ARNEST 0 Report post Posted May 23 My files are encrypted by ransomware (.radman). Personal ID: 086Hjh74389hUSf8bwVJLrUFtzutHXui1MCvtQw7baY8jcfIt3avTOVz I tried with all decryptors but was unsuccessful. Please help me decrypt my files. Quote Share this post Link to post Share on other sites
GT500 593 Report post Posted May 23 17 hours ago, ARNEST said: Personal ID: 086Hjh74389hUSf8bwVJLrUFtzutHXui1MCvtQw7baY8jcfIt3avTOVz That's an online ID, so we'll need the MAC addresses from the infected computer as well. You can use STOPDecrypter to get that information. Here's a link to instructions:https://kb.gt500.org/stopdecrypter Also note that while most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums):https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ Note: If anything that appears suspicious is found in your logs, then your post will be moved into a new topic to facilitate better communication between you and whoever is assisting you. We'll also try to make sure that you are following the new topic so that you receive e-mail notifications when someone replies to it. Quote Share this post Link to post Share on other sites
Haroldo 0 Report post Posted May 24 (edited) Meus arquivos são criptografados pelo ransomware (.radman). Identificação: ] ID: Hyz6gHZojIX9FB4gjXNrEeVormifAm7taiModiPA (.radman ) Mac: 40:16:7E:7B:B8:8F Eu tentei com todas as decryptors, mas não teve sucesso. Por favor me ajude a decifrar meus arquivos. [+] Arquivo: C:\Users\gheng\Desktop\Nova pasta\006 - capítulos FISICO FINANCEIRO.xlsx.radman [-] nenhuma chave para ID: Hyz6gHZojIX9FB4gjXNrEeVormifAm7taiModiPA (.radman) 0 dados decodificados! Arquivos ignorados 1. [!] Sem chaves foram encontradas para as seguintes identificações: [*] ID: Hyz6gHZojIX9FB4gjXNrEeVormifAm7taiModiPA (.radman) por favor arquivar essas identificações e os seguintes endereços de MAC, em caso de futura descriptografia: [*] MACs: 40:16:7E:7B:B8:8F Esta informação também foi registrada para STOPDecrypter-log. txt Edited May 25 by GT500 Removed quote box. Quote Share this post Link to post Share on other sites
ARNEST 0 Report post Posted May 24 (edited) Thanks GT500. I followed your advice. [!] No keys were found for the following IDs: [*] ID: bwVJLrUFtzutHXui1MCvtQw7baY8jcfIt3avTOVz (.radman ) Please archive these IDs and the following MAC addresses in case of future decryption: [*] MACs: 82:C5:F2:71:83:C3, 80:C5:F2:71:83:C3, 80:C5:F2:71:83:C2 This info has also been logged to STOPDecrypter-log.txt Edited May 24 by ARNEST More information Quote Share this post Link to post Share on other sites
ARNEST 0 Report post Posted May 24 [!] No keys were found for the following IDs: [*] ID: bwVJLrUFtzutHXui1MCvtQw7baY8jcfIt3avTOVz (.radman ) Please archive these IDs and the following MAC addresses in case of future decryption: [*] MACs: 82:C5:F2:71:83:C3, 80:C5:F2:71:83:C3, 80:C5:F2:71:83:C2 This info has also been logged to STOPDecrypter-log.txt Quote Share this post Link to post Share on other sites
GT500 593 Report post Posted May 25 21 hours ago, Haroldo said: [!] Sem chaves foram encontradas para as seguintes identificações: [*] ID: Hyz6gHZojIX9FB4gjXNrEeVormifAm7taiModiPA (.radman) por favor arquivar essas identificações e os seguintes endereços de MAC, em caso de futura descriptografia: [*] MACs: 40:16:7E:7B:B8:8F Esta informação também foi registrada para STOPDecrypter-log. txt I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future. 5 hours ago, ARNEST said: [!] No keys were found for the following IDs: [*] ID: bwVJLrUFtzutHXui1MCvtQw7baY8jcfIt3avTOVz (.radman ) Please archive these IDs and the following MAC addresses in case of future decryption: [*] MACs: 82:C5:F2:71:83:C3, 80:C5:F2:71:83:C3, 80:C5:F2:71:83:C2 This info has also been logged to STOPDecrypter-log.txt I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future. Quote Share this post Link to post Share on other sites
ARNEST 0 Report post Posted May 26 ANY NEWS MR GT500 OF A SOLUTION TO MY PROBLEM... Quote Share this post Link to post Share on other sites
Amigo-A 43 Report post Posted May 26 ARNEST Please, be patient. Support specialists may not respond during the weekend. This is indicated in the forum rules. The solution of the problem may come not very quickly. Do not depart from the topic, it is important for you, wait for the answer of the specialist and the final decision. Quote Share this post Link to post Share on other sites
GT500 593 Report post Posted May 27 11 hours ago, ARNEST said: ANY NEWS MR GT500 OF A SOLUTION TO MY PROBLEM... If there is any news, you should be contacted privately by someone with the screen name Demonslay335. Quote Share this post Link to post Share on other sites
[email protected] 0 Report post Posted May 30 Dear GT500, I have some a problem in the same, my files on PC have been encrypted by ransomware (.radman extension) I send you the information regarding log files form StOPDecrypter tool and FRST program and please see the attached files. Here is my troubleshooting 1. I have format drive C and installed new windows OS, I accidentally did it. 2. But my files on PC, it has still been encrypted. (radman extension). please help me solve a problem or do you have any suggestion. Thank you very much. Addition.txt FRST.txt STOPDecrypter-log.txt Quote Share this post Link to post Share on other sites
GT500 593 Report post Posted May 30 @[email protected] I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future. As for your FRST logs, at first glance they appear clean. Certainly no leftovers from STOP/Djvu, so you don't have to worry about that at least. Recovery of files will take some time. Right now, in the vast majority of cases, the maker of STOPDecrypter will contact you privately when he is able to figure out your decryption key. Quote Share this post Link to post Share on other sites
[email protected] 0 Report post Posted June 1 On 5/31/2019 at 3:48 AM, GT500 said: @[email protected] I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future. As for your FRST logs, at first glance they appear clean. Certainly no leftovers from STOP/Djvu, so you don't have to worry about that at least. Recovery of files will take some time. Right now, in the vast majority of cases, the maker of STOPDecrypter will contact you privately when he is able to figure out your decryption key. Thank you very much for your suggestion. Quote Share this post Link to post Share on other sites
GT500 593 Report post Posted June 1 You're welcome. Quote Share this post Link to post Share on other sites
ARNEST 0 Report post Posted June 10 Dear GT500, How is the progress to find decrypter for Radman ransomware? I am still waiting Quote Share this post Link to post Share on other sites
GT500 593 Report post Posted June 11 20 hours ago, ARNEST said: Dear GT500, How is the progress to find decrypter for Radman ransomware? I am still waiting The creator of STOPDecrypter is still working on trying to find peoples' decryption keys. It's not as easy as it used to be, and may still take some time before anyone is able to provide a solution for most victims. As for how much time, it's difficult to say. Quote Share this post Link to post Share on other sites
ARNEST 0 Report post Posted July 10 Dear GT500, Any progress in finding online keys for decryption of radman ransomware encrypted files. I have not got any communication from Demonslay335. Thank you Quote Share this post Link to post Share on other sites
GT500 593 Report post Posted July 10 It's still being worked on. Hopefully it won't be too much longer before we have a solution for you. Quote Share this post Link to post Share on other sites
ARNEST 0 Report post Posted September 9 Thank you Mr. GT500. Have you got any solution for my problem. I am anxiously waiting because some of my important files I need to get immediately. For the last few months I have postpone my work due to the encrypted files and folders. Kindly let me know. Thank you Quote Share this post Link to post Share on other sites
GT500 593 Report post Posted September 10 19 hours ago, ARNEST said: Have you got any solution for my problem. I am anxiously waiting because some of my important files I need to get immediately. For the last few months I have postpone my work due to the encrypted files and folders. It's still being worked on. We'll let you know once it's ready. Quote Share this post Link to post Share on other sites
ARNEST 0 Report post Posted October 18 Thanks Mr. GT500 for your initiative and help. I am still waiting. Regards Quote Share this post Link to post Share on other sites
GT500 593 Report post Posted October 19 We have a new decryption service for STOP/Djvu available. There's more information and instructions on how to use it at the following links:https://www.bleepingcomputer.com/news/security/stop-ransomware-decryptor-released-for-148-variants/https://blog.emsisoft.com/en/34375/emsisoft-releases-new-decryptor-for-stop-djvu-ransomware/ Quote Share this post Link to post Share on other sites
ARNEST 0 Report post Posted October 28 Thanks Mr. GT500. I tried with the online decryption, since mine was with the online key, but i have a difficulty that I hardly have the original file, the ones that I had also shows 'invalid upload' even after having processed. I really thank you for the guidance and help that you have given me. Arnest Quote Share this post Link to post Share on other sites
Amigo-A 43 Report post Posted October 28 Here is a sample list where you can find the originals of the encrypted files : 1) on flash drives, external drives, CD / DVD, memory cards of the camera, phone; 2) in attachments of emails sent or received by you; 3) among the copies of shared photos of friends, relatives (in their PC) that you gave; 4) among the uploaded photos in the social. networks, including via smartphone and tablet; 5) among the uploaded photos to cloud services (Google Disk, OneDrive, Yandex Disk etc.); 6) on the sites of ads, forums, where you could previously send photos or images; 7) among unencrypted files, copies, renamed files on your PC; 8 ) on an old PC or disk, from where you transferred photos and documents to a new PC; 9) you can re-upload from the Internet previously downloaded photos, pictures, etc .; 10) you can use sample images supplied with Windows; 11) take photos or pictures that you previously posted on the avatar on the forums. 12) extract previously deleted files from the Recycle Bin or restore it with a special program. If decryption failed ... It is possible that the original file was an inaccurate copy of the encrypted. This could be due to the fact that earlier you yourself reduced or corrected it in the editor, or uploaded to social networks, cloud services, and there the file was somehow automatically changed. Look for more files and try different pairs of encrypted and original files with the same name. Very often files can have the same name, but are not a copy of each other. Vocabulary used in any language is limited. The possibilities of PCs, cameras and other devices for taking photos are also limited. In cameras and mobile devices, names for photos are given automatically according to a specific format, so photos with the name from IMG_0001.JPG to IMG_9999.JPG can be quite a lot in different years. Smartphones can give photos more original names, such as IMG_20171012_170451.jpg - here and the date of shooting, and the sequence number, thus the repetition of the name is unlikely. Quote Share this post Link to post Share on other sites
GT500 593 Report post Posted October 29 23 hours ago, ARNEST said: the ones that I had also shows 'invalid upload' even after having processed. Can you take a screenshot of the error message and paste it into a reply? Quote Share this post Link to post Share on other sites