Recommended Posts

I think a ransomware infected my files which is encrypted and I think the name of this ransomware is Ferosas, I've researched through the net thoroughly but hard luck of finding a decrypter for this new ransomware. If anyone has experienced the same way I did and recovered all your encrypted files, please do so offer some strategies or some help. I really need my files back though.

Share this post


Link to post
Share on other sites

Hello, Hirudineaxxx

Hello, cesar_dotmap

We are pity this happened.

I can say that probably STOP Ransomware encrypted your files. Extension .ferosas and .dotmap is  his new variants. 

Special service  ID Ransomware  can confirm this fact, and can let you know if STOPDecrypter can recover your files. 

---

Before you decrypt the files, you need to make sure that there is neither this infection nor any other infection on the PC. We have seen cases when those who suffered from previous versions STOP Ransomware successfully decrypted files, but then they were attacked by the same encryptor, which encrypted files with a different extension, and used an encryption key that cannot be calculated. In punishment for haste and complacency, the user lost his files a second time and, possibly, forever.

As experience shows, very often after encryption on a PC, this or another infection remains, which you could get together with the encryptor.
Malicious programs often work in groups: trojans of a different type, password hijackers, backdoors, dormant malware, dangerous browser plugins.
Therefore, I advise you to check your PC for active and dormant malware. This can be done here in the forum in the next section.

You can also download the free tool Emsisoft Emergency Kit yourself and check the computer.

Share this post


Link to post
Share on other sites

After checking the PC (or only folders with encrypted files), you can use the free tool to decrypt files - STOPDecrypter (link)

This process should be approached with caution. Read the attached text file.
Due to the nature of encryption, only files that are encrypted with offline keys can be decrypted.
We recommend that you make a test decryption of a small number of encrypted files and make copies of them in advance.

---

If STOPDecrypter can't recover your files, then note that it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter:
https://kb.gt500.org/stopdecrypter 

Received information you need insert into your new message. 

I hope that you still get lucky return your files.

Share this post


Link to post
Share on other sites

As Amigo-A said, that is more than likely a variant of the STOP ransomware. ID Ransomware can confirm that, and can let you know if STOPDecrypter can recover your files. Here's a link to ID Ransomware:
https://id-ransomware.malwarehunterteam.com/

If STOPDecrypter can't recover your files, then note that it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter:
https://kb.gt500.org/stopdecrypter

 

Also, while most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums):
https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/

Note: If anything that appears suspicious is found in your logs, then your post will be split into a new topic to facilitate better communication between you and whoever is assisting you. We'll also try to make sure that you are following the new topic so that you receive e-mail notifications when someone replies to it.

  • Thanks 1

Share this post


Link to post
Share on other sites

Can you help me?

My computer had virus Ransomware, It had changed rename file .chech extension

Share this post


Link to post
Share on other sites

Hung

Hello. This is also the result of the STOP Ransomware attack.

See my posts above and post GT500 - in the same order. This also applies to your case.

On the advice of the support service, a new recommendation was made for the case, like yours. This is here.

It's best to check and make sure that no malware  components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums):
https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ 

Note: If anything that appears suspicious is found in your logs, then your post will be moved into a new topic to facilitate better communication between you and whoever is assisting you. We'll also try to make sure that you are following the new topic so that you receive e-mail notifications when someone replies to it.

Let us know about the results.

Share this post


Link to post
Share on other sites

WELA

Hello. This is also the result of the STOP Ransomware attack. 

The variant with .forasom extension was spreaded before (since May 6, 2019)

See my posts above and post GT500 - in the same order. This also applies to your case.

Share this post


Link to post
Share on other sites
13 hours ago, WELA said:

Could you help me?

My data has lost by .forasom? I really need your help, thank you 

 

See the quoted information below:

On 5/21/2019 at 11:16 PM, GT500 said:

As Amigo-A said, that is more than likely a variant of the STOP ransomware. ID Ransomware can confirm that, and can let you know if STOPDecrypter can recover your files. Here's a link to ID Ransomware:
https://id-ransomware.malwarehunterteam.com/

If STOPDecrypter can't recover your files, then note that it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter:
https://kb.gt500.org/stopdecrypter

 

Also, while most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums):
https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/

Note: If anything that appears suspicious is found in your logs, then your post will be split into a new topic to facilitate better communication between you and whoever is assisting you. We'll also try to make sure that you are following the new topic so that you receive e-mail notifications when someone replies to it.

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.