Yuvaraj BM

All my files are encrypted by santagman

Recommended Posts

All guys,

All my PC files are encrypted by SantaGman a new ransomware and they are asking money to decrypt them.

Could you please help me in solving this.

They left a below notes in machine.

*************************************************************************

s**t HАPPENS!
WE HАVE TО INFОRM YОU THАT АLL YОUR FILES WERE ENCRYPTED!

PLEАSE BE SURE, YОUR FILES АRE NОT BRОKEN!
Yоur filеs wеrе еnсrуptеd with strоng сrуptо аlgоrithms.
* Plеаsе nоtе thаt thеrе is nо wау tо dесrуpt уоur filеs withоut uniquе dесrуptiоn kеу аnd spесiаl sоftwаrе. Yоur uniquе dесrуptiоn kеу is sесurеlу stоrеd оn оur sеrvеr.
* Tо dесrуpt уоur dаtа уоu nееd оur spесifiс аutоmаtiс dесrуptiоn tооl аnd уоur uniquе dесrуptiоn kеу.
* Аll уоur filеs wеrе rеnаmеd but аftеr dесrуptiоn prосеss filеnаmеs will bе rесоvеrеd tо оriginаl stаtе. Dаtа struсturе will nоt сhаngе.
* Plеаsе bе surе thаt аll thе аttеmpts tо rесоvеr уоur filеs bу уоursеlf оr using third pаrtу tооls саn rеsult in irrеvосаblе lоss оf уоur dаtа!

WHАT DО YОU NEED TО DО?
First оf аll уоu hаvе tо writе us bу е-mаil:
OОur first е-mаil: [email protected]
Оur sесоnd е-mаil: [email protected]
Оur third е-mаil: [email protected]

АTTENTIОN!
If уоu wаnt tо rесоvеr уоur dаtа plеаsе writе us tо аll оur е-mаil аdrеssеs!
It is rеаllу impоrtаnt bесаusе оf dеlivеrу prоblеms with sоmе mаil sеrviсеs!
Plеаsе bе surе wе аrе аlwауs in tоuсh аnd rеаdу tо hеlp уоu!
If уоu will nоt rесеivе оur аnswеr in 24 hоurs, plеаsе rеsеnd уоur mеssаgе!
Plеаsе аlwауs сhесk SPАM fоldеr!
* Writе оn English оr usе prоfеssiоnаl trаnslаtоr

In subjесt linе writе уоur pеrsоnаl ID:

Fоr уоur аssurаnсе уоu саn аttасh up tо 3 smаll еnсrуptеd filеs tо уоur mеssаgе. Wе will dесrуpt аnd sеnd уоu dесrуptеd filеs fоr frее.
* Plеаsе nоtе thаt filеs must nоt соntаin аnу vаluаblе infоrmаtiоn аnd thеir tоtаl sizе must bе lеss thаn 5Mb.

Plеаsе dоn’t wоrrу!
Bе surе thаt уоur dаtа саn bе RESTОRED TОDАY!
Wе аrе in tоuсh 24/7 аnd rеаdу tо hеlp уоu!
If уоu nоt rесеivеd оur аnswеr plеаsе rеsеnd уоur mеssаgе tо аll е-mаil аdrеssеs!

**************************************************************************

Share this post


Link to post
Share on other sites

This is similar to the result of the 'Matrix Ransomware' attack.
You need to attach to the message the original ransom note file #SNTG_README#.rtf and several encrypted files.

The easiest way to do this is with help the site https://dropmefiles.com/

/// Extortionists often borrow ransomware elements from each other, so in order to establish the exact name ransomware, we need these files.

Share this post


Link to post
Share on other sites
1 hour ago, Amigo-A said:

This is similar to the result of the 'Matrix Ransomware' attack.
You need to attach to the message the original ransom note file #SNTG_README#.rtf and several encrypted files.

The easiest way to do this is with help the site https://dropmefiles.com/

/// Extortionists often borrow ransomware elements from each other, so in order to establish the exact name ransomware, we need these files.

Hi Amigo,

I'm attaching the complete files in encrypted folder just not to miss anything, kindly let me know if any more details is required.

Thanks!

Yuvaraj#SNTG_INFO#.rtf

[[email protected]].0jF4nEPi-VgYnIe2k.SNTG [[email protected]].1cB0od8Z-E84Cmu1s.SNTG [[email protected]].1rjxQxtx-FsFsROI3.SNTG [[email protected]].3EDrFpjH-nBcpFEtg.SNTG [[email protected]].3VVDAEhu-E7bmTr2g.SNTG [[email protected]].6yxNPPFy-0IFrqaiK.SNTG [[email protected]].8dQmKREY-BXpoAFCL.SNTG [[email protected]].62WxLyLk-4lRmWhbC.SNTG [[email protected]].859dUcDm-DqyGBNiT.SNTG [[email protected]].997Wk2Qt-0Lgdep85.SNTG [[email protected]].AFt0YGmI-GyVG4Bkx.SNTG [[email protected]].AH3JbzJz-uOuXkoMt.SNTG [[email protected]].ARRHvzJ2-eKLQ8Vr4.SNTG [[email protected]].AWuZFYQZ-B5Z6rzXI.SNTG [[email protected]].bcqhe1nB-opctisWj.SNTG [[email protected]].BMzRhM12-q3I2UyP1.SNTG [[email protected]].CKIkgq1e-hm3voOt1.SNTG [[email protected]].cPfYYgcK-bIJA3Ysk.SNTG [[email protected]].CR1Nyo7l-8zJp4bL3.SNTG [[email protected]].DlM4QFX2-O1smqSbM.SNTG [[email protected]].DyOannv9-0L03EQeP.SNTG [[email protected]].eMdGNmot-EF0bS8a2.SNTG [[email protected]].f9GsAMC7-iZqXuKlH.SNTG [[email protected]].FI8xKa33-ZNrSEmfE.SNTG [[email protected]].FXvfp1WW-xXLgd6bW.SNTG [[email protected]].Gk9o8rII-JnDBjwHk.SNTG [[email protected]].Gsqo2Gda-hu9NE116.SNTG [[email protected]].Guo3wevc-03v0iaYJ.SNTG [[email protected]].gzd9JtX1-Q8Luwoty.SNTG [[email protected]].I9ZZciDp-CYt57fck.SNTG [[email protected]].INfvFyA2-EfPHYfRW.SNTG [[email protected]].inmJWJKf-AHmXtkUs.SNTG [[email protected]].JxawjvrT-OLA3y3P3.SNTG [[email protected]].k95tHxh0-5tgcozMY.SNTG [[email protected]].kCS4DL2D-v5v6GQcN.SNTG [[email protected]].KJXTVOMR-7CnzfvZ5.SNTG [[email protected]].KNoqd49f-hEWC7snQ.SNTG [[email protected]].KrgT4ChW-jM23Tpkr.SNTG [[email protected]].l7noMUqn-QwTiMYLn.SNTG [[email protected]].Lh1oFqO0-vqhObYps.SNTG [[email protected]].LWOpkn2Q-j28Bsqgn.SNTG [[email protected]].M87oy1Pn-XbTF0mDB.SNTG [[email protected]].mhQvxYGZ-guC8fxeE.SNTG [[email protected]].MlszWfm5-5WJlOeVs.SNTG [[email protected]].mMyJDXb4-1MZFjAld.SNTG [[email protected]].mqHSuqg6-WmBBzc4w.SNTG [[email protected]].nmnFVSs5-XCasOeQx.SNTG [[email protected]].Oo3dDWzZ-QqqWISgl.SNTG [[email protected]].P0zzuCiO-5CGxncgU.SNTG [[email protected]].PcNnuEXD-V36n0JR8.SNTG [[email protected]].QA4jxPSB-v08my6cU.SNTG [[email protected]].QAo87QZO-YOkfmoZi.SNTG [[email protected]].qBGRR02s-bmz2AkxJ.SNTG [[email protected]].QCH28dpi-afesgRpO.SNTG [[email protected]].QPtLRcCG-l94X0mzL.SNTG [[email protected]].rLgfRxvK-LJEPXrmV.SNTG [[email protected]].szNazy0Q-4KiAABOG.SNTG [[email protected]].vGzgQOXX-Fz8MgF8V.SNTG [[email protected]].vZKLL9vp-x1OFYFlt.SNTG [[email protected]].WHdR50O3-0ZDFFxxm.SNTG [[email protected]].WTbP2PPG-6eQeCPgG.SNTG [[email protected]].x6DRA7w5-JA7fcGmE.SNTG [[email protected]].x30BouRZ-Z616N2RQ.SNTG [[email protected]].XdZPFHBV-MldpgjvM.SNTG [[email protected]].xStaQInH-YDnwEGnj.SNTG [[email protected]].yafhhW6I-RbggRRDR.SNTG [[email protected]].YBre88ll-nfOYHpxY.SNTG [[email protected]].zO7uDk3w-bTPhlqNr.SNTG [[email protected]].zwIX0vX3-kCOrCpjN.SNTG

Share this post


Link to post
Share on other sites

You had to attach only a few files so that we could clarify the ransomware.

Yes, this is Matrix Ransomware
While there is not a single free decryptor that can decrypt files after the Matrix. 

Share this post


Link to post
Share on other sites
12 hours ago, Amigo-A said:

You had to attach only a few files so that we could clarify the ransomware.

Yes, this is Matrix Ransomware
While there is not a single free decryptor that can decrypt files after the Matrix. 

what to do now..?

 

Share this post


Link to post
Share on other sites

Now you need to save the encrypted files, maybe in the future there will be an opportunity to decrypt them.

Recently, ransomware that distributed Troldesh (Shade) and encrypted files around the world for many years released master keys for decryption. Such an event does not happen often, but it has already happened many times.

Specialists from different laboratories are trying to make free decryptor. There is no free decryptor for Matrix ransomware yet.

Share this post


Link to post
Share on other sites
On 5/15/2020 at 2:22 PM, Amigo-A said:

Now you need to save the encrypted files, maybe in the future there will be an opportunity to decrypt them.

Recently, ransomware that distributed Troldesh (Shade) and encrypted files around the world for many years released master keys for decryption. Such an event does not happen often, but it has already happened many times.

Specialists from different laboratories are trying to make free decryptor. There is no free decryptor for Matrix ransomware yet.

Any luck any de-Cryptor available for Matrix SantaGman 

Share this post


Link to post
Share on other sites

There's been no news about Matrix ransomware. We recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters:
https://www.bleepingcomputer.com/

If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news:
https://www.bleepingcomputer.com/feed/

Share this post


Link to post
Share on other sites
6 hours ago, victorh said:

We have been infected with ransomware and would appreciate any help.
 
Files are completely renamed, see below for example.
 
[[email protected]].1Kjl9LDj-pBtpAC4a.SNTG
[[email protected]].1jvX1Qaa-zeLcJ0dv.SNTG
[[email protected]].1AdtWzPV-IivcBY9w.SNTG

That fits the extension format for the Matrix ransomware, which isn't decryptable without paying the ransom.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.