ARNEST 0 Report post Posted May 23 My files are encrypted by ransomware (.radman). Personal ID: 086Hjh74389hUSf8bwVJLrUFtzutHXui1MCvtQw7baY8jcfIt3avTOVz I tried with all decryptors but was unsuccessful. Please help me decrypt my files. Quote Share this post Link to post Share on other sites
GT500 559 Report post Posted May 23 17 hours ago, ARNEST said: Personal ID: 086Hjh74389hUSf8bwVJLrUFtzutHXui1MCvtQw7baY8jcfIt3avTOVz That's an online ID, so we'll need the MAC addresses from the infected computer as well. You can use STOPDecrypter to get that information. Here's a link to instructions:https://kb.gt500.org/stopdecrypter Also note that while most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums):https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ Note: If anything that appears suspicious is found in your logs, then your post will be moved into a new topic to facilitate better communication between you and whoever is assisting you. We'll also try to make sure that you are following the new topic so that you receive e-mail notifications when someone replies to it. Quote Share this post Link to post Share on other sites
Haroldo 0 Report post Posted May 24 (edited) Meus arquivos são criptografados pelo ransomware (.radman). Identificação: ] ID: Hyz6gHZojIX9FB4gjXNrEeVormifAm7taiModiPA (.radman ) Mac: 40:16:7E:7B:B8:8F Eu tentei com todas as decryptors, mas não teve sucesso. Por favor me ajude a decifrar meus arquivos. [+] Arquivo: C:\Users\gheng\Desktop\Nova pasta\006 - capítulos FISICO FINANCEIRO.xlsx.radman [-] nenhuma chave para ID: Hyz6gHZojIX9FB4gjXNrEeVormifAm7taiModiPA (.radman) 0 dados decodificados! Arquivos ignorados 1. [!] Sem chaves foram encontradas para as seguintes identificações: [*] ID: Hyz6gHZojIX9FB4gjXNrEeVormifAm7taiModiPA (.radman) por favor arquivar essas identificações e os seguintes endereços de MAC, em caso de futura descriptografia: [*] MACs: 40:16:7E:7B:B8:8F Esta informação também foi registrada para STOPDecrypter-log. txt Edited May 25 by GT500 Removed quote box. Quote Share this post Link to post Share on other sites
ARNEST 0 Report post Posted May 24 (edited) Thanks GT500. I followed your advice. [!] No keys were found for the following IDs: [*] ID: bwVJLrUFtzutHXui1MCvtQw7baY8jcfIt3avTOVz (.radman ) Please archive these IDs and the following MAC addresses in case of future decryption: [*] MACs: 82:C5:F2:71:83:C3, 80:C5:F2:71:83:C3, 80:C5:F2:71:83:C2 This info has also been logged to STOPDecrypter-log.txt Edited May 24 by ARNEST More information Quote Share this post Link to post Share on other sites
ARNEST 0 Report post Posted May 24 [!] No keys were found for the following IDs: [*] ID: bwVJLrUFtzutHXui1MCvtQw7baY8jcfIt3avTOVz (.radman ) Please archive these IDs and the following MAC addresses in case of future decryption: [*] MACs: 82:C5:F2:71:83:C3, 80:C5:F2:71:83:C3, 80:C5:F2:71:83:C2 This info has also been logged to STOPDecrypter-log.txt Quote Share this post Link to post Share on other sites
GT500 559 Report post Posted May 25 21 hours ago, Haroldo said: [!] Sem chaves foram encontradas para as seguintes identificações: [*] ID: Hyz6gHZojIX9FB4gjXNrEeVormifAm7taiModiPA (.radman) por favor arquivar essas identificações e os seguintes endereços de MAC, em caso de futura descriptografia: [*] MACs: 40:16:7E:7B:B8:8F Esta informação também foi registrada para STOPDecrypter-log. txt I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future. 5 hours ago, ARNEST said: [!] No keys were found for the following IDs: [*] ID: bwVJLrUFtzutHXui1MCvtQw7baY8jcfIt3avTOVz (.radman ) Please archive these IDs and the following MAC addresses in case of future decryption: [*] MACs: 82:C5:F2:71:83:C3, 80:C5:F2:71:83:C3, 80:C5:F2:71:83:C2 This info has also been logged to STOPDecrypter-log.txt I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future. Quote Share this post Link to post Share on other sites
ARNEST 0 Report post Posted May 26 ANY NEWS MR GT500 OF A SOLUTION TO MY PROBLEM... Quote Share this post Link to post Share on other sites
Amigo-A 11 Report post Posted May 26 ARNEST Please, be patient. Support specialists may not respond during the weekend. This is indicated in the forum rules. The solution of the problem may come not very quickly. Do not depart from the topic, it is important for you, wait for the answer of the specialist and the final decision. Quote Share this post Link to post Share on other sites
GT500 559 Report post Posted May 27 11 hours ago, ARNEST said: ANY NEWS MR GT500 OF A SOLUTION TO MY PROBLEM... If there is any news, you should be contacted privately by someone with the screen name Demonslay335. Quote Share this post Link to post Share on other sites
[email protected] 0 Report post Posted May 30 Dear GT500, I have some a problem in the same, my files on PC have been encrypted by ransomware (.radman extension) I send you the information regarding log files form StOPDecrypter tool and FRST program and please see the attached files. Here is my troubleshooting 1. I have format drive C and installed new windows OS, I accidentally did it. 2. But my files on PC, it has still been encrypted. (radman extension). please help me solve a problem or do you have any suggestion. Thank you very much. Addition.txt FRST.txt STOPDecrypter-log.txt Quote Share this post Link to post Share on other sites
GT500 559 Report post Posted May 30 @[email protected] I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future. As for your FRST logs, at first glance they appear clean. Certainly no leftovers from STOP/Djvu, so you don't have to worry about that at least. Recovery of files will take some time. Right now, in the vast majority of cases, the maker of STOPDecrypter will contact you privately when he is able to figure out your decryption key. Quote Share this post Link to post Share on other sites
[email protected] 0 Report post Posted June 1 On 5/31/2019 at 3:48 AM, GT500 said: @[email protected] I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future. As for your FRST logs, at first glance they appear clean. Certainly no leftovers from STOP/Djvu, so you don't have to worry about that at least. Recovery of files will take some time. Right now, in the vast majority of cases, the maker of STOPDecrypter will contact you privately when he is able to figure out your decryption key. Thank you very much for your suggestion. Quote Share this post Link to post Share on other sites
GT500 559 Report post Posted June 1 You're welcome. Quote Share this post Link to post Share on other sites
ARNEST 0 Report post Posted June 10 Dear GT500, How is the progress to find decrypter for Radman ransomware? I am still waiting Quote Share this post Link to post Share on other sites
GT500 559 Report post Posted June 11 20 hours ago, ARNEST said: Dear GT500, How is the progress to find decrypter for Radman ransomware? I am still waiting The creator of STOPDecrypter is still working on trying to find peoples' decryption keys. It's not as easy as it used to be, and may still take some time before anyone is able to provide a solution for most victims. As for how much time, it's difficult to say. Quote Share this post Link to post Share on other sites
