Jump to content

.gerosan decryption ransomware

MadHawk
 Share Followers 2

Recommended Posts

MadHawk

MadHawk 0

Posted
Posted

Hi,

Its been 2 months. What are the updates of the .gerosan decryption ransomware? 

[+] Loaded 50 offline keys
Please archive the following info in case of future decryption:
[*] ID: JVA5cC4uyeRWfgWlNCYNWypgIU9MQA2IvURCi81p
[*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1
[*] MACs: 00:E0:4C:1C:17:29
This info has also been logged to STOPDecrypter-log.txt

FRST.txt Addition.txt

Link to post
Share on other sites
GT500

GT500 873

Posted
Posted
19 hours ago, MadHawk said:

Its been 2 months. What are the updates of the .gerosan decryption ransomware?

There are no updates. This is a process that won't be quick. All we can say is please be patient, and that this is still being worked on.

Link to post
Share on other sites
Amigo-A

Amigo-A 136

Posted
Posted

@MadHawk

I looked at the attached logs. 
You need to clear browsers - reset the default settings. This function is in them. 
Undesirable add dubious plug-ins to browsers, they can monitor the entered information and make your PC more vulnerable under attack.

The set of programs you use says that your PC is vulnerable to such attacks. If you want to continue to use these programs, you need to better protect your PC.

Also need check PC with Emsisoft Emergency Kit to exclude re-encryption: 
http://www.emsisoft.com/en/software/eek/

Link to post
Share on other sites
GT500

GT500 873

Posted
Posted
13 hours ago, Amigo-A said:

You need to clear browsers - reset the default settings.

Resetting Google Chrome to default settings:
https://support.google.com/chrome/answer/3296214

Resetting Firefox to default settings:
https://support.mozilla.org/en-US/kb/refresh-firefox-reset-add-ons-and-settings

Note: Doing this should delete all of your extensions. However, from what I saw in your FRST log, this will be a good thing. Keep in mind that you should only install extensions that you really need. A lot of extensions aren't safe, and neither Google nor Mozilla have the manpower to properly check all of them. Your basic adblock/content blocker extensions are OK (uBlock Origin, Adguard, Adblock Plus, and Adblock), however keep in mind that you only want one of them.

Link to post
Share on other sites
Amigo-A

Amigo-A 136

Posted
Posted

@MadHawk

On 7/3/2019 at 12:41 PM, MadHawk said:

[*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1
[*] MACs: 00:E0:4C:1C:17:29

I did not see your message after updating STOPDecrypter on June 13, 2019.
Have you decrypt your files with this ID?

Link to post
Share on other sites
MadHawk

MadHawk 0

Posted
  • Author
Posted
2 hours ago, Amigo-A said:

@MadHawk

I did not see your message after updating STOPDecrypter on June 13, 2019.
Have you decrypt your files with this ID?

I tried using latest STOP decryptor yesterday and it gave same results. Decrypted a few files but few were left as is. 

Link to post
Share on other sites
MadHawk

MadHawk 0

Posted
  • Author
Posted
9 hours ago, GT500 said:

Resetting Google Chrome to default settings:
https://support.google.com/chrome/answer/3296214

Resetting Firefox to default settings:
https://support.mozilla.org/en-US/kb/refresh-firefox-reset-add-ons-and-settings

Note: Doing this should delete all of your extensions. However, from what I saw in your FRST log, this will be a good thing. Keep in mind that you should only install extensions that you really need. A lot of extensions aren't safe, and neither Google nor Mozilla have the manpower to properly check all of them. Your basic adblock/content blocker extensions are OK (uBlock Origin, Adguard, Adblock Plus, and Adblock), however keep in mind that you only want one of them.

I deleted most extensions  and now only have adblock and grammarly.

Link to post
Share on other sites
GT500

GT500 873

Posted
Posted
20 hours ago, MadHawk said:

I tried using latest STOP decryptor yesterday and it gave same results. Decrypted a few files but few were left as is. 

Did it leave a log? It's possible that there's more than one ID in it.

Link to post
Share on other sites
GT500

GT500 873

Posted
Posted
On 7/6/2019 at 3:15 AM, MadHawk said:

Yes. Here you go!STOPDecrypter-log.txt

OK, this is your ID:
JVA5cC4uyeRWfgWlNCYNWypgIU9MQA2IvURCi81p

This is not an offline ID, and thus STOPDecrypter will not be able to decrypt your files unless a decryption key is manually entered. Right now we're helping the creator of STOPDecrypter archive the ID's and MAC addresses supplied by victims in case he can figure out decryption keys for them, so I'm going to go ahead and send your information to him.

The best thing you can do right now is wait. Give us time, and we'll do what we can to help you recover your files.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Followers 2
Go to topic listing

  • Recently Browsing   0 members

    No registered users viewing this page.

Products & Services

Ransomware/Malware Removal

Partners

Resources

Company

© 2003-2021 Emsisoft - 03/08/2021 - Legal Notice - Terms - Bug Bounty - System Status - Privacy Policy

×
×
  • Create New...