Recommended Posts

It is recommended to upload a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with to this site here:
https://id-ransomware.malwarehunterteam.com/

You can paste a link to the results into a reply so that one of our experts can review them.

Share this post


Link to post
Share on other sites

@Thinh Dang

I ask you to publish the results of identification in ID Ransomware.
I already know them in advance, but I need confirmation, because you may be given a double identification, one of which is erroneous and the other is correct. I will tell you which one is correct.

Please attach a ransom note to your new post and report the approximate time when the files were encrypted.

Share this post


Link to post
Share on other sites

Thank you very much for kindly support.

After I uploaded to https://id-ransomware.malwarehunterteam.com

I got the result, Any solution for me to decrypt ?

 

Quote

2 Results

GlobeImposter 2.0

 This ransomware has no known way of decrypting data at this time.

It is recommended to backup your encrypted files, and hope for a solution in the future.

Identified by

 

Click here for more information about GlobeImposter 2.0

 

 Would you like to be notified if there is any development regarding this ransomware? Click here.

Maoloa

 This ransomware is still under analysis.

Please refer to the appropriate topic for more information. Samples of encrypted files and suspicious files may be needed for continued investigation.

Identified by

 

Click here for more information about Maoloa

 

 Would you like to be notified if there is any development regarding this ransomware? Click here.

 

Share this post


Link to post
Share on other sites
12 hours ago, Amigo-A said:

@Thinh Dang

I ask you to publish the results of identification in ID Ransomware.
I already know them in advance, but I need confirmation, because you may be given a double identification, one of which is erroneous and the other is correct. I will tell you which one is correct.

 Please attach a ransom note to your new post and report the approximate time when the files were encrypted.

Here is the note:

                   YOUR FILES ARE ENCRYPTED !!!

TO DECRYPT, FOLLOW THE INSTRUCTIONS:

To recover data you need decrypt tool.

To get the decrypt tool you should:

1.In the letter include your personal ID! Send me this ID in your first email to me!
2.We can give you free test for decrypt few files (NOT VALUE) and assign the price for decryption all files!
3.After we send you instruction how to pay for decrypt tool and after payment you will receive a decryption tool! 
4.We can decrypt few files in quality the evidence that we have the decoder.


 DO NOT TRY TO DO SOMETHING WITH YOUR FILES BY YOURSELF YOU WILL BRAKE YOUR DATA !!! ONLY WE ARE CAN HELP YOU! CONTACT US:

[email protected] 


                   ATTENTION !!! THIS IS YOUR PERSONAL ID WICH YOU HAVE TO SEND IN FIRST LETTER:

QY 5P 3f /+ iC qr bq AU SA VT XU Q5 Xf SH 7F ac
tv SM WB qk gm bU +K /2 0X o4 Zy S9 JW Zx 5s NH
ZI Sj sZ sQ /B Cf J1 fd pU oi aZ j5 gb gf 3h oG
4P +a QU yn es Hd 8k F5 Xq zX Ew ZA r8 nV y0 4z
B6 JA Hy NM l0 ZD hO v0 2h PK X7 vj 6g 5J yO be
Fs b6 FW +R X/ Bp kd so 1Z jo nF ti EF ut 49 /o
wV Ky dX YG PK cR n1 nd 39 Qr uj 7U JN gS MS HJ
jI mx bn Sv b4 mS q6 CH 6H Vs d5 m/ Xg 4X al b8
X4 kx +4 he y5 mu dJ mc aT Mv rf GM 1Z Z9 Fp tx
N8 2L ZA vt +l fe 38 a3 w1 3/ Ks Fm br L/ TC I9
8I ax rZ fD Wy jo Vm wT 4X Fy rd bo 34 qW PA CM
zn c8 42 lb qj ML v/ WP Za pL Fe kJ VC 5P +A CJ
bD 2q fp am +u N/ Xl xI 1N N3 Qs oz AR d5 kW n5
7u si n+ Oy DE ML mi SD M1 t5 c1 a7 As Wu g7 ME
kd Qh /T X+ jW r9 h8 9f bX 6D G+ 2N 0v Bi Vd tY
pP 1c w1 fu dE 5m Zr Sz Ak z5 FX IO BG 1F Ly zk
Ri s5 5D nu nt fc 3Q 8B aA ez tM NV cx b7 5T Y+
ES Xi 7R /N zl rJ O8 xP +u mW kF Sj QJ UT /H o0
Vw 2q +/ Z5 w1 wo ry 3G I3 fL RZ wx cO S7 VJ Eh
jg FA YB U5 ux 6H +c Zn dG D2 oS gh VR kG xW 4f
xq 8K Ya EA Hx cf D/ iD 75 zs MF fo yz 94 69 fr
FW MN Kd LK Th 0= 
 

  • Upvote 1

Share this post


Link to post
Share on other sites

@Thinh Dang

Good! Good that you answered! Everything is as I said.
Previously was the result, which pointed to the GlobeImposter 2.0 Ransomware.
But I noticed the differences a long time ago and separated some variants into the article Maoloa Ransomware

After a detailed analysis, Demonslay335 reported that there are differences that make it possible to isolate some options into a separate identification - Maoloa Ransomware.

Researchers recognize that after the GlobeImposter 2.0 Ransomware, it is impossible to decrypt files after the buyout to the extortionists.

For Maoloa Ransomware there is no such certainty. It has not been studied enough to decrypt files or to recognize the impossibility of decryption.
That is, for Maoloa Ransomware there is still hope for decrypting, but there is no decryptor yet.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.