Thinh Dang 1 Posted June 14, 2019 Report Share Posted June 14, 2019 Hello, my files were encrypted to .Dragon4444 Please show me any solution to decrypt my files? Thank you. Quote Link to post Share on other sites
stapp 152 Posted June 14, 2019 Report Share Posted June 14, 2019 It is recommended to upload a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with to this site here:https://id-ransomware.malwarehunterteam.com/ You can paste a link to the results into a reply so that one of our experts can review them. Quote Link to post Share on other sites
Amigo-A 136 Posted June 14, 2019 Report Share Posted June 14, 2019 @Thinh Dang I ask you to publish the results of identification in ID Ransomware. I already know them in advance, but I need confirmation, because you may be given a double identification, one of which is erroneous and the other is correct. I will tell you which one is correct. Please attach a ransom note to your new post and report the approximate time when the files were encrypted. Quote Link to post Share on other sites
Thinh Dang 1 Posted June 15, 2019 Author Report Share Posted June 15, 2019 Thank you very much for kindly support. After I uploaded to https://id-ransomware.malwarehunterteam.com I got the result, Any solution for me to decrypt ? Quote 2 Results GlobeImposter 2.0 This ransomware has no known way of decrypting data at this time. It is recommended to backup your encrypted files, and hope for a solution in the future. Identified by ransomnote_email: [email protected] sample_extension: .Dragon4444 Click here for more information about GlobeImposter 2.0 Would you like to be notified if there is any development regarding this ransomware? Click here. Maoloa This ransomware is still under analysis. Please refer to the appropriate topic for more information. Samples of encrypted files and suspicious files may be needed for continued investigation. Identified by ransomnote_email: [email protected] Click here for more information about Maoloa Would you like to be notified if there is any development regarding this ransomware? Click here. Quote Link to post Share on other sites
Thinh Dang 1 Posted June 15, 2019 Author Report Share Posted June 15, 2019 12 hours ago, Amigo-A said: @Thinh Dang I ask you to publish the results of identification in ID Ransomware. I already know them in advance, but I need confirmation, because you may be given a double identification, one of which is erroneous and the other is correct. I will tell you which one is correct. Please attach a ransom note to your new post and report the approximate time when the files were encrypted. Here is the note: YOUR FILES ARE ENCRYPTED !!! TO DECRYPT, FOLLOW THE INSTRUCTIONS: To recover data you need decrypt tool. To get the decrypt tool you should: 1.In the letter include your personal ID! Send me this ID in your first email to me! 2.We can give you free test for decrypt few files (NOT VALUE) and assign the price for decryption all files! 3.After we send you instruction how to pay for decrypt tool and after payment you will receive a decryption tool! 4.We can decrypt few files in quality the evidence that we have the decoder. DO NOT TRY TO DO SOMETHING WITH YOUR FILES BY YOURSELF YOU WILL BRAKE YOUR DATA !!! ONLY WE ARE CAN HELP YOU! CONTACT US: [email protected] ATTENTION !!! THIS IS YOUR PERSONAL ID WICH YOU HAVE TO SEND IN FIRST LETTER: QY 5P 3f /+ iC qr bq AU SA VT XU Q5 Xf SH 7F ac tv SM WB qk gm bU +K /2 0X o4 Zy S9 JW Zx 5s NH ZI Sj sZ sQ /B Cf J1 fd pU oi aZ j5 gb gf 3h oG 4P +a QU yn es Hd 8k F5 Xq zX Ew ZA r8 nV y0 4z B6 JA Hy NM l0 ZD hO v0 2h PK X7 vj 6g 5J yO be Fs b6 FW +R X/ Bp kd so 1Z jo nF ti EF ut 49 /o wV Ky dX YG PK cR n1 nd 39 Qr uj 7U JN gS MS HJ jI mx bn Sv b4 mS q6 CH 6H Vs d5 m/ Xg 4X al b8 X4 kx +4 he y5 mu dJ mc aT Mv rf GM 1Z Z9 Fp tx N8 2L ZA vt +l fe 38 a3 w1 3/ Ks Fm br L/ TC I9 8I ax rZ fD Wy jo Vm wT 4X Fy rd bo 34 qW PA CM zn c8 42 lb qj ML v/ WP Za pL Fe kJ VC 5P +A CJ bD 2q fp am +u N/ Xl xI 1N N3 Qs oz AR d5 kW n5 7u si n+ Oy DE ML mi SD M1 t5 c1 a7 As Wu g7 ME kd Qh /T X+ jW r9 h8 9f bX 6D G+ 2N 0v Bi Vd tY pP 1c w1 fu dE 5m Zr Sz Ak z5 FX IO BG 1F Ly zk Ri s5 5D nu nt fc 3Q 8B aA ez tM NV cx b7 5T Y+ ES Xi 7R /N zl rJ O8 xP +u mW kF Sj QJ UT /H o0 Vw 2q +/ Z5 w1 wo ry 3G I3 fL RZ wx cO S7 VJ Eh jg FA YB U5 ux 6H +c Zn dG D2 oS gh VR kG xW 4f xq 8K Ya EA Hx cf D/ iD 75 zs MF fo yz 94 69 fr FW MN Kd LK Th 0= 1 Quote Link to post Share on other sites
Amigo-A 136 Posted June 15, 2019 Report Share Posted June 15, 2019 @Thinh Dang Good! Good that you answered! Everything is as I said. Previously was the result, which pointed to the GlobeImposter 2.0 Ransomware. But I noticed the differences a long time ago and separated some variants into the article Maoloa Ransomware and Alco Ransomware After a detailed analysis, Demonslay335 reported that there are differences that make it possible to isolate some options into a separate identification - Maoloa Ransomware. Researchers recognize that after the GlobeImposter 2.0 Ransomware, it is impossible to decrypt files after the buyout to the extortionists. For Maoloa Ransomware there is no such certainty. It has not been studied enough to decrypt files or to recognize the impossibility of decryption. That is, for Maoloa Ransomware and Alco Ransomware there is still hope for decrypting, but there is no decryptor yet. Quote Link to post Share on other sites
Amigo-A 136 Posted June 15, 2019 Report Share Posted June 15, 2019 @Thinh Dang Attach a ORIGINAL ransom note to your new post and report the approximate time when the files were encrypted. or upload them to the site www.sendspace.com Quote Link to post Share on other sites
Kwstas Dimitriou 0 Posted January 10 Report Share Posted January 10 (edited) DO not pay this **************@aol.com . We paid him and he only decrypted small files and not our database. The hacker was paid and he didn't decrypt our database. He didn't know how his tool works. So we lost our money with him: Screenshot: http://prntscr.com/wkcknf Edited January 12 by GT500 Censored e-mail address. Quote Link to post Share on other sites
GT500 854 Posted January 12 Report Share Posted January 12 On 1/10/2021 at 11:42 AM, Kwstas Dimitriou said: DO not pay this **************@aol.com . We paid him and he only decrypted small files and not our database. The hacker was paid and he didn't decrypt our database. He didn't know how his tool works. So we lost our money with him: Screenshot: http://prntscr.com/wkcknf Did they give you a private key with their decrypter? Assuming the ransomware was a variant of STOP/Djvu we can add the private key to our database, and if it's the correct private key for your files and your files aren't corrupt then our decrypter might be able to decrypt them. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.