Amadeus Nevohteeb

Files encrypted with extension .cheetah

Recommended Posts

My computer is infected with a ransomware that change my files extension with .cheeta and leave me a rescue message How to recover your files.txt and How to recover your files.url, I tryed decrypt my files whit Emsisoft Decrypter for BigBobRoss, but not worked.

Leave the rescue message and 3 examples with original files and encrypted files in a compress file.

I hope you will can help me.

Ransomware.cheetah.zip

Share this post


Link to post
Share on other sites

Hello. When did the encryption happen?

BigBobRoss Ransomware known to me since January 2019. He used the .obfuscated extension.

Then Emsisoft released in March (then has updated) a Decrypter for BigBobRoss with extensions:
.obfuscated
.encryptedALL
.cheetah (April first version only)

Since May and newer variants with expand .cheetah not yet decrypted.

Share this post


Link to post
Share on other sites
18 minutes ago, Amigo-A said:

Hello. When did the encryption happen?

BigBobRoss Ransomware known to me since January 2019. He used the .obfuscated extension.

Then Emsisoft released in March (then has updated) a Decrypter for BigBobRoss with extensions:
.obfuscated
.encryptedALL
.cheetah (April first version only)

Since May and newer variants with expand .cheetah not yet decrypted.

 

 

 Thanks for response me, exists some other tool or other way to decrypt my files.

 

 

Share this post


Link to post
Share on other sites
12 minutes ago, Amadeus Nevohteeb said:

exists some other tool or other way to decrypt my files.

There is a avast decryption tool, but it also works for the first versions.

They were produced in parallel with the Emsisoft tool. 

Emsisoft employee will tell you about the research and work working on a decrypter progress, probably tomorrow.

 

Share this post


Link to post
Share on other sites
30 minutes ago, Amigo-A said:

There is a avast decryption tool, but it also works for the first versions.

They were produced in parallel with the Emsisoft tool. 

Emsisoft employee will tell you about the research and work working on a decrypter progress, probably tomorrow.

 

 

Ok, thanks a lot.

 

Share this post


Link to post
Share on other sites

If you can find a file "bginfo.png" on the system in the same folder as the executable, there might be a chance. Otherwise, so far it does not look like it can be decrypted without that file at the current time.

Share this post


Link to post
Share on other sites
1 hour ago, Demonslay335 said:

If you can find a file "bginfo.png" on the system in the same folder as the executable, there might be a chance. Otherwise, so far it does not look like it can be decrypted without that file at the current time.

 

Thanks, I will find this file, I hadn't luck.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.