Recommended Posts

sorry to disturb, but I need help to decry-pt my archives. 

"Do you really want to restore your files?
Write to email [email protected]  or [email protected]"

.ADAME is the ransomware ..
 i need help, guys. I have very important photographs and i cannot lose them. 

it is a SCARAB TYPE. 

ALL YOUR FILES ARE ENCRYPTED.txt l28Ovwatc4cIeo7GOXmxj+uK7BxE=FvdR7HY6ekHWJMEx0nTmkN9oan3jb9fw51zgjLIFT9hEosw4GJoddQCbqv2qFX82=Hp7mRXjT=GsbBnlfYsfzLaWXMlyeuGyns3uJxXPWd3VZVLuE=s.Adame

Share this post


Link to post
Share on other sites

Yes. This is new variant of Scarab Ransomware

There are many variants and iterations, most of which have a common encrypter, but differ in the composition of the ransomware group. 

I have compiled a free decryption request for you. Most likely, decryption is hardly possible without a sample of a malicious file.
https://support.drweb.com/process/?ticket=NPPH-TU22 

Even if there is a sample, it is very difficult to calculate the decryption key now.

  • Like 1

Share this post


Link to post
Share on other sites
8 hours ago, Amigo-A said:

Yes. This is new variant of Scarab Ransomware

There are many variants and iterations, most of which have a common encrypter, but differ in the composition of the ransomware group. 

I have compiled a free decryption request for you. Most likely, decryption is hardly possible without a sample of a malicious file.
https://support.drweb.com/process/?ticket=NPPH-TU22 

Even if there is a sample, it is very difficult to calculate the decryption key now.

thank you so much.

okay, man. I understand that in the moment, this .adame doesn't have a decryption yet. I have to wait. 

Share this post


Link to post
Share on other sites
10 hours ago, Amigo-A said:

Yes. This is new variant of Scarab Ransomware

There are many variants and iterations, most of which have a common encrypter, but differ in the composition of the ransomware group. 

I have compiled a free decryption request for you. Most likely, decryption is hardly possible without a sample of a malicious file.
https://support.drweb.com/process/?ticket=NPPH-TU22 

Even if there is a sample, it is very difficult to calculate the decryption key now.

if you want, i cant send you screens of how i got this. do you want? I can show you the "Crack" I was trying to use to register the office i had downloaded by torrent.  

Share this post


Link to post
Share on other sites

@romario roges

Quote

Please, make the registry export HKEY_USERS\ for analyse your problem. 
Run regedit.exe then find HKEY_USERS\ right click "export". 
Attach export file to this ticket. 

This request of specialists from DrWeb.

It may be useful to decryption specialists.

Put the "crack" file in the archive with the password "infected" and upload it to www.sendspace.com.

Later give me a link for download the "crack" file and the exported from registry file to the PM.

Share this post


Link to post
Share on other sites
On 8/23/2019 at 3:05 PM, Amigo-A said:

PM

what is  this? kkk

 

On 8/23/2019 at 3:05 PM, Amigo-A said:

@romario roges

This request of specialists from DrWeb.

It may be useful to decryption specialists.

Put the "crack" file in the archive with the password "infected" and upload it to www.sendspace.com.

Later give me a link for download the "crack" file and the exported from registry file to the PM.

https://www.sendspace.com/file/9fjoyn  PROFESSOR, I THINK i've got the ransom from this keygen. 

I was trying to crack the office so, i only clicked in the office option and tried to crack it. 

i cant upload my regedit. it gives me an error. "-200"

Share this post


Link to post
Share on other sites
2 hours ago, romario roges said:

i cant upload my regedit. it gives me an error. "-200"

The file must be archived and as the zip-file attached to message or upload to www.sendspace.com.

---

PM - this is Personal Message

 

Share this post


Link to post
Share on other sites
2 hours ago, romario roges said:

I THINK i've got the ransom from this keygen. 

I downloaded this archive. You can remove it from the site 'sendspace' , if you saved a link to manage the file, or it will be deleted automatically after a while.

Share this post


Link to post
Share on other sites
2 hours ago, romario roges said:

i've got the ransom from this keygen. 

Most free security and free anti-viruses software will not protect against crypto-ransomware and hacker attacks. Using these programs only gives you a false sense of security against such infection and attacks in addition to wasting a lot of computer resources.

If you do not have money to purchase comprehensive protection, I recommend to use 30-60-90 daily trial versions of paid products. In my opinion, changing protection every month and taking advantage of full security program functionality for 30-60-90 days is a good practice. There are legitimate sites that from time to time provide special offers and a legitimate license to use various products including anti-virus software. It is your right and choice to choose and use 30 days or more of comprehensive protection when such promotions are available. If you wish, I can advise you the names of such sites and provide links where to go in order to take advantage of these promotional offers.

https://www.giveawayoftheday.com/ - daily software offer
https://sharewareonsale.com/ - daily discounts, excluding 100%

Free Office

https://www.freeoffice.com/  - modern office suite fully compatible with MS Office
https://www.freeoffice.com/ru/softmaker-office-hd-android - version for Android

FreeOffice 2018 is a full-featured Office suite with word processing, spreadsheet and presentation software. It is seamlessly compatible with Microsoft Office and available for Windows, Mac and Linux.

eng.jpg.ab30825368990942facca66a4f7dfcf7.jpg 007.png.5a789fbc908e91a691186fbe62939b7d.png
Download Image
Download Image

Becoming a licensed user in a legal way is now easy and simple! No need to download cracked and repackaged programs, no need to use  illegal activation programs.

  • Like 1

Share this post


Link to post
Share on other sites
12 hours ago, Amigo-A said:

Most free security and free anti-viruses software will not protect against crypto-ransomware and hacker attacks. Using these programs only gives you a false sense of security against such infection and attacks in addition to wasting a lot of computer resources.

If you do not have money to purchase comprehensive protection, I recommend to use 30-60-90 daily trial versions of paid products. In my opinion, changing protection every month and taking advantage of full security program functionality for 30-60-90 days is a good practice. There are legitimate sites that from time to time provide special offers and a legitimate license to use various products including anti-virus software. It is your right and choice to choose and use 30 days or more of comprehensive protection when such promotions are available. If you wish, I can advise you the names of such sites and provide links where to go in order to take advantage of these promotional offers.

https://www.giveawayoftheday.com/ - daily software offer
https://sharewareonsale.com/ - daily discounts, excluding 100%

Free Office

https://www.freeoffice.com/  - modern office suite fully compatible with MS Office
https://www.freeoffice.com/ru/softmaker-office-hd-android - version for Android

FreeOffice 2018 is a full-featured Office suite with word processing, spreadsheet and presentation software. It is seamlessly compatible with Microsoft Office and available for Windows, Mac and Linux.

eng.jpg.ab30825368990942facca66a4f7dfcf7.jpg
Download Image 007.png.5a789fbc908e91a691186fbe62939b7d.png
Download Image
Download Image
Download Image

Becoming a licensed user in a legal way is now easy and simple! No need to download cracked and repackaged programs, no need to use  illegal activation programs.

thank you so much for the recommendations. https://www.sendspace.com/file/smsvl2 my HKEY_USERS

Share this post


Link to post
Share on other sites

Hello @romario roges

The files were analyzed and an answer came about the impossibility of decrypting the files at this point in time.
Link to this information
https://support.drweb.com/process/?ticket=ZTD7-7Y9D 

Quote

 

Hello. 

A case of Trojan.Encoder.18000v2 Decryption is not feasible. 

We are unable to decrypt files enciphered by this malware. 

 

I knew this result, but I was hoping that something had changed since the moment when a new version of this ransomware appeared 1 year ago. Paradox: If encryption was be interrupted by an abnormal shutdown of the PC (reset), then there would be more chances.

Share this post


Link to post
Share on other sites
21 hours ago, Amigo-A said:

Hello @romario roges

The files were analyzed and an answer came about the impossibility of decrypting the files at this point in time.
Link to this information
https://support.drweb.com/process/?ticket=ZTD7-7Y9D 

I knew this result, but I was hoping that something had changed since the moment when a new version of this ransomware appeared 1 year ago. Paradox: If encryption was be interrupted by an abnormal shutdown of the PC (reset), then there would be more chances.

thank you, man. thank you for the attention and everything. 

Share this post


Link to post
Share on other sites
Quote

.id[961C02D8-2275].[[email protected]].Adame

This is format of extension which is used Phobos Ransomware

At the beginning of the topic was Scarab Ransomware, which from that day began to use the extension .Adame.

To our regret, there are no free decryption methods for Phobos, and only ransomware has a paid decryptor.

Share this post


Link to post
Share on other sites
22 hours ago, cosmos74 said:

hello, how much cost the ransomware decryptor tool ? 

I recommend contacting a company like Coveware which has experience negotiating with such criminals. They may be able to help negotiate a lower price for you if you decide you do need to pay, and it's also safer to have a third-party contact criminals like this for you rather than doing so yourself.

Share this post


Link to post
Share on other sites

Hello everyone !

I  was infected by Adame yesterday ([email protected])

when i saw that some extension 's files was changing i turned off my computer then i turned it on again and gone to the task manager and found 2 stranges processes (i forgot the name) i turn them off and i saw that there was one of my hdd was not infected. I never saw a wallpaper with a message who advert about the ransom. So i concluded that the infection process was interrupted. i tried restoration point from window but it doesn t work so i format system hdd and install a "new" window 10. (maybe i should let the system hdd as it was ... ? )

Amigo-A said (in this discussion) Paradox: If encryption was be interrupted by an abnormal shutdown of the PC (reset), then there would be more chances

What are those chances ?

I have some files in two version : one, not infected from an external backup and the same infected. Is it better to increase decryption process ? Is there some tool i could use ?

Thanks for all of your advices !

Share this post


Link to post
Share on other sites

This is format of extension which is used Phobos Ransomware

At the beginning of the topic was Scarab Ransomware, which from that day began to use the extension .Adame.

To our regret, there are no free decryption methods for Phobos, and only ransomware has a paid decryptor.

  • Like 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.