Franco AA

INFETTATO DA KRASTOKEN- ROGER virus

Recommended Posts

This may be Dharma. I recommend uploading a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with:
https://id-ransomware.malwarehunterteam.com/

You can paste a link to the results into a reply if you would like for me to review them.

Share this post


Link to post
Share on other sites

Traduzione fornita da Google:
Questo potrebbe essere il Dharma. Ti consiglio di caricare una copia della nota di riscatto insieme a un file crittografato su ID Ransomware in modo da poter verificare con quale ransomware hai a che fare:
https://id-ransomware.malwarehunterteam.com/

È possibile incollare un collegamento ai risultati in una risposta se si desidera che li riveda.

Share this post


Link to post
Share on other sites

Hello @Franco AA

Attach a ransom note to message, if it is a text file.

If this is a different type of file (with the extension html or hta), then it must first be archived.

/// There is another ransomware that copies elements from Dharma, but he is different.

Share this post


Link to post
Share on other sites

The e-mail address is used by a ransomware known as "GoGoogle", and while I can't be certain of the identification without a ransom note (or without asking an analyst) you can try the decrypter and see if it works:
https://labs.bitdefender.com/2020/05/gogoogle-decryption-tool/

Traduzione fornita da Google:
L'indirizzo e-mail è utilizzato da un ransomware noto come "GoGoogle" e, sebbene non sia possibile essere certi dell'identificazione senza una nota di riscatto (o senza chiedere un analista), puoi provare il decifratore e vedere se funziona:
https://labs.bitdefender.com/2020/05/gogoogle-decryption-tool/

Share this post


Link to post
Share on other sites
46 minutes ago, GT500 said:

The e-mail address is used by a ransomware known as "GoGoogle",

GoGoogle Ransomware has a different encrypted file format.

The .ROGER extension in this form and format has so far been used only in Dharma. But there is nothing permanent, even the stones move. 😊

Share this post


Link to post
Share on other sites

The address [email protected] was seen in Dharma and NuBe Ransomware.
The holder of this address wanders into different projects. But we do not care about his "personal" life. It is important to know exactly with which encryptor the files were encrypted so that the victim knows what to expect from the future.

/// They are similar and differ in some details. There are several more 'subject' that we have not yet attributed to any of the known. There are few cases, little distribution, so there is no special research other than a cursory glance.

Share this post


Link to post
Share on other sites
On 5/13/2020 at 4:11 AM, Amigo-A said:

It is important to know exactly with which encryptor the files were encrypted so that the victim knows what to expect from the future.

I've asked to verify which ransomware was used.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.