MadHawk

.gerosan decryption ransomware

Recommended Posts

Hi,

Its been 2 months. What are the updates of the .gerosan decryption ransomware? 

[+] Loaded 50 offline keys
Please archive the following info in case of future decryption:
[*] ID: JVA5cC4uyeRWfgWlNCYNWypgIU9MQA2IvURCi81p
[*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1
[*] MACs: 00:E0:4C:1C:17:29
This info has also been logged to STOPDecrypter-log.txt

FRST.txt Addition.txt

Share this post


Link to post
Share on other sites
19 hours ago, MadHawk said:

Its been 2 months. What are the updates of the .gerosan decryption ransomware?

There are no updates. This is a process that won't be quick. All we can say is please be patient, and that this is still being worked on.

Share this post


Link to post
Share on other sites

@MadHawk

I looked at the attached logs. 
You need to clear browsers - reset the default settings. This function is in them. 
Undesirable add dubious plug-ins to browsers, they can monitor the entered information and make your PC more vulnerable under attack.

The set of programs you use says that your PC is vulnerable to such attacks. If you want to continue to use these programs, you need to better protect your PC.

Also need check PC with Emsisoft Emergency Kit to exclude re-encryption: 
http://www.emsisoft.com/en/software/eek/

Share this post


Link to post
Share on other sites
13 hours ago, Amigo-A said:

You need to clear browsers - reset the default settings.

Resetting Google Chrome to default settings:
https://support.google.com/chrome/answer/3296214

Resetting Firefox to default settings:
https://support.mozilla.org/en-US/kb/refresh-firefox-reset-add-ons-and-settings

Note: Doing this should delete all of your extensions. However, from what I saw in your FRST log, this will be a good thing. Keep in mind that you should only install extensions that you really need. A lot of extensions aren't safe, and neither Google nor Mozilla have the manpower to properly check all of them. Your basic adblock/content blocker extensions are OK (uBlock Origin, Adguard, Adblock Plus, and Adblock), however keep in mind that you only want one of them.

Share this post


Link to post
Share on other sites

@MadHawk

On 7/3/2019 at 12:41 PM, MadHawk said:

[*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1
[*] MACs: 00:E0:4C:1C:17:29

I did not see your message after updating STOPDecrypter on June 13, 2019.
Have you decrypt your files with this ID?

Share this post


Link to post
Share on other sites
2 hours ago, Amigo-A said:

@MadHawk

I did not see your message after updating STOPDecrypter on June 13, 2019.
Have you decrypt your files with this ID?

I tried using latest STOP decryptor yesterday and it gave same results. Decrypted a few files but few were left as is. 

Share this post


Link to post
Share on other sites
9 hours ago, GT500 said:

Resetting Google Chrome to default settings:
https://support.google.com/chrome/answer/3296214

Resetting Firefox to default settings:
https://support.mozilla.org/en-US/kb/refresh-firefox-reset-add-ons-and-settings

Note: Doing this should delete all of your extensions. However, from what I saw in your FRST log, this will be a good thing. Keep in mind that you should only install extensions that you really need. A lot of extensions aren't safe, and neither Google nor Mozilla have the manpower to properly check all of them. Your basic adblock/content blocker extensions are OK (uBlock Origin, Adguard, Adblock Plus, and Adblock), however keep in mind that you only want one of them.

I deleted most extensions  and now only have adblock and grammarly.

Share this post


Link to post
Share on other sites
8 hours ago, MadHawk said:

Decrypted a few files but few were left as is. 

You need to restart the STOPDecryptor and copy the information from it. Something left overs.

Share this post


Link to post
Share on other sites
20 hours ago, MadHawk said:

I tried using latest STOP decryptor yesterday and it gave same results. Decrypted a few files but few were left as is. 

Did it leave a log? It's possible that there's more than one ID in it.

Share this post


Link to post
Share on other sites
On 7/6/2019 at 3:15 AM, MadHawk said:

Yes. Here you go!STOPDecrypter-log.txt

OK, this is your ID:
JVA5cC4uyeRWfgWlNCYNWypgIU9MQA2IvURCi81p

This is not an offline ID, and thus STOPDecrypter will not be able to decrypt your files unless a decryption key is manually entered. Right now we're helping the creator of STOPDecrypter archive the ID's and MAC addresses supplied by victims in case he can figure out decryption keys for them, so I'm going to go ahead and send your information to him.

The best thing you can do right now is wait. Give us time, and we'll do what we can to help you recover your files.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.