ZeeShan

.DOMN Ransomware

Recommended Posts

Actually, I was attacked my a ransomware which is very new. It change extensions of file to .domn . I was able to remove the virus manually but can't decrypt my files. Can anyone  help me out with decrypter. I would purchase the service if the existing service can fix it and if my help is required I would love to help in finding the solution.

 

Here is the note left by them:
 
 
** Don’t worry my friend, you can return all your files! All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files. What guarantees you have? You can send one of your encrypted file from your PC and we decrypt it for free. But we can decrypt only 1 file for free. File must not contain valuable information. Price of private key and decrypt software is $980. Discount 50% available if you contact us first 72 hours, that’s price for you is $490. Please note that you’ll never restore your data without payment. Check your e-mail “Spam” or “Junk” folder if you don’t get answer more than 6 hours. To get this software you need write on our e-mail: [email protected] Reserve e-mail address to contact us: [email protected] Telegram **

Share this post


Link to post
Share on other sites

That is more than likely a variant of the STOP/Djvu ransomware. You may verify that using ID Ransomware if you'd like to:
https://id-ransomware.malwarehunterteam.com/

 

Important: STOP/Djvu now installs the Azorult trojan as well, which allows it to steal passwords. It is imperative that you change all passwords (for your computer and for online services you use) once your computer is clean.

 

While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums):
https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/

Note: If anything that appears suspicious is found in your logs, then your post will be moved into a new topic to facilitate better communication between you and whoever is assisting you. We'll also try to make sure that you are following the new topic so that you receive e-mail notifications when someone replies to it.

Share this post


Link to post
Share on other sites

Extension .domn - this is new variant of STOP Ransomware. Until recently, it was possible to collect some information and add it to STOP-Decrypter. Now this does not help. We expect changes in the decryption method. But so far there is no such news and the victims remain with encrypted files.

Update: DrWeb can try to decrypt files that have been encrypted with offline keys.

Share this post


Link to post
Share on other sites

Hey everybody ....

Hope every one is doing well...

I got hit with this annoying Ransomware/Domn Virus that encrypted about 5TB of my personal information....

Searched all over the internet in hopes to find a solution and ended up here....

Hope to hear from you guys with good news regarding the Decryption Tool...


Description: Qualcomm Atheros QCA9377 Wireless Network Adapter
Physical Address: ‎82-C5-E4-67-FC-AB

Personal ID:
0164fshYSf73ygdqLYgtlynVHEM3sgkspEUEIAKN1QO7M9cCGxD4Bt1

Screenshot_1.png
Download Image

_readme.txt

Share this post


Link to post
Share on other sites
11 hours ago, KUW77 said:

Hope to hear from you guys with good news regarding the Decryption Tool...

This is a newer variant of STOP/Djvu that has some differences which make decryption impossible for the time being. That may change in the future, however for now there's nothing we can do about these newer variants. You can find more information at the following link:
https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-stop-puma-djvu-promo-drume-help-support-topic/

There is a slight possibility that Dr.Web may be able to decrypt some files, however I don't know exactly which versions of STOP/Djvu are supported and what the odds are of success. There's more information in the following post by @Amigo-A:

 

Share this post


Link to post
Share on other sites

DrWeb can decrypt when a offline key was used in new versions (should be 't1' at the end of ID).  

This is in the ID of @KUW77

Quote

Your personal ID:
0164fshYSf73ygdqLYgtlynVHEM3sgkspEUEIAKN1QO7M9cCGxD4Bt1

 

  • Upvote 1

Share this post


Link to post
Share on other sites
On 9/24/2019 at 10:02 AM, Amigo-A said:

DrWeb can decrypt when a offline key was used in new versions (should be 't1' at the end of ID).  

This is in the ID of @KUW77

 

Thank you for taking the time to respond to my request....could you be kind enough to provide me with 2 thing.

1. Dr.web version ( Full software name if possible ).

2. instructions on how to decrypt my files using Dr.web program.

I highly appropriate your time and effort in lending a hand....and to be honest I lost 5TB of personal, work, school and family videos and pictures that I desperately need to retrieve.

 

Share this post


Link to post
Share on other sites
10 hours ago, KUW77 said:

Thank you for taking the time to respond to my request....could you be kind enough to provide me with 2 thing.

1. Dr.web version ( Full software name if possible ).

2. instructions on how to decrypt my files using Dr.web program.

I highly appropriate your time and effort in lending a hand....and to be honest I lost 5TB of personal, work, school and family videos and pictures that I desperately need to retrieve.

I would believe that you'll need to contact Dr.Web for this. Note that they do charge for this service, however I would believe that they will take a look at your files and let you know whether or not they can help you recover them before charging you anything.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.