Nikhil Kusmode

ADHUBLLKA.MADO Ransomware

Recommended Posts

Dear Friend,

My Laptop is Infected by ransomware named ABHUBLLKA.MADO, all files ( word, excel, photos and videos are locked).

message from hacker: 

***********************UNDER NO CIRCUMSTANCES DO NOT DELETE THIS FILE, UNTIL ALL YOUR DATA IS RECOVERED***********************

    *****FAILING TO DO SO, WILL RESULT IN YOUR SYSTEM CORRUPTION, IF THERE ARE DECRYPTION ERRORS*****

Attention! 

All your files, documents, photos, databases and other important files are encrypted and have the extension: .ADHUBLLKA

The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files.
 

has i searched encryption is done through a online key.  

If anyone can help plz mail me.

Share this post


Link to post
Share on other sites
15 hours ago, Nikhil Kusmode said:

My Laptop is Infected by ransomware named ABHUBLLKA.MADO, all files ( word, excel, photos and videos are locked).

Could you attach an encrypted file to a reply along with one or two ransom notes for us to review?

Share this post


Link to post
Share on other sites

Attach the files as GT500 told you.

Previously, I can say that the presence of such a combination of ABHUBLLKA.MADO indicates that you have two infections:
'Abhubllka Ransomware' and 'STOP Ransomware' with .mado extension. 

They may still be active.

Share this post


Link to post
Share on other sites

Probably, last on the system was 'STOP Ransomware', which added the .mado extension. 
The first was a ransomware-deceiver that I call WannaFaker Ransomware.
He likes to copy other people's notes and add to them what he wants to confuse.
In this case, he took from 'Gandcrab 5.1' the text of the note, the title in the text, and the code at the bottom of the note.
From the so-called 'ADHUBLLKA' he took the title of the note (read_me.txt), the extension and wrote it in the note.
Maybe something else. I didn't look any further and compare.

At the moment important is the decrypt files after attack 'STOP Ransomware'. If can't decrypt the files after it, then the previous encryption is no longer important.

Share this post


Link to post
Share on other sites

Look for the _readme.txt file - it should be left by 'STOP Ransomware', if it was here.
I wouldn't be surprised if there is no such file. 

Share this post


Link to post
Share on other sites

As @Amigo-A said, you'll need to reverse the STOP/Djvu encryption first if at all possible. Here's a link to our decrypter download page, which you should run first so it can tell you if your files have an online ID or offline ID:
https://www.emsisoft.com/ransomware-decryption-tools/stop-djvu

If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.