomware are more likely to contact you with a "solution" than anyone else. Either that or a scam artist who will offer you a "solution", and ask you for money, but give you nothing in return. Your best bet is to back up your files and wait until authorities and computer security companies are able to liberate the database of decryption keys from the criminals so that they can make a decryption tool. Quote Link to post Share on other sites
numankilkil 0 Posted September 14, 2019 Report Share Posted September 14, 2019 Never pay to [email protected]! They always want extra money after first payment. Quote Link to post Share on other sites
GT500 873 Posted September 17, 2019 Report Share Posted September 17, 2019 On 9/14/2019 at 9:07 AM, numankilkil said: Never pay to [email protected]! They always want extra money after first payment. Yes, once you give the criminals your e-mail address, they could continue to try to extort money from you. It's best to never contact them yourself. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.