Maz2bi

.radman ransomware decryptor needed

Recommended Posts

Its a variant of .djvu ransomware.
I have already used STOP decrypter. It is ineffective against online attack of the virus. Its only decrypts if the virus came from offline resources.

Shadow Explorer also failed to produce desired results.

Please help me or notify me whenever a solution is there.

My business files are encrypted. I am stuck. My business is a standstill. I would be thankful to you all.

Sample encrypted files are attached.

 

Mazen Shams

CEO, Cunning Paws

RVing with Dogs..docx.radman Cunning Paws.pptx.radman Cunning Paws with tagline.png.radman

Share this post


Link to post
Share on other sites

[+] Loaded 36 offline keys
Selected directory: F:\LITU\MY PIC
Starting decryption...

[+] File: F:\LITU\MY PIC\FG1A7056.jpg.radman
[-] No key for ID: 3yJSDu5l4JvViyu408oZ0z2JDewnlpR6dttPgZt1 (.radman )

[+] File: F:\LITU\MY PIC\FG1A7102.JPG.radman
[-] No key for ID: 3yJSDu5l4JvViyu408oZ0z2JDewnlpR6dttPgZt1 (.radman )

Decrypted 0 files!
Skipped 2 files.

[!] No keys were found for the following IDs:
[*] ID: 3yJSDu5l4JvViyu408oZ0z2JDewnlpR6dttPgZt1 (.radman )
Please archive these IDs and the following MAC addresses in case of future decryption:
[*] MACs: 40:8D:5C:BD:CD:B8
This info has also been logged to STOPDecrypter-log.txt

Share this post


Link to post
Share on other sites
20 hours ago, litumaxa said:

[-] No key for ID: 3yJSDu5l4JvViyu408oZ0z2JDewnlpR6dttPgZt1 (.radman )

That looks like an offline ID. Unfortunately the maker of STOPDecrypter still doesn't have the offline key for the .radman variant of STOP/Djvu. Do you mind if we check to see if there's a copy of it on your computer?

We can check with FRST. You can find instructions for downloading and running FRST at the following link:
https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/

Note: When FRST checks the Windows Firewall settings, Emsisoft Anti-Malware's Behavior Blocker will quarantine it automatically. This can be avoided by clicking "Wait, I think this is safe" in the notification that is displayed while FRST is scanning.

Share this post


Link to post
Share on other sites

We have a new decryption service for STOP/Djvu available. There's more information and instructions on how to use it at the following links:
https://www.bleepingcomputer.com/news/security/stop-ransomware-decryptor-released-for-148-variants/
https://blog.emsisoft.com/en/34375/emsisoft-releases-new-decryptor-for-stop-djvu-ransomware/

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.