Yuvaraj BM 0 Posted May 13, 2020 Report Share Posted May 13, 2020 All guys, All my PC files are encrypted by SantaGman a new ransomware and they are asking money to decrypt them. Could you please help me in solving this. They left a below notes in machine. ************************************************************************* s**t HАPPENS! WE HАVE TО INFОRM YОU THАT АLL YОUR FILES WERE ENCRYPTED! PLEАSE BE SURE, YОUR FILES АRE NОT BRОKEN! Yоur filеs wеrе еnсrуptеd with strоng сrуptо аlgоrithms. * Plеаsе nоtе thаt thеrе is nо wау tо dесrуpt уоur filеs withоut uniquе dесrуptiоn kеу аnd spесiаl sоftwаrе. Yоur uniquе dесrуptiоn kеу is sесurеlу stоrеd оn оur sеrvеr. * Tо dесrуpt уоur dаtа уоu nееd оur spесifiс аutоmаtiс dесrуptiоn tооl аnd уоur uniquе dесrуptiоn kеу. * Аll уоur filеs wеrе rеnаmеd but аftеr dесrуptiоn prосеss filеnаmеs will bе rесоvеrеd tо оriginаl stаtе. Dаtа struсturе will nоt сhаngе. * Plеаsе bе surе thаt аll thе аttеmpts tо rесоvеr уоur filеs bу уоursеlf оr using third pаrtу tооls саn rеsult in irrеvосаblе lоss оf уоur dаtа! WHАT DО YОU NEED TО DО? First оf аll уоu hаvе tо writе us bу е-mаil: OОur first е-mаil: [email protected] Оur sесоnd е-mаil: [email protected] Оur third е-mаil: [email protected] АTTENTIОN! If уоu wаnt tо rесоvеr уоur dаtа plеаsе writе us tо аll оur е-mаil аdrеssеs! It is rеаllу impоrtаnt bесаusе оf dеlivеrу prоblеms with sоmе mаil sеrviсеs! Plеаsе bе surе wе аrе аlwауs in tоuсh аnd rеаdу tо hеlp уоu! If уоu will nоt rесеivе оur аnswеr in 24 hоurs, plеаsе rеsеnd уоur mеssаgе! Plеаsе аlwауs сhесk SPАM fоldеr! * Writе оn English оr usе prоfеssiоnаl trаnslаtоr In subjесt linе writе уоur pеrsоnаl ID: Fоr уоur аssurаnсе уоu саn аttасh up tо 3 smаll еnсrуptеd filеs tо уоur mеssаgе. Wе will dесrуpt аnd sеnd уоu dесrуptеd filеs fоr frее. * Plеаsе nоtе thаt filеs must nоt соntаin аnу vаluаblе infоrmаtiоn аnd thеir tоtаl sizе must bе lеss thаn 5Mb. Plеаsе dоn’t wоrrу! Bе surе thаt уоur dаtа саn bе RESTОRED TОDАY! Wе аrе in tоuсh 24/7 аnd rеаdу tо hеlp уоu! If уоu nоt rесеivеd оur аnswеr plеаsе rеsеnd уоur mеssаgе tо аll е-mаil аdrеssеs! ************************************************************************** Quote Link to post Share on other sites
Yuvaraj BM 0 Posted May 13, 2020 Author Report Share Posted May 13, 2020 SantaGman and the file extenstion is .SNTG files Quote Link to post Share on other sites
Amigo-A 136 Posted May 14, 2020 Report Share Posted May 14, 2020 This is similar to the result of the 'Matrix Ransomware' attack. You need to attach to the message the original ransom note file #SNTG_README#.rtf and several encrypted files. The easiest way to do this is with help the site https://dropmefiles.com/ /// Extortionists often borrow ransomware elements from each other, so in order to establish the exact name ransomware, we need these files. Quote Link to post Share on other sites
Yuvaraj BM 0 Posted May 14, 2020 Author Report Share Posted May 14, 2020 1 hour ago, Amigo-A said: This is similar to the result of the 'Matrix Ransomware' attack. You need to attach to the message the original ransom note file #SNTG_README#.rtf and several encrypted files. The easiest way to do this is with help the site https://dropmefiles.com/ /// Extortionists often borrow ransomware elements from each other, so in order to establish the exact name ransomware, we need these files. Hi Amigo, I'm attaching the complete files in encrypted folder just not to miss anything, kindly let me know if any more details is required. Thanks! Yuvaraj#SNTG_INFO#.rtf [[email protected]].0jF4nEPi-VgYnIe2k.SNTG [[email protected]].1cB0od8Z-E84Cmu1s.SNTG [[email protected]].1rjxQxtx-FsFsROI3.SNTG [[email protected]].3EDrFpjH-nBcpFEtg.SNTG [[email protected]].3VVDAEhu-E7bmTr2g.SNTG [[email protected]].6yxNPPFy-0IFrqaiK.SNTG [[email protected]].8dQmKREY-BXpoAFCL.SNTG [[email protected]].62WxLyLk-4lRmWhbC.SNTG [[email protected]].859dUcDm-DqyGBNiT.SNTG [[email protected]].997Wk2Qt-0Lgdep85.SNTG [[email protected]].AFt0YGmI-GyVG4Bkx.SNTG [[email protected]].AH3JbzJz-uOuXkoMt.SNTG [[email protected]].ARRHvzJ2-eKLQ8Vr4.SNTG [[email protected]].AWuZFYQZ-B5Z6rzXI.SNTG [[email protected]].bcqhe1nB-opctisWj.SNTG [[email protected]].BMzRhM12-q3I2UyP1.SNTG [[email protected]].CKIkgq1e-hm3voOt1.SNTG [[email protected]].cPfYYgcK-bIJA3Ysk.SNTG [[email protected]].CR1Nyo7l-8zJp4bL3.SNTG [[email protected]].DlM4QFX2-O1smqSbM.SNTG [[email protected]].DyOannv9-0L03EQeP.SNTG [[email protected]].eMdGNmot-EF0bS8a2.SNTG [[email protected]].f9GsAMC7-iZqXuKlH.SNTG [[email protected]].FI8xKa33-ZNrSEmfE.SNTG [[email protected]].FXvfp1WW-xXLgd6bW.SNTG [[email protected]].Gk9o8rII-JnDBjwHk.SNTG [[email protected]].Gsqo2Gda-hu9NE116.SNTG [[email protected]].Guo3wevc-03v0iaYJ.SNTG [[email protected]].gzd9JtX1-Q8Luwoty.SNTG [[email protected]].I9ZZciDp-CYt57fck.SNTG [[email protected]].INfvFyA2-EfPHYfRW.SNTG [[email protected]].inmJWJKf-AHmXtkUs.SNTG [[email protected]].JxawjvrT-OLA3y3P3.SNTG [[email protected]].k95tHxh0-5tgcozMY.SNTG [[email protected]].kCS4DL2D-v5v6GQcN.SNTG [[email protected]].KJXTVOMR-7CnzfvZ5.SNTG [[email protected]].KNoqd49f-hEWC7snQ.SNTG [[email protected]].KrgT4ChW-jM23Tpkr.SNTG [[email protected]].l7noMUqn-QwTiMYLn.SNTG [[email protected]].Lh1oFqO0-vqhObYps.SNTG [[email protected]].LWOpkn2Q-j28Bsqgn.SNTG [[email protected]].M87oy1Pn-XbTF0mDB.SNTG [[email protected]].mhQvxYGZ-guC8fxeE.SNTG [[email protected]].MlszWfm5-5WJlOeVs.SNTG [[email protected]].mMyJDXb4-1MZFjAld.SNTG [[email protected]].mqHSuqg6-WmBBzc4w.SNTG [[email protected]].nmnFVSs5-XCasOeQx.SNTG [[email protected]].Oo3dDWzZ-QqqWISgl.SNTG [[email protected]].P0zzuCiO-5CGxncgU.SNTG [[email protected]].PcNnuEXD-V36n0JR8.SNTG [[email protected]].QA4jxPSB-v08my6cU.SNTG [[email protected]].QAo87QZO-YOkfmoZi.SNTG [[email protected]].qBGRR02s-bmz2AkxJ.SNTG [[email protected]].QCH28dpi-afesgRpO.SNTG [[email protected]].QPtLRcCG-l94X0mzL.SNTG [[email protected]].rLgfRxvK-LJEPXrmV.SNTG [[email protected]].szNazy0Q-4KiAABOG.SNTG [[email protected]].vGzgQOXX-Fz8MgF8V.SNTG [[email protected]].vZKLL9vp-x1OFYFlt.SNTG [[email protected]].WHdR50O3-0ZDFFxxm.SNTG [[email protected]].WTbP2PPG-6eQeCPgG.SNTG [[email protected]].x6DRA7w5-JA7fcGmE.SNTG [[email protected]].x30BouRZ-Z616N2RQ.SNTG [[email protected]].XdZPFHBV-MldpgjvM.SNTG [[email protected]].xStaQInH-YDnwEGnj.SNTG [[email protected]].yafhhW6I-RbggRRDR.SNTG [[email protected]].YBre88ll-nfOYHpxY.SNTG [[email protected]].zO7uDk3w-bTPhlqNr.SNTG [[email protected]].zwIX0vX3-kCOrCpjN.SNTG Quote Link to post Share on other sites
GT500 854 Posted May 14, 2020 Report Share Posted May 14, 2020 Based on the e-mail address used and the extension format this does appear to be Matrix:https://id-ransomware.malwarehunterteam.com/identify.php?case=8be319513de6b4594b6c1c8bf7ece0617d578c89 Unfortunately I don't think there's any known way to decrypt files that have been encrypted by the Matrix ransomware. Quote Link to post Share on other sites
Amigo-A 136 Posted May 14, 2020 Report Share Posted May 14, 2020 You had to attach only a few files so that we could clarify the ransomware. Yes, this is Matrix Ransomware While there is not a single free decryptor that can decrypt files after the Matrix. Quote Link to post Share on other sites
Yuvaraj BM 0 Posted May 15, 2020 Author Report Share Posted May 15, 2020 12 hours ago, Amigo-A said: You had to attach only a few files so that we could clarify the ransomware. Yes, this is Matrix Ransomware While there is not a single free decryptor that can decrypt files after the Matrix. what to do now..? Quote Link to post Share on other sites
Amigo-A 136 Posted May 15, 2020 Report Share Posted May 15, 2020 Now you need to save the encrypted files, maybe in the future there will be an opportunity to decrypt them. Recently, ransomware that distributed Troldesh (Shade) and encrypted files around the world for many years released master keys for decryption. Such an event does not happen often, but it has already happened many times. Specialists from different laboratories are trying to make free decryptor. There is no free decryptor for Matrix ransomware yet. Quote Link to post Share on other sites
Yuvaraj BM 0 Posted September 21, 2020 Author Report Share Posted September 21, 2020 On 5/15/2020 at 2:22 PM, Amigo-A said: Now you need to save the encrypted files, maybe in the future there will be an opportunity to decrypt them. Recently, ransomware that distributed Troldesh (Shade) and encrypted files around the world for many years released master keys for decryption. Such an event does not happen often, but it has already happened many times. Specialists from different laboratories are trying to make free decryptor. There is no free decryptor for Matrix ransomware yet. Any luck any de-Cryptor available for Matrix SantaGman Quote Link to post Share on other sites
GT500 854 Posted September 22, 2020 Report Share Posted September 22, 2020 There's been no news about Matrix ransomware. We recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters:https://www.bleepingcomputer.com/ If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news:https://www.bleepingcomputer.com/feed/ Quote Link to post Share on other sites
victorh 0 Posted October 22, 2020 Report Share Posted October 22, 2020 Hi Everyone, We have been infected with ransomware and would appreciate any help. Files are completely renamed, see below for example. [[email protected]].1Kjl9LDj-pBtpAC4a.SNTG [[email protected]].1jvX1Qaa-zeLcJ0dv.SNTG [[email protected]].1AdtWzPV-IivcBY9w.SNTG Link https://we.tl/t-p7yiIUgHjR Quote Link to post Share on other sites
GT500 854 Posted October 23, 2020 Report Share Posted October 23, 2020 6 hours ago, victorh said: We have been infected with ransomware and would appreciate any help. Files are completely renamed, see below for example. [[email protected]].1Kjl9LDj-pBtpAC4a.SNTG [[email protected]].1jvX1Qaa-zeLcJ0dv.SNTG [[email protected]].1AdtWzPV-IivcBY9w.SNTG That fits the extension format for the Matrix ransomware, which isn't decryptable without paying the ransom. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.