Thinh Dang 1 Report post Posted June 14, 2019 Hello, my files were encrypted to .Dragon4444 Please show me any solution to decrypt my files? Thank you. Quote Share this post Link to post Share on other sites
stapp 151 Report post Posted June 14, 2019 It is recommended to upload a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with to this site here:https://id-ransomware.malwarehunterteam.com/ You can paste a link to the results into a reply so that one of our experts can review them. Quote Share this post Link to post Share on other sites
Amigo-A 136 Report post Posted June 14, 2019 @Thinh Dang I ask you to publish the results of identification in ID Ransomware. I already know them in advance, but I need confirmation, because you may be given a double identification, one of which is erroneous and the other is correct. I will tell you which one is correct. Please attach a ransom note to your new post and report the approximate time when the files were encrypted. Quote Share this post Link to post Share on other sites
Thinh Dang 1 Report post Posted June 15, 2019 Thank you very much for kindly support. After I uploaded to https://id-ransomware.malwarehunterteam.com I got the result, Any solution for me to decrypt ? Quote 2 Results GlobeImposter 2.0 This ransomware has no known way of decrypting data at this time. It is recommended to backup your encrypted files, and hope for a solution in the future. Identified by ransomnote_email: [email protected] sample_extension: .Dragon4444 Click here for more information about GlobeImposter 2.0 Would you like to be notified if there is any development regarding this ransomware? Click here. Maoloa This ransomware is still under analysis. Please refer to the appropriate topic for more information. Samples of encrypted files and suspicious files may be needed for continued investigation. Identified by ransomnote_email: [email protected] Click here for more information about Maoloa Would you like to be notified if there is any development regarding this ransomware? Click here. Quote Share this post Link to post Share on other sites
Thinh Dang 1 Report post Posted June 15, 2019 12 hours ago, Amigo-A said: @Thinh Dang I ask you to publish the results of identification in ID Ransomware. I already know them in advance, but I need confirmation, because you may be given a double identification, one of which is erroneous and the other is correct. I will tell you which one is correct. Please attach a ransom note to your new post and report the approximate time when the files were encrypted. Here is the note: YOUR FILES ARE ENCRYPTED !!! TO DECRYPT, FOLLOW THE INSTRUCTIONS: To recover data you need decrypt tool. To get the decrypt tool you should: 1.In the letter include your personal ID! Send me this ID in your first email to me! 2.We can give you free test for decrypt few files (NOT VALUE) and assign the price for decryption all files! 3.After we send you instruction how to pay for decrypt tool and after payment you will receive a decryption tool! 4.We can decrypt few files in quality the evidence that we have the decoder. DO NOT TRY TO DO SOMETHING WITH YOUR FILES BY YOURSELF YOU WILL BRAKE YOUR DATA !!! ONLY WE ARE CAN HELP YOU! CONTACT US: [email protected] ATTENTION !!! THIS IS YOUR PERSONAL ID WICH YOU HAVE TO SEND IN FIRST LETTER: QY 5P 3f /+ iC qr bq AU SA VT XU Q5 Xf SH 7F ac tv SM WB qk gm bU +K /2 0X o4 Zy S9 JW Zx 5s NH ZI Sj sZ sQ /B Cf J1 fd pU oi aZ j5 gb gf 3h oG 4P +a QU yn es Hd 8k F5 Xq zX Ew ZA r8 nV y0 4z B6 JA Hy NM l0 ZD hO v0 2h PK X7 vj 6g 5J yO be Fs b6 FW +R X/ Bp kd so 1Z jo nF ti EF ut 49 /o wV Ky dX YG PK cR n1 nd 39 Qr uj 7U JN gS MS HJ jI mx bn Sv b4 mS q6 CH 6H Vs d5 m/ Xg 4X al b8 X4 kx +4 he y5 mu dJ mc aT Mv rf GM 1Z Z9 Fp tx N8 2L ZA vt +l fe 38 a3 w1 3/ Ks Fm br L/ TC I9 8I ax rZ fD Wy jo Vm wT 4X Fy rd bo 34 qW PA CM zn c8 42 lb qj ML v/ WP Za pL Fe kJ VC 5P +A CJ bD 2q fp am +u N/ Xl xI 1N N3 Qs oz AR d5 kW n5 7u si n+ Oy DE ML mi SD M1 t5 c1 a7 As Wu g7 ME kd Qh /T X+ jW r9 h8 9f bX 6D G+ 2N 0v Bi Vd tY pP 1c w1 fu dE 5m Zr Sz Ak z5 FX IO BG 1F Ly zk Ri s5 5D nu nt fc 3Q 8B aA ez tM NV cx b7 5T Y+ ES Xi 7R /N zl rJ O8 xP +u mW kF Sj QJ UT /H o0 Vw 2q +/ Z5 w1 wo ry 3G I3 fL RZ wx cO S7 VJ Eh jg FA YB U5 ux 6H +c Zn dG D2 oS gh VR kG xW 4f xq 8K Ya EA Hx cf D/ iD 75 zs MF fo yz 94 69 fr FW MN Kd LK Th 0= 1 Quote Share this post Link to post Share on other sites
Amigo-A 136 Report post Posted June 15, 2019 @Thinh Dang Good! Good that you answered! Everything is as I said. Previously was the result, which pointed to the GlobeImposter 2.0 Ransomware. But I noticed the differences a long time ago and separated some variants into the article Maoloa Ransomware and Alco Ransomware After a detailed analysis, Demonslay335 reported that there are differences that make it possible to isolate some options into a separate identification - Maoloa Ransomware. Researchers recognize that after the GlobeImposter 2.0 Ransomware, it is impossible to decrypt files after the buyout to the extortionists. For Maoloa Ransomware there is no such certainty. It has not been studied enough to decrypt files or to recognize the impossibility of decryption. That is, for Maoloa Ransomware and Alco Ransomware there is still hope for decrypting, but there is no decryptor yet. Quote Share this post Link to post Share on other sites
Amigo-A 136 Report post Posted June 15, 2019 @Thinh Dang Attach a ORIGINAL ransom note to your new post and report the approximate time when the files were encrypted. or upload them to the site www.sendspace.com Quote Share this post Link to post Share on other sites
