Saurav 0 Posted August 17, 2020 Report Share Posted August 17, 2020 my system got attacked by ransomware called "roger" and "Lockbit". i was realize very late as i received notification and slow response in system.i have removed ransomware virus by reinstall windows using recovery disk/then scanned the whole system by 'kaspersky total security' and 'spyhunter 5' software.i have tried with all decryptors tool available on kaspersky ransomware tools. Also tried "quick-heal" and "avast" decryptors tool too, but problem was not resolved yet.Request you to please help me out to solve problem and decrypt my whole data.Thank you in advance. Quote Link to post Share on other sites
Amigo-A 136 Posted August 17, 2020 Report Share Posted August 17, 2020 'Roger' is a variant of Dharma Ransomware.LockBit and Dharma can appear together because they are distributed with the same ways. The other day we saw their joint distribution with the same set of exploits. They use a secure file encryption method. It is impossible to calculate the decryption key with modern computing means. 1 Quote Link to post Share on other sites
Saurav 0 Posted August 18, 2020 Author Report Share Posted August 18, 2020 Any Idea how can i get my files back? Is there any solutions available? or Any chances to solution available in upcoming days? Quote Link to post Share on other sites
Amigo-A 136 Posted August 18, 2020 Report Share Posted August 18, 2020 Dharma is distributed since 2016 and only early versions could be deciphered. LockBit appeared in October 2019, we hope that a decryption method will be found or the keys will be published. Emsisoft has made many decryption tools, all of them are free. If there is such an opportunity, the decryptor will be published on a special page. https://www.emsisoft.com/ransomware-decryption-tools/free-download Quote Link to post Share on other sites
GT500 873 Posted August 19, 2020 Report Share Posted August 19, 2020 It isn't going to be possible to decrypt your files without paying the ransom for some time (as Amigo-A said it's already been years). Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future. We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters:https://www.bleepingcomputer.com/ If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news:https://www.bleepingcomputer.com/feed/ Quote Link to post Share on other sites
Deianreality 0 Posted September 3, 2020 Report Share Posted September 3, 2020 Help friends, this virus also affected me, I had to format my pc. I tried all the possible tools to decrypt my data and I still have not been able, I have not found anything to help me, this virus is the worst thing that has happened to me. I need to get my files back very urgently. Anyone who knows of any method. Thanks for helping me in the future. The creators of this rasonmware are unaware of the damage they cause to those of us who always work from a pc like us. @Saurav, if you have any way to get your files back I hope you can help me Thanks! Quote Link to post Share on other sites
GT500 873 Posted September 4, 2020 Report Share Posted September 4, 2020 18 hours ago, Deianreality said: Help friends, this virus also affected me, I had to format my pc. I tried all the possible tools to decrypt my data and I still have not been able, I have not found anything to help me, this virus is the worst thing that has happened to me. I need to get my files back very urgently. Anyone who knows of any method. Thanks for helping me in the future. The creators of this rasonmware are unaware of the damage they cause to those of us who always work from a pc like us. @Saurav, if you have any way to get your files back I hope you can help me Thanks! There's no way to decrypt files that have been encrypted by Dharma without paying the ransom. 1 Quote Link to post Share on other sites
Deianreality 0 Posted September 5, 2020 Report Share Posted September 5, 2020 GT500 ¿Do you recommend that I pay the ransom and do you ensure that they give me the encryption key? -.- Quote Link to post Share on other sites
GT500 873 Posted September 8, 2020 Report Share Posted September 8, 2020 On 9/5/2020 at 9:34 AM, Deianreality said: Do you recommend that I pay the ransom... We never recommend giving money to criminals, however we also understand that you need to do what you feel is necessary. On 9/5/2020 at 9:34 AM, Deianreality said: ... do you ensure that they give me the encryption key? I can't ensure or guarantee anything for the criminals who made/distributed this ransomware. In most cases they do seem to send a working decrypter and a working private key, however I can't say that this is always the case, and there will always be some risk involved in paying. Quote Link to post Share on other sites
Luciano 0 Posted September 11, 2020 Report Share Posted September 11, 2020 Já tem disponível um programa para arquivos que foram criptografados pelo ROGER.lockBit? Quote Link to post Share on other sites
GT500 873 Posted September 12, 2020 Report Share Posted September 12, 2020 20 hours ago, Luciano said: Já tem disponível um programa para arquivos que foram criptografados pelo ROGER.lockBit? No, there's no way to decrypt files that have been encrypted by the Dharma ransomware (the one that left .ROGER on the end of file names). I don't think we know for certain about LockBit yet, however it doesn't really matter as your files have been encrypted by both. Tradução fornecida pelo Google: Não, não há como descriptografar arquivos que foram criptografados pelo Dharma ransomware (aquele que deixou .ROGER no final dos nomes dos arquivos). Acho que ainda não sabemos com certeza sobre o LockBit, no entanto, isso realmente não importa, pois seus arquivos foram criptografados por ambos. Quote Link to post Share on other sites
Abdul5253 0 Posted November 8, 2020 Report Share Posted November 8, 2020 I was also hit by the Ransomware on 8th nov 2020, (.lockbit and .roger) Encrypting every file on my pc and disabling most of the window functions òn my pc. I was told to contact pexdatax, for money. Anyone has a fix? I also tried the emisoft decryption website and they said its from dharmesh family and it cannot be decrypted. Quote Link to post Share on other sites
GT500 873 Posted November 10, 2020 Report Share Posted November 10, 2020 On 11/8/2020 at 1:57 AM, Abdul5253 said: Anyone has a fix? There is no "fix". Your files have been encrypted by two separate ransomwares. You need the private keys for each ransomware (which will be unique for your files since the public and private keys were randomly generated when your files were encrypted), and the only ones who have access to them are the criminals who made/distributed the ransomware. Quote Link to post Share on other sites
Syed musa 0 Posted November 14, 2020 Report Share Posted November 14, 2020 I also got atyacked by .lockbit.roger on 3rd nov 2020. Is there any way to decrypt my data. Quote Link to post Share on other sites
GT500 873 Posted November 17, 2020 Report Share Posted November 17, 2020 45 minutes ago, jagat said: hi saurav i have the key now you can contact me at *************@yahoo.com Please don't contact this person. They're either a scammer, or they're the criminal who made/distributed the ransomware. Quote Link to post Share on other sites
GT500 873 Posted November 17, 2020 Report Share Posted November 17, 2020 On 11/14/2020 at 3:07 PM, Syed musa said: I also got atyacked by .lockbit.roger on 3rd nov 2020. Is there any way to decrypt my data. No, the only way to decrypt your files is with the private keys generated for your files when they were encrypted, and the only way to get those is from the criminals who made/distributed the ransomware. Quote Link to post Share on other sites
Syed musa 0 Posted November 18, 2020 Report Share Posted November 18, 2020 21 hours ago, GT500 said: No, the only way to decrypt your files is with the private keys generated for your files when they were encrypted, and the only way to get those is from the criminals who made/distributed the ransomware. @GT500 what can i do, fansomeware notepad file is not openable, i already paid them ghe ransome amount, but the program which they provided is askin for the key, in the ransaomware note there was one seriel number i think that was the key which i have to provide,so please sugget me what can i do for opening that ransomware note file..... that file name was restore my files .txt.lockbit.roger Quote Link to post Share on other sites
Syed musa 0 Posted November 18, 2020 Report Share Posted November 18, 2020 If anyone have that restore my files.txt they can shre me that seriel number inside that file. Quote Link to post Share on other sites
GT500 873 Posted November 18, 2020 Report Share Posted November 18, 2020 2 hours ago, Syed musa said: @GT500 what can i do, fansomeware notepad file is not openable, i already paid them ghe ransome amount, but the program which they provided is askin for the key, in the ransaomware note there was one seriel number i think that was the key which i have to provide,so please sugget me what can i do for opening that ransomware note file..... that file name was restore my files .txt.lockbit.roger The number in the ransom note is an ID, and not a key. The criminals need to send you a private key. Some of them will integrate the key into their decrypter, and some will send it separately. Which ransomware did they tell you it would decrypt? .ROGER or .lockbit? Did they promise it would decrypt both? Quote Link to post Share on other sites
Syed musa 0 Posted November 18, 2020 Report Share Posted November 18, 2020 2 hours ago, GT500 said: The number in the ransom note is an ID, and not a key. The criminals need to send you a private key. Some of them will integrate the key into their decrypter, and some will send it separately. Which ransomware did they tell you it would decrypt? .ROGER or .lockbit? Did they promise it would decrypt both? Sir please check the attachment Quote Link to post Share on other sites
GT500 873 Posted November 19, 2020 Report Share Posted November 19, 2020 20 hours ago, Syed musa said: Sir please check the attachment I don't see an attachment. Could you try sending it in a private message? Just move your mouse pointer over my user name, and a box will pop up with an option to send me a message. Quote Link to post Share on other sites
Syed musa 0 Posted November 22, 2020 Report Share Posted November 22, 2020 (edited) On 11/18/2020 at 1:12 AM, GT500 said: The number in the ransom note is an ID, and not a key. The criminals need to send you a private key. Some of them will integrate the key into their decrypter, and some will send it separately. Which ransomware did they tell you it would decrypt? .ROGER or .lockbit? Did they promise it would Hi gt 500 Can you please whats app me ********************* Edited November 23, 2020 by GT500 Removed contact information. Quote Link to post Share on other sites
Deianreality 0 Posted November 23, 2020 Report Share Posted November 23, 2020 @ GT500 Please as soon as you know of any solution or software to be able to decrypt my files encrypted by lockbit let us know immediately. I'd appreciate it a lot. Quote Link to post Share on other sites
My system 0 Posted November 23, 2020 Report Share Posted November 23, 2020 Dear All, Our whole servers are affected ransomware .bitlock extension virus has affected and if anybody's now how to retrieve those file, I have the suspicious exe file, which is saved in the server document folder. Also requested to see the resotre text file details belwo. All your important files are encrypted! Any attempts to restore your files with the thrid-party software will be fatal for your files! RESTORE YOU DATA POSIBLE ONLY BUYING private key from us. There is only one way to get your files back: 1) Through a standard browser(FireFox, Chrome, Edge, Opera) | 1. Open link http://lockbit-decryptor.top/?997665CEF9C3E918C9E84836119B435B | 2. Follow the instructions on this page 2) Through a Tor Browser - recommended | 1. Download Tor browser - https://www.torproject.org/ and install it. | 2. Open link in TOR browser - http://lockbitks2tvnmwk.onion/?997665CEF9C3E918C9E84836119B435B This link only works in Tor Browser! | 3. Follow the instructions on this page ### Attention! ### # lockbit-decryptor.top may be blocked. We recommend using a Tor browser to access the site # Do not rename encrypted files. # Do not try to decrypt using third party software, it may cause permanent data loss. # Decryption of your files with the help of third parties may cause increased price(they add their fee to our). # Tor Browser may be blocked in your country or corporate network. Use https://bridges.torproject.org or use Tor Browser over VPN. # Tor Browser user manual https://tb-manual.torproject.org/about Quote Link to post Share on other sites
GT500 873 Posted November 23, 2020 Report Share Posted November 23, 2020 3 hours ago, Deianreality said: @ GT500 Please as soon as you know of any solution or software to be able to decrypt my files encrypted by lockbit let us know immediately. I'd appreciate it a lot. There are thousands of victims ransomware that we deal with, so notifying everyone when something changes would be impossible to do without using an automated system (which we don't have). I recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters:https://www.bleepingcomputer.com/ If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news:https://www.bleepingcomputer.com/feed/ Quote Link to post Share on other sites
GT500 873 Posted November 23, 2020 Report Share Posted November 23, 2020 On 11/22/2020 at 12:09 AM, Syed musa said: Hi gt 500 Can you please whats app me ********************* Criminals (scammers and the people who make/distribute ransomware) monitor our forums, and if you post contact information publicly they may send you messages and try to scam you out of money. Quote Link to post Share on other sites
GT500 873 Posted November 23, 2020 Report Share Posted November 23, 2020 1 hour ago, My system said: Our whole servers are affected ransomware .bitlock extension virus has affected and if anybody's now how to retrieve those file, I have the suspicious exe file, which is saved in the server document folder. There's no known way to decrypt files that have been encrypted by BitLocker. If you'd like to send us a copy of a suspicious program/file that you believe to be responsible for encrypting files, then please upload it to VirusTotal and then post a link to the analysis here for us to review (we can download files from VirusTotal). Quote Link to post Share on other sites
My system 0 Posted November 25, 2020 Report Share Posted November 25, 2020 (edited) On 11/23/2020 at 12:38 AM, GT500 said: There's no known way to decrypt files that have been encrypted by BitLocker. If you'd like to send us a copy of a suspicious program/file that you believe to be responsible for encrypting files, then please upload it to VirusTotal and then post a link to the analysis here for us to review (we can download files from VirusTotal). You Can Download the file from the below link and the rar zipped password will share later or through email. <malicious links removed> Edited November 26, 2020 by GT500 Removed links. Quote Link to post Share on other sites
GT500 873 Posted November 26, 2020 Report Share Posted November 26, 2020 22 hours ago, My system said: You Can Download the file from the below link and the rar zipped password will share later or through email. What e-mail address did you send it to? We can download from VirusTotal, and it's a safe way to share malicious files with Anti-Virus software companies. If you're going to use file sharing networks where anyone can download the files, then send the download links in a private message rather than posting them publicly. Quote Link to post Share on other sites
Ramesh Guguloth 0 Posted January 27 Report Share Posted January 27 (edited) IMG_1281.JPG.mmpa.lockbit.id-1244D102.[[email protected]].ROGER Please help me my number is **************** Edited January 28 by GT500 Removed number. Quote Link to post Share on other sites
Ramesh Guguloth 0 Posted January 27 Report Share Posted January 27 IMG_1281.JPG.mmpa.lockbit.id-1244D102.[[email protected]].ROGER Quote Link to post Share on other sites
GT500 873 Posted January 28 Report Share Posted January 28 12 hours ago, Ramesh Guguloth said: IMG_1281.JPG.mmpa.lockbit.id-1244D102.[[email protected]].ROGER Please help me my number is **************** That's Dharma, and Dharma isn't decryptable. Quote Link to post Share on other sites
Ramesh Guguloth 0 Posted February 1 Report Share Posted February 1 Butt how sir Quote Link to post Share on other sites
Ramesh Guguloth 0 Posted February 1 Report Share Posted February 1 On 8/17/2020 at 12:06 PM, Saurav said: my system got attacked by ransomware called "roger" and "Lockbit". i was realize very late as i received notification and slow response in system.i have removed ransomware virus by reinstall windows using recovery disk/then scanned the whole system by 'kaspersky total security' and 'spyhunter 5' software.i have tried with all decryptors tool available on kaspersky ransomware tools. Also tried "quick-heal" and "avast" decryptors tool too, but problem was not resolved yet.Request you to please help me out to solve problem and decrypt my whole data.Thank you in advance. Butt how sir Quote Link to post Share on other sites
GT500 873 Posted February 2 Report Share Posted February 2 20 hours ago, Ramesh Guguloth said: Butt how sir Normally I don't correct peoples' English (many people here don't speak it natively), however in this case you used an extra "t" which made "but" into an entirely different word. Anyway, our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future. We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters:https://www.bleepingcomputer.com/ If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news:https://www.bleepingcomputer.com/feed/ Quote Link to post Share on other sites
Ramesh Guguloth 0 Posted February 6 Report Share Posted February 6 On 8/17/2020 at 12:06 PM, Saurav said: my system got attacked by ransomware called "roger" and "Lockbit". i was realize very late as i received notification and slow response in system.i have removed ransomware virus by reinstall windows using recovery disk/then scanned the whole system by 'kaspersky total security' and 'spyhunter 5' software.i have tried with all decryptors tool available on kaspersky ransomware tools. Also tried "quick-heal" and "avast" decryptors tool too, but problem was not resolved yet.Request you to please help me out to solve problem and decrypt my whole data.Thank you in advance. Sir please save me my pc is Haking Lockbit Roger please help me sir Quote Link to post Share on other sites
Ramesh Guguloth 0 Posted February 6 Report Share Posted February 6 (edited) 3 hours ago, Ramesh Guguloth said: Sir please save me my pc is Haking Lockbit Roger please help me sir My phone number is ************ ******************* Edited February 6 by GT500 Removed personal contact information. Quote Link to post Share on other sites
GT500 873 Posted February 6 Report Share Posted February 6 3 hours ago, Ramesh Guguloth said: My phone number is ************ ******************* Please don't post contact information (phone numbers, e-mail addresses, street addresses, etc) in public places. Please also do not contact anyone privately for help, or ask anyone to contact you privately. Criminals monitor our forums, and will abuse any contact information you leave here to try to scam you. Quote Link to post Share on other sites
Yuvaraj2021 0 Posted February 13 Report Share Posted February 13 Hello, I Have been Hit by Roger Ransomeware with spreading through local Lan Network two other windows pc also affected .id-121B7D1F.[[email protected]].ROGER i have seen the script changing my file name, and shutdown the server, boot form win PE and took back up of remaining25% files so i did not get any information of TXT file, should i need to contact, any idea how the server has been exploit, it was running geniun windows server2016 with K7 total security, Any possible solution for me Thanks Quote Link to post Share on other sites
GT500 873 Posted February 16 Report Share Posted February 16 On 2/13/2021 at 4:24 AM, Yuvaraj2021 said: so i did not get any information of TXT file, should i need to contact, The e-mail address is in the file extension (assuming it's still online). On 2/13/2021 at 4:24 AM, Yuvaraj2021 said: Any possible solution for me The ransomware is Dharma. It's not decryptable. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.