Tripp1000

Encryted files with .MORGANOS

Recommended Posts

Recently had an attack from a cryptovirus, DJVU family with file extension .MORGANOS

Removed the ransomware and malware but now my files stay encrypted.

any suggestions on how to decrypt the files.

Share this post


Link to post
Share on other sites

Hello

correctly it .mogranos extension

First of all

This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017. 
Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. 

You need to attach a ransom note _readme.txt  to the message, or farther act by himself.

@Demonslay335  (the developer of the STOPDecrypter) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. A positive result and a lucky chance are not always possible. 

You can try to decrypt files with STOPDecrypter.

Download STOP Decrypter now >>>

I recommend to you start decrypt with a small group of files, but first you need to make copies of these files.

If STOPDecrypter won't be able to recover your files, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter and paste to a new message:
https://kb.gt500.org/stopdecrypter 

Share this post


Link to post
Share on other sites

Secondly, also important

While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums):
https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/

Then, after checking and cleaning, you will need to change the passwords on the accounts in browsers. Ransomware do not come by just one, they come with backdoors, trojans and password-stealers to inflict maximum damage and take more money.

Share this post


Link to post
Share on other sites

@Tripp1000

Demonslay335 (developer of STOP-Decrypter) does not accept reports in this form. Imagine how much time he needs to process screenshots per day - 100 or more. So he will not have time to make the STOP-Decrypter relevant for every day.
Attach the report from the program window as text in the message.
That will be right.

Share this post


Link to post
Share on other sites

@Tripp1000 would it be possible for you to attach the STOPDecrypter log to a reply for us to review? We want to make sure the information gets archived accurately, and there's no way to guarantee that if we try to copy it by hand from a picture.

Share this post


Link to post
Share on other sites

Dear @rizwanigf2011

It seems to me that I have already told you. I will say it again. As a result of the attack, you had double encryption with two different encryption variants of STOP Ransomware (this is lapoi and todar). They worked one after another. The last was variant todar, it encrypted files with an online key. After it, it is impossible to decrypt files using a STOPDecrypter by Demonslay335. 
The STOPDecrypter can decrypt files that have been encrypted off-line with a off-line key if it was added to the STOPDecrypter.
We do not know other ways. 

Share this post


Link to post
Share on other sites
4 hours ago, rizwanigf2011 said:

dear sir 

i change my pc with infacted pc please help me 

any solution for my problem ??????

We've had this conversation before. There's no need to keep posting your information. We already have it.

If there's a way your files can be decrypted, then you will be contacted privately to let you know how.

  • Like 1

Share this post


Link to post
Share on other sites

@GT500 @Amigo-A @Demonslay335

Thank you so much for helping and guiding me so far.

Let me explain what happened and where it started. I will attach all relevant information.

Needing to find updated drivers for my graphics card i found a website offering free driver updates even rated as safe.( I have attached a screen shot so everyone can avoid it at all cost) screenshot 2.

Secondly i attached a screenshot of the file i downloaded (screenshot 1).

After installing the driverpack the first time it seemed fine till Avast started blocking the malware/ransomware. Driver seemed to be working fine. No infections after further scans.

I then picked up a problem with starting Windows 10 and a clicking sound. Bootmgr was missing. Under the assumption my hard drive had the click of death, I reinstalled Windows 10 on another hard drive as my new OS. Not thinking to first do the protection I reinstalled the driverpack first whereby i got multiple infections. Any attempt to run a anti-virus or anti-malware was futile. The .MORGRANOS exstensions started to infect my other hard drives. I removed the OS drive and it seems my original OS drive was still working. I ran Malwarebytes (7292 infections). 

I will also attach the requested STOPDecrypter log.STOPDecrypter-log.txt

Screenshot_2.png
Download Image

Screenshot_1.png
Download Image

Share this post


Link to post
Share on other sites
7 hours ago, Tripp1000 said:

I will also attach the requested STOPDecrypter log.STOPDecrypter-log.txt

I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future.

All you have to do now is give us some time, and we'll do what we can for you.

 

7 hours ago, Tripp1000 said:

Needing to find updated drivers for my graphics card i found a website offering free driver updates even rated as safe.( I have attached a screen shot so everyone can avoid it at all cost) screenshot 2.

My recommendation is to always download drivers either directly from the manufacturer's website, or from the website of the company that made the chipset (in the case of a video card that would usually be NVIDIA, AMD, or Intel).

Note that for laptops, some mobile video chipsets do not have drivers available on the chipset manufacturer's website, requiring you instead to obtain them from the computer manufacturer. This tends to vary depending on which company made the video chipset, and the age of the chipset. For instance, drivers for more recent NVIDIA GeForce graphics cards for laptops/notebooks appear on their list of graphics cards in their driver search.

Share this post


Link to post
Share on other sites

I did try AMD direct , I have an older graphics card  AMD 4800 HD and no drivers for Windows 10 are available unfortunately.

Thank you for the recommendations though.

I commend you guys for trying to help us in resolving this onslaught by unscrupulous people on the net.

I will patiently wait for a positive outcome to my current issue.

Thank you guys once again

Share this post


Link to post
Share on other sites
18 hours ago, Tripp1000 said:

I did try AMD direct , I have an older graphics card  AMD 4800 HD and no drivers for Windows 10 are available unfortunately.

You mean this card? That was first released more than a decade ago (shortly after AMD bought out ATI), and I doubt AMD would be maintaining drivers for it after so many years. If you need a Windows 10 compatible video card, then I recommend an NVIDIA GTX 1030 as there are some that are relatively inexpensive right now. I'm sure AMD also has a low end video card in the same price range if you would prefer that, however I'm not familiar with their model numbers.

Share this post


Link to post
Share on other sites
15 hours ago, Tripp1000 said:

Still running a core2duo 2.93ghz with MSI G41M motherboard. Socket 775

Need to upgrade, working on it

Even after many years, this is a good PC configuration. If you told that it still works, then this is very very good quality. 

Many current configurations and generally processors made for Win10, motherboards, video cards are outright ****.

Edited by GT500
Slightly censored.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.