Roger and lockbit ransomware.

[Saurav 0]

my system got attacked by ransomware called "roger" and "Lockbit". i was realize very late as i received notification and slow response in system.
i have removed ransomware virus by reinstall windows using recovery disk/
then scanned the whole system by '
kaspersky total security' and 'spyhunter 5' software.

i have tried with all decryptors tool available on kaspersky ransomware tools. Also tried "quick-heal" and "avast" decryptors tool too, but problem was not resolved yet.

Request you to please help me out to solve problem and decrypt my whole data.

Thank you in advance.

[Amigo-A 136]

'Roger' is a variant of Dharma Ransomware.
LockBit and Dharma can appear together because they are distributed with the same ways.
The other day we saw their joint distribution with the same set of exploits.

They use a secure file encryption method. It is impossible to calculate the decryption key with modern computing means.

[Saurav 0]

Any Idea how can i get my files back?

Is there any solutions available?

or Any chances to solution available in upcoming days?

 

[Amigo-A 136]

Dharma is distributed since 2016 and only early versions could be deciphered.
LockBit appeared in October 2019, we hope that a decryption method will be found or the keys will be published.

Emsisoft has made many decryption tools, all of them are free. If there is such an opportunity, the decryptor will be published on a special page.

https://www.emsisoft.com/ransomware-decryption-tools/free-download 

[GT500 873]

It isn't going to be possible to decrypt your files without paying the ransom for some time (as Amigo-A said it's already been years). Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future.

We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters:
https://www.bleepingcomputer.com/

If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news:
https://www.bleepingcomputer.com/feed/

[Deianreality 0]

Help friends, this virus also affected me, I had to format my pc. I tried all the possible tools to decrypt my data and I still have not been able, I have not found anything to help me, this virus is the worst thing that has happened to me. I need to get my files back very urgently. Anyone who knows of any method. Thanks for helping me in the future. The creators of this rasonmware are unaware of the damage they cause to those of us who always work from a pc like us. @Saurav, if you have any way to get your files back I hope you can help me Thanks!

[GT500 873]

18 hours ago, Deianreality said:

Help friends, this virus also affected me, I had to format my pc. I tried all the possible tools to decrypt my data and I still have not been able, I have not found anything to help me, this virus is the worst thing that has happened to me. I need to get my files back very urgently. Anyone who knows of any method. Thanks for helping me in the future. The creators of this rasonmware are unaware of the damage they cause to those of us who always work from a pc like us. @Saurav, if you have any way to get your files back I hope you can help me Thanks!

There's no way to decrypt files that have been encrypted by Dharma without paying the ransom.

[Deianreality 0]

GT500 ¿Do you recommend that I pay the ransom and do you ensure that they give me the encryption key? -.-

[GT500 873]

On 9/5/2020 at 9:34 AM, Deianreality said:

Do you recommend that I pay the ransom...

We never recommend giving money to criminals, however we also understand that you need to do what you feel is necessary.

 

On 9/5/2020 at 9:34 AM, Deianreality said:

... do you ensure that they give me the encryption key?

I can't ensure or guarantee anything for the criminals who made/distributed this ransomware.

In most cases they do seem to send a working decrypter and a working private key, however I can't say that this is always the case, and there will always be some risk involved in paying.

[Luciano 0]

Já tem disponível um programa para arquivos que foram criptografados pelo ROGER.lockBit?

[GT500 873]

20 hours ago, Luciano said:

Já tem disponível um programa para arquivos que foram criptografados pelo ROGER.lockBit?

No, there's no way to decrypt files that have been encrypted by the Dharma ransomware (the one that left .ROGER on the end of file names). I don't think we know for certain about LockBit yet, however it doesn't really matter as your files have been encrypted by both.

Tradução fornecida pelo Google:
Não, não há como descriptografar arquivos que foram criptografados pelo Dharma ransomware (aquele que deixou .ROGER no final dos nomes dos arquivos). Acho que ainda não sabemos com certeza sobre o LockBit, no entanto, isso realmente não importa, pois seus arquivos foram criptografados por ambos.

[Abdul5253 0]

I was also hit by the Ransomware on 8th nov 2020, (.lockbit and .roger)

Encrypting every file on my pc and disabling most of the window functions òn my pc.

I was told to contact pexdatax, for money.

Anyone has a fix?

 

I also tried the emisoft decryption website and they said its from dharmesh family and it cannot be decrypted.

[GT500 873]

On 11/8/2020 at 1:57 AM, Abdul5253 said:

Anyone has a fix?

There is no "fix". Your files have been encrypted by two separate ransomwares. You need the private keys for each ransomware (which will be unique for your files since the public and private keys were randomly generated when your files were encrypted), and the only ones who have access to them are the criminals who made/distributed the ransomware.

[Syed musa 0]

I also got atyacked by .lockbit.roger on 3rd nov 2020. 

Is there any way to decrypt my data. 

[GT500 873]

45 minutes ago, jagat said:

hi saurav

i have the key now you can contact me at *************@yahoo.com

Please don't contact this person. They're either a scammer, or they're the criminal who made/distributed the ransomware.

[GT500 873]

On 11/14/2020 at 3:07 PM, Syed musa said:

I also got atyacked by .lockbit.roger on 3rd nov 2020. 

Is there any way to decrypt my data. 

No, the only way to decrypt your files is with the private keys generated for your files when they were encrypted, and the only way to get those is from the criminals who made/distributed the ransomware.

[Syed musa 0]

21 hours ago, GT500 said:

No, the only way to decrypt your files is with the private keys generated for your files when they were encrypted, and the only way to get those is from the criminals who made/distributed the ransomware.

@GT500 what can i do, fansomeware notepad file is not openable, i already paid them ghe ransome amount, but the program which they provided is askin for the key, in the ransaomware note there was one seriel number i think that was the key which i have to provide,so please sugget me what can i do for opening that ransomware note file..... that file name was restore my files .txt.lockbit.roger

[Syed musa 0]

If anyone have that restore my files.txt they can shre me that seriel number inside that file.

[GT500 873]

2 hours ago, Syed musa said:

@GT500 what can i do, fansomeware notepad file is not openable, i already paid them ghe ransome amount, but the program which they provided is askin for the key, in the ransaomware note there was one seriel number i think that was the key which i have to provide,so please sugget me what can i do for opening that ransomware note file..... that file name was restore my files .txt.lockbit.roger

The number in the ransom note is an ID, and not a key. The criminals need to send you a private key. Some of them will integrate the key into their decrypter, and some will send it separately.

Which ransomware did they tell you it would decrypt? .ROGER or .lockbit? Did they promise it would decrypt both?

[Syed musa 0]

2 hours ago, GT500 said:

The number in the ransom note is an ID, and not a key. The criminals need to send you a private key. Some of them will integrate the key into their decrypter, and some will send it separately.

Which ransomware did they tell you it would decrypt? .ROGER or .lockbit? Did they promise it would decrypt both?

Sir please check the attachment

[GT500 873]

20 hours ago, Syed musa said:

Sir please check the attachment

I don't see an attachment.

Could you try sending it in a private message? Just move your mouse pointer over my user name, and a box will pop up with an option to send me a message.

[Syed musa 0]

On 11/18/2020 at 1:12 AM, GT500 said:

The number in the ransom note is an ID, and not a key. The criminals need to send you a private key. Some of them will integrate the key into their decrypter, and some will send it separately.

Which ransomware did they tell you it would decrypt? .ROGER or .lockbit? Did they promise it would 

Hi gt 500 

Can you please whats app me *********************

 

Edited November 23, 2020 by GT500
Removed contact information.

[Deianreality 0]

 @ GT500 Please as soon as you know of any solution or software to be able to decrypt my files encrypted by lockbit let us know immediately. I'd appreciate it a lot.

[My system 0]

Dear All,

Our whole servers are affected ransomware .bitlock extension virus has affected and if anybody's now how to retrieve those file, I have the  suspicious exe file, which is saved in the server document folder.

Also requested to see the resotre text file details belwo.

 

All your important files are encrypted!
Any attempts to restore your files with the thrid-party software will be fatal for your files!
RESTORE YOU DATA POSIBLE ONLY BUYING private key from us.
There is only one way to get your files back:

1) Through a standard browser(FireFox, Chrome, Edge, Opera)
| 1. Open link http://lockbit-decryptor.top/?997665CEF9C3E918C9E84836119B435B
| 2. Follow the instructions on this page

2) Through a Tor Browser - recommended
| 1. Download Tor browser - https://www.torproject.org/ and install it.
| 2. Open link in TOR browser - http://lockbitks2tvnmwk.onion/?997665CEF9C3E918C9E84836119B435B
     This link only works in Tor Browser! 
| 3. Follow the instructions on this page

 ###  Attention! ###
 # lockbit-decryptor.top may be blocked. We recommend using a Tor browser to access the site
 # Do not rename encrypted files.
 # Do not try to decrypt using third party software, it may cause permanent data loss.
 # Decryption of your files with the help of third parties may cause increased price(they add their fee to our).
 # Tor Browser may be blocked in your country or corporate network. Use https://bridges.torproject.org or use Tor Browser over VPN.
 # Tor Browser user manual https://tb-manual.torproject.org/about

 

 

[GT500 873]

3 hours ago, Deianreality said:

 @ GT500 Please as soon as you know of any solution or software to be able to decrypt my files encrypted by lockbit let us know immediately. I'd appreciate it a lot.

There are thousands of victims ransomware that we deal with, so notifying everyone when something changes would be impossible to do without using an automated system (which we don't have).

I recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters:
https://www.bleepingcomputer.com/

If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news:
https://www.bleepingcomputer.com/feed/

[GT500 873]

On 11/22/2020 at 12:09 AM, Syed musa said:

Hi gt 500 

Can you please whats app me *********************

Criminals (scammers and the people who make/distribute ransomware) monitor our forums, and if you post contact information publicly they may send you messages and try to scam you out of money.

[GT500 873]

1 hour ago, My system said:

Our whole servers are affected ransomware .bitlock extension virus has affected and if anybody's now how to retrieve those file, I have the  suspicious exe file, which is saved in the server document folder.

There's no known way to decrypt files that have been encrypted by BitLocker.

If you'd like to send us a copy of a suspicious program/file that you believe to be responsible for encrypting files, then please upload it to VirusTotal and then post a link to the analysis here for us to review (we can download files from VirusTotal).

[My system 0]

On 11/23/2020 at 12:38 AM, GT500 said:

There's no known way to decrypt files that have been encrypted by BitLocker.

If you'd like to send us a copy of a suspicious program/file that you believe to be responsible for encrypting files, then please upload it to VirusTotal and then post a link to the analysis here for us to review (we can download files from VirusTotal).

 

 

You Can Download the file from the below link and the rar zipped password will share later or through email.

<malicious links removed>

Edited November 26, 2020 by GT500
Removed links.

[GT500 873]

22 hours ago, My system said:

You Can Download the file from the below link and the rar zipped password will share later or through email.

What e-mail address did you send it to?

We can download from VirusTotal, and it's a safe way to share malicious files with Anti-Virus software companies. If you're going to use file sharing networks where anyone can download the files, then send the download links in a private message rather than posting them publicly.

[Ramesh Guguloth 0]

IMG_1281.JPG.mmpa.lockbit.id-1244D102.[[email protected]].ROGER

Please help me my number is ****************

Edited January 28 by GT500
Removed number.

[Ramesh Guguloth 0]

IMG_1281.JPG.mmpa.lockbit.id-1244D102.[[email protected]].ROGER

[GT500 873]

12 hours ago, Ramesh Guguloth said:

IMG_1281.JPG.mmpa.lockbit.id-1244D102.[[email protected]].ROGER

Please help me my number is ****************

That's Dharma, and Dharma isn't decryptable.

[Ramesh Guguloth 0]

Butt how sir

[Ramesh Guguloth 0]

On 8/17/2020 at 12:06 PM, Saurav said:

my system got attacked by ransomware called "roger" and "Lockbit". i was realize very late as i received notification and slow response in system.
i have removed ransomware virus by reinstall windows using recovery disk/
then scanned the whole system by '
kaspersky total security' and 'spyhunter 5' software.

i have tried with all decryptors tool available on kaspersky ransomware tools. Also tried "quick-heal" and "avast" decryptors tool too, but problem was not resolved yet.

Request you to please help me out to solve problem and decrypt my whole data.

Thank you in advance.

Butt how sir

[GT500 873]

20 hours ago, Ramesh Guguloth said:

Butt how sir

Normally I don't correct peoples' English (many people here don't speak it natively), however in this case you used an extra "t" which made "but" into an entirely different word.

 

Anyway, our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future.

We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters:
https://www.bleepingcomputer.com/

If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news:
https://www.bleepingcomputer.com/feed/

[Ramesh Guguloth 0]

On 8/17/2020 at 12:06 PM, Saurav said:

my system got attacked by ransomware called "roger" and "Lockbit". i was realize very late as i received notification and slow response in system.
i have removed ransomware virus by reinstall windows using recovery disk/
then scanned the whole system by '
kaspersky total security' and 'spyhunter 5' software.

i have tried with all decryptors tool available on kaspersky ransomware tools. Also tried "quick-heal" and "avast" decryptors tool too, but problem was not resolved yet.

Request you to please help me out to solve problem and decrypt my whole data.

Thank you in advance.

Sir please save me my pc is Haking Lockbit Roger please help me sir

[Ramesh Guguloth 0]

3 hours ago, Ramesh Guguloth said:

Sir please save me my pc is Haking Lockbit Roger please help me sir

My phone number is ************ *******************

Edited February 6 by GT500
Removed personal contact information.

[GT500 873]

3 hours ago, Ramesh Guguloth said:

My phone number is ************ *******************

Please don't post contact information (phone numbers, e-mail addresses, street addresses, etc) in public places. Please also do not contact anyone privately for help, or ask anyone to contact you privately. Criminals monitor our forums, and will abuse any contact information you leave here to try to scam you.

[Yuvaraj2021 0]

Hello,

 

I  Have been Hit by Roger Ransomeware with spreading through local Lan Network two other windows pc also affected    .id-121B7D1F.[[email protected]].ROGER

 

i have seen the script changing my file name,

and shutdown the server, boot form win PE and took back up of remaining25% files

so i did not get any information of TXT file, should i need to contact,

any idea how the server has been exploit, it was running geniun windows server2016 with K7 total security,

Any possible solution for me

 

 

Thanks 

[GT500 873]

On 2/13/2021 at 4:24 AM, Yuvaraj2021 said:

so i did not get any information of TXT file, should i need to contact,

The e-mail address is in the file extension (assuming it's still online).

 

On 2/13/2021 at 4:24 AM, Yuvaraj2021 said:

Any possible solution for me

The ransomware is Dharma. It's not decryptable.