jackuni

.notfound All my data is encrypted please help

Recommended Posts

I'm not quite certain which ransomware it is, however I've passed your files to our malware analysts so that they can take a look at it.

Share this post


Link to post
Share on other sites

This appears to be something called "DMR", "The DMR", or "DMR Encrypter". It looks like it was discovered on December 12th. There doesn't appear to be much known about it yet.

 

Share this post


Link to post
Share on other sites
11 hours ago, Alfonso said:

Have you found some decrypted method?

I've asked our malware analysts if we know anything more about it now.

Share this post


Link to post
Share on other sites

TheDRM Ransomware
Aliases: DMR64, Clown, NotFound, Clown+

There are already several variants that have been studied and described, in fact, there may be more. There are no free decryptors yet.

Let's wait  what GT500 says be.

 

Share this post


Link to post
Share on other sites

Unfortunately we haven't had a chance to find out anything new about this ransomware yet.

Share this post


Link to post
Share on other sites
1 minute ago, Amigo-A said:

Samples from my article:

I'll pass them on to our malware analysts, however they may already have them. The issue wasn't lack of samples, but rather lack of time (there's just too much ransomware).

Share this post


Link to post
Share on other sites

Unfortunately we're not aware of any decrypters at the moment. Hopefully once our ransomware experts have a chance to analyze the encryption method used by the ransomware they can find a flaw that allows for decryption.

Share this post


Link to post
Share on other sites

Hello!. I found a virus in quarantine of Windows Defender. he is quite alive! At the moment I have:
1. The virus itself, in the archive with a password.
2. Files that he changed at the time of infection (from different directories with a similar creation time).
3. Two obscure executable files that are not recognized by the antivirus as dangerous but have meaningless names, small size and exe extension;
4. the directory on the desktop that the virus itself created, it contains several files for its operation, it also encrypted all the files.

Can any of this help you?

Share this post


Link to post
Share on other sites

Leave this link also here.

The encrypted files have a modification date of April 9th. So this date we can consider the date of attack of this variant of TheDRM Ransomware.

 

Share this post


Link to post
Share on other sites
22 hours ago, misha1024 said:

I answered you in a personal message. There is a link to the archive with the files that I found on my computer.

I've forwarded the download link to our malware analysts.

Share this post


Link to post
Share on other sites

I have this problem to. All of my files on server are crypted.

 

"CLOWN RANSOMWARE"   Your unique ID:"XXXXXXXX"
=================================================================================================================
All personal files on your computer are encrypted!
=================================================================================================================
TEST OUR TOOL FIRST:
Before you make a payment you should test our tool first for decrypting your data.
Before paying to send us up to 1 file for free decryption.
The total size of the file must be less than 1Mb (the file should not be important to you).
=================================================================================================================
Don't worry, you can restore all your files.
Without the original key recovery is impossible.
If you want to decrypt your files, you have to pay in Bitcoin.
The price depends on how fast you write to us.
If you want to restore files, write us to the e-mail: "[email protected]"
It is in your interest to respond as soon as possible to ensure the restoration of your files,
Because we won't keep your decryption keys at our server more than one Week because of our security.
=================================================================================================================
Only in case you do not receive a response from the first email address
Withit 24 hours, please use this alternative email adress: "[email protected]"
=================================================================================================================
You can buy bitcoin from here:
https://localbitcoins.net/buy_bitcoins
https://libertyx.com/
https://www.coinmama.com/buy
-You can find other places to buy Bitcoins and beginners guide here:                       
https://www.coindesk.com/information/how-can-i-buy-bitcoins
=================================================================================================================
CAUTION!
1-Using other tools could corrupt your files, in case of using third party software 
We don't give guarantees that full recovery is possible. 
2-Please do not change the name of files or file extension if your files are important to you!

Share this post


Link to post
Share on other sites
20 hours ago, Psevdokounian said:

I have this problem to. All of my files on server are crypted.

I don't think our malware analysts have had a chance to take a good look at this ransomware yet, however I will check for confirmation.

Share this post


Link to post
Share on other sites

Ok. Thank you. I can upload crypted file and decrypted. They want big amount of money. I don't have so much. Please help me. I recieved this massage from they: It's really funny, the files are not decrypted at all. My ransomware is not reverse engineering, even over Much time, the amount offered is very small, I can return your files for $ 3,000 bitcoin.

It will be great if you can help me.

[[email protected]][id=0EA37036]автобазага хат.docx.notfound автобазага хат (Расшифрованный файл).docx

Share this post


Link to post
Share on other sites

I've been told that we've yet to complete a full analysis on this ransomware. One of our analysts didn't think it wasn't decryptable, but until we can complete a full analysis we can't be 100% certain.

Share this post


Link to post
Share on other sites
On 5/7/2020 at 11:01 AM, GT500 said:

I've been told that we've yet to complete a full analysis on this ransomware. One of our analysts didn't think it wasn't decryptable, but until we can complete a full analysis we can't be 100% certain.

Any news?

Share this post


Link to post
Share on other sites
16 hours ago, Psevdokounian said:

Any news?

I haven't heard anything new yet, but will check with our malware analysts to be sure.

Share this post


Link to post
Share on other sites
21 hours ago, Michalpl said:

Hello any news ? :)

If you want news then I recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters:
https://www.bleepingcomputer.com/

If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news:
https://www.bleepingcomputer.com/feed/

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.