Shon Hauck

Software does not detect my ransomware

Recommended Posts

The Ransomware ID site says I have BigBobRoss when I upload an encrypted file. However, if I upload the readme (or in my case, How to recover your files.txt) it does not recognize the ransomware.


The Key that it comes up with using the Encrypted file is not correct (Assuming) as the decrypt is not working.

I am looking for help to un-encrypt my files if possible and do appreciate your time in helping look at my data.

I have attached the txt file (How to Recover your files.txt) as well as a small encrypted file that is a simple txt file (when it is not encrypted)

 

Also added 2 files, one that is encrypted and one that is not. It just happens that I know the version of the original file in hopes it could compare the files to help, but alas it did not provide any traction on decrypting my system.

 

Again, Thanks a Million for your time and advice on this issue.

How to recover your files.txt [id=58B1FA36]hacker Incoming IP's Block list.txt.cheetah

Share this post


Link to post
Share on other sites

Hello @Shon Hauck

It is likely that you did everything right. Here is another problem. 
This BigBobRoss Ransomware is active from January 2019. Early versions of it were studied and deciphered long ago. Among them are the first variants with the expansion of 'cheetah'. 

But then the developers of the BigBobRoss Ransomware changed the encryption, so for the variants of this ransomware with the extension of 'cheetah', which were distributed from May 2019, the Emsisoft Decrypter does not work.

The company's specialists and external experts continue to research the new variants this ransomware and are trying to find a new solution for the decrypt files.

We can not say in advance when this problem be solved. Decrypters are free for everyone victims. The Emsisoft company and external experts do not charge for it payment and do not ask for any contributions to future developments.

Share this post


Link to post
Share on other sites

Is there a specific Channel or Discussion that I can follow to get updates on current efforts to resolve BigBobRoss Ransomware, by chance?

Again, thanks you for your time and quick response.

Share this post


Link to post
Share on other sites

BleepingComputer will usually report when we've released a new decrypter, however they don't always report updates to decrypters.

We also announce them on our own blog.

Both have RSS feeds if you'd like to get notifications when there are new articles:
https://www.bleepingcomputer.com/feed/
https://blog.emsisoft.com/feed/

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.