mminee

Infected by GarrantyDecrypt - Help

Recommended Posts

Hi.

I´ve got a computer infected with what seems to be GarrantyDecrypt (ID Ransomware identifies it), but the extention does not match.

It also encrypted the backup disk (D:) so recovery seems hard.

Is there anything that can be done with ether the backup disk or the main system, as i need a SQL DB stored on the system (other than that there is no important files).

 

ID-Ransomware identifies as GarrantyDecrypt.

https://id-ransomware.malwarehunterteam.com/identify.php?case=07ddc277f930c4ec2ec3d08f907471bde102c65b

Ransom Note: #Decryption#.txt 

Extention: .heronpiston

Ransomnote:

Quote

All your files have been ENCRYPTED!!!
Write to our email - [email protected]
Or contact us via jabber - [email protected]
The easiest way:
- register here https://www.xmpp.jp/signup 
- after go here https://www.xmpp.jp/client/
- log in and write us to [email protected] 
Or you can download and set up jabber client Pidgin from https://pidgin.im/download/widows/ login and contact us

Attention! 
- Do not rename encrypted files. 
- Do not try to decrypt your data using third party software, it may cause permanent data loss.  
- Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.  
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you decryption tool that will decrypt all your files. 
Free decryption as guarantee 
User 
password 
Before paying you can send us up to 3 files for free decryption. The total size of files must be less than 3Mb (non archived), and files should not contain valuable information (databases, backups, large excel sheets, etc.).
 
How to obtain Bitcoins 
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price. 
https://localbitcoins.com/buy_bitcoins 
Also you can find other places to buy Bitcoins and beginners guide here:  
http://www.coindesk.com/information/how-can-i-buy-bitcoins/ 
Or you can use popular exchange service https://www.bestchange.com/ 
tell your unique ID
VCnwcPRrS5xfEHCf5+HMHkjS2QLV0kXKSa0L7wwQAw70c9nFEad0vxMxk0FoDiC1DjZqwtX/Kvcxu7wThaATDgOwGtiGgqaf2MQy24R9VCDBwXxHNse5Bf61iAPlOVJG+5KVj5kayf+rqS6w9wp54mHdA5S9+hY9XSZYVpEogIcY6MOdMdxGpAC0c816/DebjCbnMeFkY+aRWoz1jRFLmuUr/H9j8IUDo1tdazpkjH1RtcUZQ8SJKeBhEJI88F32saP5j2EwyqaFymAe0D9JEtZ5ChgcdB5RkE0IL0dDaCD+tFFWe2yl2slRuBwTmYgQa/7K2ohUicEcuj+7NIy6edU+Qj9zqlx0pxL+ZBK7RbkI+Wy6L5dxCtQl3qQgMPECk1QjZKw55o27IUmZrm9Fk+4MBE39JXe+JJ4CUvNrwYYNlhWNR0s9TWdGS548az8LgqcMOgARycq4FnHJyXr0Ik5fH/vDIcbkTbry+ZPRVXlzsGG2BJ+/VPZNICgLk53Vf/t0Cqtx0za+Nnaw4F3W0IGpAzRX1xu0L4yfWTYRrBQdSCCiYLnnD6j8csZXFB+6UISP8JUOIynjm5Q9qa7TdWFz5VDhlmD990+bB7/HYVP+9q9fnP4jdt9F5c5Ba5/H1Zch1ShLI4rEHA7yCKFvg0Wr7Q4599AVZ5rrpCOTw6I=

 

scan_191210-185333.txt Addition.txt FRST.txt #Decryption#.txt

Share this post


Link to post
Share on other sites

@mminee Yes, this is GarrantyDecrypt.  Unfortunately, GarrantyDecrypt cannot be decrypted without paying the ransom.

Also, I see you posted a support request on Bleeping Computer.  You should not post asking for assistance on more than one forum.  Even though we have a close working relationship with Bleeping Computer we do not actively monitor their forums, nor do they monitor ours.  By posting on multiple forums, the techs that see your posts may not be aware that you are receiving assistance on another support forum.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.