Amigo-A Posted July 4, 2020 Report Share Posted July 4, 2020 Attach files to your message. Link to comment Share on other sites More sharing options...
Blkrt Posted July 4, 2020 Report Share Posted July 4, 2020 14 minutes ago, Amigo-A said: Attach files to your message. Ok sir, I've attached my encrypted files to this message. Thank you in advance. fehrest.jpg.avdn candle.jpg.avdn TseClientSetup-2_www.MyChart.ir_.zip.avdn Link to comment Share on other sites More sharing options...
Amigo-A Posted July 4, 2020 Report Share Posted July 4, 2020 Results of checking your files: https://id-ransomware.malwarehunterteam.com/identify.php?case=9da99e33569fe0af64a43b520f35bababd09ad3chttps://id-ransomware.malwarehunterteam.com/identify.php?case=2e2e29f85fe2918c33683e2faeade22e51cf81echttps://id-ransomware.malwarehunterteam.com/identify.php?case=2f1a3356c8705f995285ab41e9456bc61f11d20e 1 1 Link to comment Share on other sites More sharing options...
Amigo-A Posted July 4, 2020 Report Share Posted July 4, 2020 17 hours ago, Blkrt said: but they said that files got encrypted by 'Medusalocker' And can not decrypt DrWeb support usually do not use international names of ransomware. 1 1 Link to comment Share on other sites More sharing options...
Amigo-A Posted July 4, 2020 Report Share Posted July 4, 2020 In the sample, that encrypts files with the .avdn extension, there is no code from the real MedusaLocker Ransomware. There is a small piece of code in the another sample that adds a 'random' extension to encrypted files, but this piece is not base. He is well defined by antivirus engines as Avaddon Ransomware. 1 1 Link to comment Share on other sites More sharing options...
Blkrt Posted July 4, 2020 Report Share Posted July 4, 2020 1 hour ago, Amigo-A said: In the sample, that encrypts files with the .avdn extension, there is no code from the real MedusaLocker Ransomware. There is a small piece of code in the another sample that adds a 'random' extension to encrypted files, but this piece is not base. He is well defined by antivirus engines as Avaddon Ransomware. Thank you for your response, I checked the links and it's surely encrypted by avaddon ransomware. Sir, is there any positive result for decrypting .avdn file? Link to comment Share on other sites More sharing options...
Amigo-A Posted July 4, 2020 Report Share Posted July 4, 2020 12 days have passed since I sent the files and samples. No news yet. I check e-mail every day. Quote Hello Information was sent to virus monitoring team, please, wait for reply. 1 1 Link to comment Share on other sites More sharing options...
Blkrt Posted July 4, 2020 Report Share Posted July 4, 2020 58 minutes ago, Amigo-A said: 12 days have passed since I sent the files and samples. No news yet. I check e-mail every day. Thank you very very much for following up sir. Link to comment Share on other sites More sharing options...
Superman ABD Posted July 5, 2020 Report Share Posted July 5, 2020 On 7/3/2020 at 10:42 AM, GT500 said: Dr. Web does not release free decrypters. Their ransomware decryption service is strictly a paid service, however they will at least let you know if your files can be decrypted before they require you to pay anything. If they do require a file pair, then you'll need to find one. Try to remember if you ever sent any files to others (via e-mail, file sharing services, etc) or if you ever saved them to any kind of external media (CD's, DVD's, USB flash drives, etc). Ok sir I will try your idea.thanks for that. But won't you release the AVADDON decrypter in your website sir? It will be very helpful to all. Won't you sir? Link to comment Share on other sites More sharing options...
Superman ABD Posted July 5, 2020 Report Share Posted July 5, 2020 8 hours ago, Amigo-A said: 12 days have passed since I sent the files and samples. No news yet. I check e-mail every day. When you get the reply from them please post here sir.we are waiting for that sir please.. The encoder name in the DrWeb database is Trojan.DownLoader33.50335, Trojan.DownLoader33.59028 SHA-256: 05af0cf40590aef24b28fa04c6b4998b7ab3b7f26e60c507adb84f3d837778f2 SHA-256: fa4626e2c5984d7868a685c5102530bd8260d0b31ef06d2ce2da7636da48d2d6 Dear Amigo-A sir, what are these names? What can I do with it sir? Link to comment Share on other sites More sharing options...
Amigo-A Posted July 5, 2020 Report Share Posted July 5, 2020 6 hours ago, Superman ABD said: What can I do with it sir? This information may help specialists. I have added even more samples on my article. We will try to analyze all incoming samples in the hope that something will change. You need to collect all encrypted files. If decryption becomes possible, information will be published and you will receive a message from support specialists. A rare specialist works on weekends. I work daily, but unfortunately my strength and desire to help you is not enough to decrypt. 2 Link to comment Share on other sites More sharing options...
Superman ABD Posted July 5, 2020 Report Share Posted July 5, 2020 2 hours ago, Amigo-A said: This information may help specialists. I have added even more samples on my article. We will try to analyze all incoming samples in the hope that something will change. You need to collect all encrypted files. If decryption becomes possible, information will be published and you will receive a message from support specialists. A rare specialist works on weekends. I work daily, but unfortunately my strength and desire to help you is not enough to decrypt. Download Image One day Your hard work will be helpful to everyone sir.we support you. Can I send my decrypted files and note to you sir? I didn't send them to dr.web yet.before that can I send them to you sir?will you check my AVADDON files are decryptable or not? 1 Link to comment Share on other sites More sharing options...
Amigo-A Posted July 6, 2020 Report Share Posted July 6, 2020 On 7/5/2020 at 4:49 PM, Superman ABD said: will you check my AVADDON files are decryptable or not? I have already looked through a lot of files. I have no way to decrypt them. Extortionists has changed encryption. You need to send to Dr Web files. They will let you know when files can be decrypted. It may happen in the future. They re-open the ticket and report by email. It is important not to drop email. There will be no other means of communication. 1 Link to comment Share on other sites More sharing options...
GT500 Posted July 7, 2020 Report Share Posted July 7, 2020 On 7/4/2020 at 10:36 PM, Superman ABD said: But won't you release the AVADDON decrypter in your website sir? Our analysts believe the ransomware is secure, and that we will not be able to make a decrypter for it. 1 Link to comment Share on other sites More sharing options...
Blkrt Posted July 7, 2020 Report Share Posted July 7, 2020 1 hour ago, GT500 said: Our analysts believe the ransomware is secure, and that we will not be able to make a decrypter for it. Sir, is there any possibility that the decrypter will be maked in the future? 1 Link to comment Share on other sites More sharing options...
GT500 Posted July 7, 2020 Report Share Posted July 7, 2020 12 minutes ago, Blkrt said: Sir, is there any possibility that the decrypter will be maked in the future? In theory it's possible. If private keys are released that be can use to decrypt files, or if someone finds a vulnerability in the way the ransomware encrypts files. 2 Link to comment Share on other sites More sharing options...
Superman ABD Posted July 9, 2020 Report Share Posted July 9, 2020 On 7/6/2020 at 7:44 PM, Amigo-A said: I have already looked through a lot of files. I have no way to decrypt them. Extortionists has changed encryption. You need to send to Dr Web files. They will let you know when files can be decrypted. It may happen in the future. They re-open the ticket and report by email. It is important not to drop email. There will be no other means of communication. Sir. I have checked my avaddon files in Dr.web.they said decryption is not possible. Now what should I do sir? Shall I save my important infected files for future? In future, will decryption be possible 100%? How long time it will take to find a decrypter? Sir . Link to comment Share on other sites More sharing options...
GT500 Posted July 10, 2020 Report Share Posted July 10, 2020 13 hours ago, Superman ABD said: Shall I save my important infected files for future? Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future. We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters:https://www.bleepingcomputer.com/ If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news:https://www.bleepingcomputer.com/feed/ 13 hours ago, Superman ABD said: In future, will decryption be possible 100%? There is no way to know for certain, however it is theoretically possible that someone may be able to obtain private keys for decryption. 13 hours ago, Superman ABD said: How long time it will take to find a decrypter? Unfortunately it isn't possible to know if or when that may happen. 2 Link to comment Share on other sites More sharing options...
Superman ABD Posted July 10, 2020 Report Share Posted July 10, 2020 10 hours ago, GT500 said: Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future. We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters:https://www.bleepingcomputer.com/ If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news:https://www.bleepingcomputer.com/feed/ There is no way to know for certain, however it is theoretically possible that someone may be able to obtain private keys for decryption. Unfortunately it isn't possible to know if or when that may happen. Ok sir.thank you. I'm waiting for that sir.if you find decrypter please inform here sir.i always connect with your support service . Link to comment Share on other sites More sharing options...
GT500 Posted July 11, 2020 Report Share Posted July 11, 2020 13 hours ago, Superman ABD said: Ok sir.thank you. I'm waiting for that sir.if you find decrypter please inform here sir.i always connect with your support service . I can't make any guarantees that we'll leave a message here if someone does make a decrypter. It's probably best to follow BleepingComputer's ransomware news, as they are a reasonably reliable source for such news. 1 1 Link to comment Share on other sites More sharing options...
Superman ABD Posted July 14, 2020 Report Share Posted July 14, 2020 On 7/11/2020 at 10:35 AM, GT500 said: I can't make any guarantees that we'll leave a message here if someone does make a decrypter. It's probably best to follow BleepingComputer's ransomware news, as they are a reasonably reliable source for such news. Ok thank you sir. But I have a doubt.when ransomware affected my pc I used windows 7.but in windows 10 that OS security already has ransomware protection. So my question is, is this protection enough to protect from all ransomware? Do we need additional ransomware protection? Link to comment Share on other sites More sharing options...
GT500 Posted July 15, 2020 Report Share Posted July 15, 2020 7 hours ago, Superman ABD said: So my question is, is this protection enough to protect from all ransomware? Do we need additional ransomware protection? We don't generally recommend relying on free protection, or protection built in to the Operating System. You can try our Emsisoft Anti-Malware if you'd like, or another Anti-Virus software, but we do recommend paid protection over free protection. 1 Link to comment Share on other sites More sharing options...
Superman ABD Posted July 15, 2020 Report Share Posted July 15, 2020 12 hours ago, GT500 said: We don't generally recommend relying on free protection, or protection built in to the Operating System. You can try our Emsisoft Anti-Malware if you'd like, or another Anti-Virus software, but we do recommend paid protection over free protection. Ok thank you sir.thanks for your help.i will try emsisoft anti malware sir.thankyou 1 Link to comment Share on other sites More sharing options...
Amigo-A Posted August 13, 2020 Report Share Posted August 13, 2020 Yesterday I received a message from Dr.Web specialists that they cannot decrypt the sent files. If there is a better result, they will inform me. 1 Link to comment Share on other sites More sharing options...
Amigo-A Posted June 12, 2021 Report Share Posted June 12, 2021 For all To the attention of victims of this ransomware. If you have subscribed to this topic or follow the news... there is good news. Emsisoft obtained the decryption keys and made a decryptor that works with these keys. It is possible that your decryption key is among them. Download and run the Emsisoft Decryptor for Avaddon.https://www.emsisoft.com/ransomware-decryption-tools/avaddon Link to comment Share on other sites More sharing options...
Recommended Posts