Yuvaraj BM 0 Report post Posted May 13 All guys, All my PC files are encrypted by SantaGman a new ransomware and they are asking money to decrypt them. Could you please help me in solving this. They left a below notes in machine. ************************************************************************* s**t HАPPENS! WE HАVE TО INFОRM YОU THАT АLL YОUR FILES WERE ENCRYPTED! PLEАSE BE SURE, YОUR FILES АRE NОT BRОKEN! Yоur filеs wеrе еnсrуptеd with strоng сrуptо аlgоrithms. * Plеаsе nоtе thаt thеrе is nо wау tо dесrуpt уоur filеs withоut uniquе dесrуptiоn kеу аnd spесiаl sоftwаrе. Yоur uniquе dесrуptiоn kеу is sесurеlу stоrеd оn оur sеrvеr. * Tо dесrуpt уоur dаtа уоu nееd оur spесifiс аutоmаtiс dесrуptiоn tооl аnd уоur uniquе dесrуptiоn kеу. * Аll уоur filеs wеrе rеnаmеd but аftеr dесrуptiоn prосеss filеnаmеs will bе rесоvеrеd tо оriginаl stаtе. Dаtа struсturе will nоt сhаngе. * Plеаsе bе surе thаt аll thе аttеmpts tо rесоvеr уоur filеs bу уоursеlf оr using third pаrtу tооls саn rеsult in irrеvосаblе lоss оf уоur dаtа! WHАT DО YОU NEED TО DО? First оf аll уоu hаvе tо writе us bу е-mаil: OОur first е-mаil: [email protected] Оur sесоnd е-mаil: [email protected] Оur third е-mаil: [email protected] АTTENTIОN! If уоu wаnt tо rесоvеr уоur dаtа plеаsе writе us tо аll оur е-mаil аdrеssеs! It is rеаllу impоrtаnt bесаusе оf dеlivеrу prоblеms with sоmе mаil sеrviсеs! Plеаsе bе surе wе аrе аlwауs in tоuсh аnd rеаdу tо hеlp уоu! If уоu will nоt rесеivе оur аnswеr in 24 hоurs, plеаsе rеsеnd уоur mеssаgе! Plеаsе аlwауs сhесk SPАM fоldеr! * Writе оn English оr usе prоfеssiоnаl trаnslаtоr In subjесt linе writе уоur pеrsоnаl ID: Fоr уоur аssurаnсе уоu саn аttасh up tо 3 smаll еnсrуptеd filеs tо уоur mеssаgе. Wе will dесrуpt аnd sеnd уоu dесrуptеd filеs fоr frее. * Plеаsе nоtе thаt filеs must nоt соntаin аnу vаluаblе infоrmаtiоn аnd thеir tоtаl sizе must bе lеss thаn 5Mb. Plеаsе dоn’t wоrrу! Bе surе thаt уоur dаtа саn bе RESTОRED TОDАY! Wе аrе in tоuсh 24/7 аnd rеаdу tо hеlp уоu! If уоu nоt rесеivеd оur аnswеr plеаsе rеsеnd уоur mеssаgе tо аll е-mаil аdrеssеs! ************************************************************************** Quote Share this post Link to post Share on other sites
Yuvaraj BM 0 Report post Posted May 13 SantaGman and the file extenstion is .SNTG files Quote Share this post Link to post Share on other sites
Amigo-A 135 Report post Posted May 14 This is similar to the result of the 'Matrix Ransomware' attack. You need to attach to the message the original ransom note file #SNTG_README#.rtf and several encrypted files. The easiest way to do this is with help the site https://dropmefiles.com/ /// Extortionists often borrow ransomware elements from each other, so in order to establish the exact name ransomware, we need these files. Quote Share this post Link to post Share on other sites
Yuvaraj BM 0 Report post Posted May 14 1 hour ago, Amigo-A said: This is similar to the result of the 'Matrix Ransomware' attack. You need to attach to the message the original ransom note file #SNTG_README#.rtf and several encrypted files. The easiest way to do this is with help the site https://dropmefiles.com/ /// Extortionists often borrow ransomware elements from each other, so in order to establish the exact name ransomware, we need these files. Hi Amigo, I'm attaching the complete files in encrypted folder just not to miss anything, kindly let me know if any more details is required. Thanks! Yuvaraj#SNTG_INFO#.rtf [[email protected]].0jF4nEPi-VgYnIe2k.SNTG [[email protected]].1cB0od8Z-E84Cmu1s.SNTG [[email protected]].1rjxQxtx-FsFsROI3.SNTG [[email protected]].3EDrFpjH-nBcpFEtg.SNTG [[email protected]].3VVDAEhu-E7bmTr2g.SNTG [[email protected]].6yxNPPFy-0IFrqaiK.SNTG [[email protected]].8dQmKREY-BXpoAFCL.SNTG [[email protected]].62WxLyLk-4lRmWhbC.SNTG [[email protected]].859dUcDm-DqyGBNiT.SNTG [[email protected]].997Wk2Qt-0Lgdep85.SNTG [[email protected]].AFt0YGmI-GyVG4Bkx.SNTG [[email protected]].AH3JbzJz-uOuXkoMt.SNTG [[email protected]].ARRHvzJ2-eKLQ8Vr4.SNTG [[email protected]].AWuZFYQZ-B5Z6rzXI.SNTG [[email protected]].bcqhe1nB-opctisWj.SNTG [[email protected]].BMzRhM12-q3I2UyP1.SNTG [[email protected]].CKIkgq1e-hm3voOt1.SNTG [[email protected]].cPfYYgcK-bIJA3Ysk.SNTG [[email protected]].CR1Nyo7l-8zJp4bL3.SNTG [[email protected]].DlM4QFX2-O1smqSbM.SNTG [[email protected]].DyOannv9-0L03EQeP.SNTG [[email protected]].eMdGNmot-EF0bS8a2.SNTG [[email protected]].f9GsAMC7-iZqXuKlH.SNTG [[email protected]].FI8xKa33-ZNrSEmfE.SNTG [[email protected]].FXvfp1WW-xXLgd6bW.SNTG [[email protected]].Gk9o8rII-JnDBjwHk.SNTG [[email protected]].Gsqo2Gda-hu9NE116.SNTG [[email protected]].Guo3wevc-03v0iaYJ.SNTG [[email protected]].gzd9JtX1-Q8Luwoty.SNTG [[email protected]].I9ZZciDp-CYt57fck.SNTG [[email protected]].INfvFyA2-EfPHYfRW.SNTG [[email protected]].inmJWJKf-AHmXtkUs.SNTG [[email protected]].JxawjvrT-OLA3y3P3.SNTG [[email protected]].k95tHxh0-5tgcozMY.SNTG [[email protected]].kCS4DL2D-v5v6GQcN.SNTG [[email protected]].KJXTVOMR-7CnzfvZ5.SNTG [[email protected]].KNoqd49f-hEWC7snQ.SNTG [[email protected]].KrgT4ChW-jM23Tpkr.SNTG [[email protected]].l7noMUqn-QwTiMYLn.SNTG [[email protected]].Lh1oFqO0-vqhObYps.SNTG [[email protected]].LWOpkn2Q-j28Bsqgn.SNTG [[email protected]].M87oy1Pn-XbTF0mDB.SNTG [[email protected]].mhQvxYGZ-guC8fxeE.SNTG [[email protected]].MlszWfm5-5WJlOeVs.SNTG [[email protected]].mMyJDXb4-1MZFjAld.SNTG [[email protected]].mqHSuqg6-WmBBzc4w.SNTG [[email protected]].nmnFVSs5-XCasOeQx.SNTG [[email protected]].Oo3dDWzZ-QqqWISgl.SNTG [[email protected]].P0zzuCiO-5CGxncgU.SNTG [[email protected]].PcNnuEXD-V36n0JR8.SNTG [[email protected]].QA4jxPSB-v08my6cU.SNTG [[email protected]].QAo87QZO-YOkfmoZi.SNTG [[email protected]].qBGRR02s-bmz2AkxJ.SNTG [[email protected]].QCH28dpi-afesgRpO.SNTG [[email protected]].QPtLRcCG-l94X0mzL.SNTG [[email protected]].rLgfRxvK-LJEPXrmV.SNTG [[email protected]].szNazy0Q-4KiAABOG.SNTG [[email protected]].vGzgQOXX-Fz8MgF8V.SNTG [[email protected]].vZKLL9vp-x1OFYFlt.SNTG [[email protected]].WHdR50O3-0ZDFFxxm.SNTG [[email protected]].WTbP2PPG-6eQeCPgG.SNTG [[email protected]].x6DRA7w5-JA7fcGmE.SNTG [[email protected]].x30BouRZ-Z616N2RQ.SNTG [[email protected]].XdZPFHBV-MldpgjvM.SNTG [[email protected]].xStaQInH-YDnwEGnj.SNTG [[email protected]].yafhhW6I-RbggRRDR.SNTG [[email protected]].YBre88ll-nfOYHpxY.SNTG [[email protected]].zO7uDk3w-bTPhlqNr.SNTG [[email protected]].zwIX0vX3-kCOrCpjN.SNTG Quote Share this post Link to post Share on other sites
GT500 835 Report post Posted May 14 Based on the e-mail address used and the extension format this does appear to be Matrix:https://id-ransomware.malwarehunterteam.com/identify.php?case=8be319513de6b4594b6c1c8bf7ece0617d578c89 Unfortunately I don't think there's any known way to decrypt files that have been encrypted by the Matrix ransomware. Quote Share this post Link to post Share on other sites
Amigo-A 135 Report post Posted May 14 You had to attach only a few files so that we could clarify the ransomware. Yes, this is Matrix Ransomware While there is not a single free decryptor that can decrypt files after the Matrix. Quote Share this post Link to post Share on other sites
Yuvaraj BM 0 Report post Posted May 15 12 hours ago, Amigo-A said: You had to attach only a few files so that we could clarify the ransomware. Yes, this is Matrix Ransomware While there is not a single free decryptor that can decrypt files after the Matrix. what to do now..? Quote Share this post Link to post Share on other sites
Amigo-A 135 Report post Posted May 15 Now you need to save the encrypted files, maybe in the future there will be an opportunity to decrypt them. Recently, ransomware that distributed Troldesh (Shade) and encrypted files around the world for many years released master keys for decryption. Such an event does not happen often, but it has already happened many times. Specialists from different laboratories are trying to make free decryptor. There is no free decryptor for Matrix ransomware yet. Quote Share this post Link to post Share on other sites
Yuvaraj BM 0 Report post Posted September 21 On 5/15/2020 at 2:22 PM, Amigo-A said: Now you need to save the encrypted files, maybe in the future there will be an opportunity to decrypt them. Recently, ransomware that distributed Troldesh (Shade) and encrypted files around the world for many years released master keys for decryption. Such an event does not happen often, but it has already happened many times. Specialists from different laboratories are trying to make free decryptor. There is no free decryptor for Matrix ransomware yet. Any luck any de-Cryptor available for Matrix SantaGman Quote Share this post Link to post Share on other sites
GT500 835 Report post Posted September 22 There's been no news about Matrix ransomware. We recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters:https://www.bleepingcomputer.com/ If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news:https://www.bleepingcomputer.com/feed/ Quote Share this post Link to post Share on other sites
victorh 0 Report post Posted October 22 Hi Everyone, We have been infected with ransomware and would appreciate any help. Files are completely renamed, see below for example. [[email protected]].1Kjl9LDj-pBtpAC4a.SNTG [[email protected]].1jvX1Qaa-zeLcJ0dv.SNTG [[email protected]].1AdtWzPV-IivcBY9w.SNTG Link https://we.tl/t-p7yiIUgHjR Quote Share this post Link to post Share on other sites
GT500 835 Report post Posted October 23 6 hours ago, victorh said: We have been infected with ransomware and would appreciate any help. Files are completely renamed, see below for example. [[email protected]].1Kjl9LDj-pBtpAC4a.SNTG [[email protected]].1jvX1Qaa-zeLcJ0dv.SNTG [[email protected]].1AdtWzPV-IivcBY9w.SNTG That fits the extension format for the Matrix ransomware, which isn't decryptable without paying the ransom. Quote Share this post Link to post Share on other sites
