ARNEST

INFECTED BY Ransomware (.radman)

Recommended Posts

My files are encrypted by ransomware (.radman). Personal ID: 086Hjh74389hUSf8bwVJLrUFtzutHXui1MCvtQw7baY8jcfIt3avTOVz

I tried with all decryptors but was unsuccessful. Please help me decrypt my files.

Share this post


Link to post
Share on other sites
17 hours ago, ARNEST said:

Personal ID: 086Hjh74389hUSf8bwVJLrUFtzutHXui1MCvtQw7baY8jcfIt3avTOVz

That's an online ID, so we'll need the MAC addresses from the infected computer as well. You can use STOPDecrypter to get that information. Here's a link to instructions:
https://kb.gt500.org/stopdecrypter

 

Also note that while most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums):
https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/

Note: If anything that appears suspicious is found in your logs, then your post will be moved into a new topic to facilitate better communication between you and whoever is assisting you. We'll also try to make sure that you are following the new topic so that you receive e-mail notifications when someone replies to it.

Share this post


Link to post
Share on other sites

Meus arquivos são criptografados pelo ransomware (.radman). Identificação: ] ID: Hyz6gHZojIX9FB4gjXNrEeVormifAm7taiModiPA (.radman )

Mac: 40:16:7E:7B:B8:8F

Eu tentei com todas as decryptors, mas não teve sucesso. Por favor me ajude a decifrar meus arquivos.


[+] Arquivo: C:\Users\gheng\Desktop\Nova pasta\006 - capítulos FISICO FINANCEIRO.xlsx.radman
[-] nenhuma chave para ID: Hyz6gHZojIX9FB4gjXNrEeVormifAm7taiModiPA (.radman)

0 dados decodificados!
Arquivos ignorados 1.

[!] Sem chaves foram encontradas para as seguintes identificações:
[*] ID: Hyz6gHZojIX9FB4gjXNrEeVormifAm7taiModiPA (.radman)
por favor arquivar essas identificações e os seguintes endereços de MAC, em caso de futura descriptografia:
[*] MACs: 40:16:7E:7B:B8:8F
Esta informação também foi registrada para STOPDecrypter-log. txt

Edited by GT500
Removed quote box.

Share this post


Link to post
Share on other sites

Thanks GT500. I followed your advice.

[!] No keys were found for the following IDs:
[*] ID: bwVJLrUFtzutHXui1MCvtQw7baY8jcfIt3avTOVz (.radman )
Please archive these IDs and the following MAC addresses in case of future decryption:
[*] MACs: 82:C5:F2:71:83:C3, 80:C5:F2:71:83:C3, 80:C5:F2:71:83:C2
This info has also been logged to STOPDecrypter-log.txt

Edited by ARNEST
More information

Share this post


Link to post
Share on other sites

[!] No keys were found for the following IDs:
[*] ID: bwVJLrUFtzutHXui1MCvtQw7baY8jcfIt3avTOVz (.radman )
Please archive these IDs and the following MAC addresses in case of future decryption:
[*] MACs: 82:C5:F2:71:83:C3, 80:C5:F2:71:83:C3, 80:C5:F2:71:83:C2
This info has also been logged to STOPDecrypter-log.txt

Share this post


Link to post
Share on other sites
21 hours ago, Haroldo said:

[!] Sem chaves foram encontradas para as seguintes identificações:
[*] ID: Hyz6gHZojIX9FB4gjXNrEeVormifAm7taiModiPA (.radman)
por favor arquivar essas identificações e os seguintes endereços de MAC, em caso de futura descriptografia:
[*] MACs: 40:16:7E:7B:B8:8F
Esta informação também foi registrada para STOPDecrypter-log. txt

I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future.

 

5 hours ago, ARNEST said:

[!] No keys were found for the following IDs:
[*] ID: bwVJLrUFtzutHXui1MCvtQw7baY8jcfIt3avTOVz (.radman )
Please archive these IDs and the following MAC addresses in case of future decryption:
[*] MACs: 82:C5:F2:71:83:C3, 80:C5:F2:71:83:C3, 80:C5:F2:71:83:C2
This info has also been logged to STOPDecrypter-log.txt

I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future.

Share this post


Link to post
Share on other sites

ARNEST

Please, be patient. Support specialists  may not respond during the weekend. This is indicated in the forum rules.

The solution of the problem may come not very quickly.
Do not depart from the topic, it is important for you, wait for the answer of the specialist and the final decision.

Share this post


Link to post
Share on other sites
11 hours ago, ARNEST said:

ANY NEWS MR GT500 OF A SOLUTION TO MY PROBLEM...

If there is any news, you should be contacted privately by someone with the screen name Demonslay335.

Share this post


Link to post
Share on other sites

Dear GT500,

                 I have some a problem in the same, my files on PC have been encrypted by ransomware (.radman extension)

I send you the information regarding log files form StOPDecrypter tool and FRST program and please see the attached files.

 Here is my troubleshooting

 1. I have format drive C and installed new windows OS, I accidentally did it.

 2. But my files on PC, it has still been encrypted. (radman extension).

 please help me solve a problem or do you have any suggestion.

 Thank you very much.

Addition.txt FRST.txt STOPDecrypter-log.txt

Share this post


Link to post
Share on other sites

@[email protected] I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future.

As for your FRST logs, at first glance they appear clean. Certainly no leftovers from STOP/Djvu, so you don't have to worry about that at least.

Recovery of files will take some time. Right now, in the vast majority of cases, the maker of STOPDecrypter will contact you privately when he is able to figure out your decryption key.

Share this post


Link to post
Share on other sites
On 5/31/2019 at 3:48 AM, GT500 said:

@[email protected] I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future.

As for your FRST logs, at first glance they appear clean. Certainly no leftovers from STOP/Djvu, so you don't have to worry about that at least.

Recovery of files will take some time. Right now, in the vast majority of cases, the maker of STOPDecrypter will contact you privately when he is able to figure out your decryption key.

Thank you very much for your suggestion.

Share this post


Link to post
Share on other sites
20 hours ago, ARNEST said:

Dear GT500,

How is the progress to find decrypter for Radman ransomware?

I am still waiting

The creator of STOPDecrypter is still working on trying to find peoples' decryption keys. It's not as easy as it used to be, and may still take some time before anyone is able to provide a solution for most victims. As for how much time, it's difficult to say.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.