All my files are encrypted by santagman

[Yuvaraj BM 0]

All guys,

All my PC files are encrypted by SantaGman a new ransomware and they are asking money to decrypt them.

Could you please help me in solving this.

They left a below notes in machine.

*************************************************************************

s**t HАPPENS!
WE HАVE TО INFОRM YОU THАT АLL YОUR FILES WERE ENCRYPTED!

PLEАSE BE SURE, YОUR FILES АRE NОT BRОKEN!
Yоur filеs wеrе еnсrуptеd with strоng сrуptо аlgоrithms.
* Plеаsе nоtе thаt thеrе is nо wау tо dесrуpt уоur filеs withоut uniquе dесrуptiоn kеу аnd spесiаl sоftwаrе. Yоur uniquе dесrуptiоn kеу is sесurеlу stоrеd оn оur sеrvеr.
* Tо dесrуpt уоur dаtа уоu nееd оur spесifiс аutоmаtiс dесrуptiоn tооl аnd уоur uniquе dесrуptiоn kеу.
* Аll уоur filеs wеrе rеnаmеd but аftеr dесrуptiоn prосеss filеnаmеs will bе rесоvеrеd tо оriginаl stаtе. Dаtа struсturе will nоt сhаngе.
* Plеаsе bе surе thаt аll thе аttеmpts tо rесоvеr уоur filеs bу уоursеlf оr using third pаrtу tооls саn rеsult in irrеvосаblе lоss оf уоur dаtа!

WHАT DО YОU NEED TО DО?
First оf аll уоu hаvе tо writе us bу е-mаil:
OОur first е-mаil: [email protected]
Оur sесоnd е-mаil: [email protected]
Оur third е-mаil: [email protected]

АTTENTIОN!
If уоu wаnt tо rесоvеr уоur dаtа plеаsе writе us tо аll оur е-mаil аdrеssеs!
It is rеаllу impоrtаnt bесаusе оf dеlivеrу prоblеms with sоmе mаil sеrviсеs!
Plеаsе bе surе wе аrе аlwауs in tоuсh аnd rеаdу tо hеlp уоu!
If уоu will nоt rесеivе оur аnswеr in 24 hоurs, plеаsе rеsеnd уоur mеssаgе!
Plеаsе аlwауs сhесk SPАM fоldеr!
* Writе оn English оr usе prоfеssiоnаl trаnslаtоr

In subjесt linе writе уоur pеrsоnаl ID:

Fоr уоur аssurаnсе уоu саn аttасh up tо 3 smаll еnсrуptеd filеs tо уоur mеssаgе. Wе will dесrуpt аnd sеnd уоu dесrуptеd filеs fоr frее.
* Plеаsе nоtе thаt filеs must nоt соntаin аnу vаluаblе infоrmаtiоn аnd thеir tоtаl sizе must bе lеss thаn 5Mb.

Plеаsе dоn’t wоrrу!
Bе surе thаt уоur dаtа саn bе RESTОRED TОDАY!
Wе аrе in tоuсh 24/7 аnd rеаdу tо hеlp уоu!
If уоu nоt rесеivеd оur аnswеr plеаsе rеsеnd уоur mеssаgе tо аll е-mаil аdrеssеs!

**************************************************************************

[Yuvaraj BM 0]

SantaGman and the file extenstion is .SNTG files

[Amigo-A 136]

This is similar to the result of the 'Matrix Ransomware' attack.
You need to attach to the message the original ransom note file #SNTG_README#.rtf and several encrypted files.

The easiest way to do this is with help the site https://dropmefiles.com/

/// Extortionists often borrow ransomware elements from each other, so in order to establish the exact name ransomware, we need these files.

[Yuvaraj BM 0]

1 hour ago, Amigo-A said:

This is similar to the result of the 'Matrix Ransomware' attack.
You need to attach to the message the original ransom note file #SNTG_README#.rtf and several encrypted files.

The easiest way to do this is with help the site https://dropmefiles.com/

/// Extortionists often borrow ransomware elements from each other, so in order to establish the exact name ransomware, we need these files.

Hi Amigo,

I'm attaching the complete files in encrypted folder just not to miss anything, kindly let me know if any more details is required.

Thanks!

Yuvaraj#SNTG_INFO#.rtf

[[email protected]].0jF4nEPi-VgYnIe2k.SNTG [[email protected]].1cB0od8Z-E84Cmu1s.SNTG [[email protected]].1rjxQxtx-FsFsROI3.SNTG [[email protected]].3EDrFpjH-nBcpFEtg.SNTG [[email protected]].3VVDAEhu-E7bmTr2g.SNTG [[email protected]].6yxNPPFy-0IFrqaiK.SNTG [[email protected]].8dQmKREY-BXpoAFCL.SNTG [[email protected]].62WxLyLk-4lRmWhbC.SNTG [[email protected]].859dUcDm-DqyGBNiT.SNTG [[email protected]].997Wk2Qt-0Lgdep85.SNTG [[email protected]].AFt0YGmI-GyVG4Bkx.SNTG [[email protected]].AH3JbzJz-uOuXkoMt.SNTG [[email protected]].ARRHvzJ2-eKLQ8Vr4.SNTG [[email protected]].AWuZFYQZ-B5Z6rzXI.SNTG [[email protected]].bcqhe1nB-opctisWj.SNTG [[email protected]].BMzRhM12-q3I2UyP1.SNTG [[email protected]].CKIkgq1e-hm3voOt1.SNTG [[email protected]].cPfYYgcK-bIJA3Ysk.SNTG [[email protected]].CR1Nyo7l-8zJp4bL3.SNTG [[email protected]].DlM4QFX2-O1smqSbM.SNTG [[email protected]].DyOannv9-0L03EQeP.SNTG [[email protected]].eMdGNmot-EF0bS8a2.SNTG [[email protected]].f9GsAMC7-iZqXuKlH.SNTG [[email protected]].FI8xKa33-ZNrSEmfE.SNTG [[email protected]].FXvfp1WW-xXLgd6bW.SNTG [[email protected]].Gk9o8rII-JnDBjwHk.SNTG [[email protected]].Gsqo2Gda-hu9NE116.SNTG [[email protected]].Guo3wevc-03v0iaYJ.SNTG [[email protected]].gzd9JtX1-Q8Luwoty.SNTG [[email protected]].I9ZZciDp-CYt57fck.SNTG [[email protected]].INfvFyA2-EfPHYfRW.SNTG [[email protected]].inmJWJKf-AHmXtkUs.SNTG [[email protected]].JxawjvrT-OLA3y3P3.SNTG [[email protected]].k95tHxh0-5tgcozMY.SNTG [[email protected]].kCS4DL2D-v5v6GQcN.SNTG [[email protected]].KJXTVOMR-7CnzfvZ5.SNTG [[email protected]].KNoqd49f-hEWC7snQ.SNTG [[email protected]].KrgT4ChW-jM23Tpkr.SNTG [[email protected]].l7noMUqn-QwTiMYLn.SNTG [[email protected]].Lh1oFqO0-vqhObYps.SNTG [[email protected]].LWOpkn2Q-j28Bsqgn.SNTG [[email protected]].M87oy1Pn-XbTF0mDB.SNTG [[email protected]].mhQvxYGZ-guC8fxeE.SNTG [[email protected]].MlszWfm5-5WJlOeVs.SNTG [[email protected]].mMyJDXb4-1MZFjAld.SNTG [[email protected]].mqHSuqg6-WmBBzc4w.SNTG [[email protected]].nmnFVSs5-XCasOeQx.SNTG [[email protected]].Oo3dDWzZ-QqqWISgl.SNTG [[email protected]].P0zzuCiO-5CGxncgU.SNTG [[email protected]].PcNnuEXD-V36n0JR8.SNTG [[email protected]].QA4jxPSB-v08my6cU.SNTG [[email protected]].QAo87QZO-YOkfmoZi.SNTG [[email protected]].qBGRR02s-bmz2AkxJ.SNTG [[email protected]].QCH28dpi-afesgRpO.SNTG [[email protected]].QPtLRcCG-l94X0mzL.SNTG [[email protected]].rLgfRxvK-LJEPXrmV.SNTG [[email protected]].szNazy0Q-4KiAABOG.SNTG [[email protected]].vGzgQOXX-Fz8MgF8V.SNTG [[email protected]].vZKLL9vp-x1OFYFlt.SNTG [[email protected]].WHdR50O3-0ZDFFxxm.SNTG [[email protected]].WTbP2PPG-6eQeCPgG.SNTG [[email protected]].x6DRA7w5-JA7fcGmE.SNTG [[email protected]].x30BouRZ-Z616N2RQ.SNTG [[email protected]].XdZPFHBV-MldpgjvM.SNTG [[email protected]].xStaQInH-YDnwEGnj.SNTG [[email protected]].yafhhW6I-RbggRRDR.SNTG [[email protected]].YBre88ll-nfOYHpxY.SNTG [[email protected]].zO7uDk3w-bTPhlqNr.SNTG [[email protected]].zwIX0vX3-kCOrCpjN.SNTG

[GT500 854]

Based on the e-mail address used and the extension format this does appear to be Matrix:
https://id-ransomware.malwarehunterteam.com/identify.php?case=8be319513de6b4594b6c1c8bf7ece0617d578c89

Unfortunately I don't think there's any known way to decrypt files that have been encrypted by the Matrix ransomware.

[Amigo-A 136]

You had to attach only a few files so that we could clarify the ransomware.

Yes, this is Matrix Ransomware
While there is not a single free decryptor that can decrypt files after the Matrix. 

[Yuvaraj BM 0]

12 hours ago, Amigo-A said:

You had to attach only a few files so that we could clarify the ransomware.

Yes, this is Matrix Ransomware
While there is not a single free decryptor that can decrypt files after the Matrix. 

what to do now..?

 

[Amigo-A 136]

Now you need to save the encrypted files, maybe in the future there will be an opportunity to decrypt them.

Recently, ransomware that distributed Troldesh (Shade) and encrypted files around the world for many years released master keys for decryption. Such an event does not happen often, but it has already happened many times.

Specialists from different laboratories are trying to make free decryptor. There is no free decryptor for Matrix ransomware yet.

[Yuvaraj BM 0]

On 5/15/2020 at 2:22 PM, Amigo-A said:

Now you need to save the encrypted files, maybe in the future there will be an opportunity to decrypt them.

Recently, ransomware that distributed Troldesh (Shade) and encrypted files around the world for many years released master keys for decryption. Such an event does not happen often, but it has already happened many times.

Specialists from different laboratories are trying to make free decryptor. There is no free decryptor for Matrix ransomware yet.

Any luck any de-Cryptor available for Matrix SantaGman 

[GT500 854]

There's been no news about Matrix ransomware. We recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters:
https://www.bleepingcomputer.com/

If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news:
https://www.bleepingcomputer.com/feed/

[victorh 0]

Hi Everyone,
 
We have been infected with ransomware and would appreciate any help.
 
Files are completely renamed, see below for example.
 
[[email protected]].1Kjl9LDj-pBtpAC4a.SNTG
[[email protected]].1jvX1Qaa-zeLcJ0dv.SNTG
[[email protected]].1AdtWzPV-IivcBY9w.SNTG
 
 
Link 
https://we.tl/t-p7yiIUgHjR

[GT500 854]

6 hours ago, victorh said:

We have been infected with ransomware and would appreciate any help.
 
Files are completely renamed, see below for example.
 
[[email protected]].1Kjl9LDj-pBtpAC4a.SNTG
[[email protected]].1jvX1Qaa-zeLcJ0dv.SNTG
[[email protected]].1AdtWzPV-IivcBY9w.SNTG

That fits the extension format for the Matrix ransomware, which isn't decryptable without paying the ransom.