buildstory 0 Posted September 19, 2020 Report Share Posted September 19, 2020 Hi i am in Thailand I don't know why me ransomware attack . My friend's picture is over 100gb encrypted , It is a picture of 2 daughters from birth to growing up TT. Please who know Decrypted This ransomware , I can't find a decryption tool. Help me , Please Thank so much DSC_0287.JPG.lockbit.id-8CE7A8C0.[[email protected]].ROGER.lockbit.id-8CE7A8C0.[[email protected]].ROGER.lockbit i attacted file picture encripted Please Thanks DSC_0287.JPG.lockbit.id-8CE7A8C0.[[email protected]].ROGER.lockbit.id-8CE7A8C0.[[email protected]].ROGER.lockbit.id-8CE7A8C0.[tel[email protected]].ROGER Quote Link to post Share on other sites
Amigo-A 136 Posted September 19, 2020 Report Share Posted September 19, 2020 Most double and multiple encryptions can't be decrypted because at one stage the file will be unrecoverable. I recently identified this case as 'double encryption': LockBit + Dharma Ransomware. Both are impossible to decipher without paying the ransom. The same 'Telegram contact' is used in double attacks from about August 2020, or it started earlier. Later I recieve and analyzed the sample and found out that this is not Dharma per se. Someone bought the source code of Dharma's predecessor, which was called Crysis, and redid the encryption out of him. To make it look like Dharma's elements. If Emsisoft examines this encryption in more detail, they will tell you the result — can this be decrypted. This requires a deeper research than a superficial view. 1 Quote Link to post Share on other sites
GT500 854 Posted September 20, 2020 Report Share Posted September 20, 2020 @buildstory the screenshot shows your computer's clock is over 500 years off. I highly recommend resetting the clock to the correct date, as having the date wrong by years will break encryption on HTTPS websites, and various other things meant to keep your data private. It may also prevent installation of Windows Updates which are required for the protection of your computer, and may prevent third-party Anti-Virus software from updating as well. Quote Link to post Share on other sites
buildstory 0 Posted September 21, 2020 Author Report Share Posted September 21, 2020 On 9/20/2020 at 1:30 PM, GT500 said: @buildstory the screenshot shows your computer's clock is over 500 years off. I highly recommend resetting the clock to the correct date, as having the date wrong by years will break encryption on HTTPS websites, and various other things meant to keep your data private. It may also prevent installation of Windows Updates which are required for the protection of your computer, and may prevent third-party Anti-Virus software from updating as well. 1. I think my friend's computer battery has deteriorated with the BIOS battery. 2 . I have a question. My friend's files are encrypted. Do you think the future can be decrypted? 3 .I backed up the encrypted data, I want to know Encrypted Some 1 files can be loaded. Into a computer that is not infected I want to know Will my computer be infected? Thanks GT500 , and Amigo-A Quote Link to post Share on other sites
GT500 854 Posted September 22, 2020 Report Share Posted September 22, 2020 16 hours ago, buildstory said: I have a question. My friend's files are encrypted. Do you think the future can be decrypted? There is a small possibility, however since they were encrypted by two different ransomwares the odds are not very good. 16 hours ago, buildstory said: I backed up the encrypted data, I want to know Encrypted Some 1 files can be loaded. Into a computer that is not infected I want to know Will my computer be infected? You can not infect another computer with the encrypted files. 1 Quote Link to post Share on other sites
buildstory 0 Posted September 23, 2020 Author Report Share Posted September 23, 2020 On 9/22/2020 at 11:43 AM, GT500 said: There is a small possibility, however since they were encrypted by two different ransomwares the odds are not very good. You can not infect another computer with the encrypted files. Thank So much 🙂 Quote Link to post Share on other sites
buildstory 0 Posted September 23, 2020 Author Report Share Posted September 23, 2020 On 9/19/2020 at 9:39 PM, Amigo-A said: Most double and multiple encryptions can't be decrypted because at one stage the file will be unrecoverable. I recently identified this case as 'double encryption': LockBit + Dharma Ransomware. Both are impossible to decipher without paying the ransom. The same 'Telegram contact' is used in double attacks from about August 2020, or it started earlier. Later I recieve and analyzed the sample and found out that this is not Dharma per se. Someone bought the source code of Dharma's predecessor, which was called Crysis, and redid the encryption out of him. To make it look like Dharma's elements. If Emsisoft examines this encryption in more detail, they will tell you the result — can this be decrypted. This requires a deeper research than a superficial view. Thank So Much for Answer 🙂 Quote Link to post Share on other sites
GT500 854 Posted September 24, 2020 Report Share Posted September 24, 2020 You're welcome. 1 Quote Link to post Share on other sites
buildstory 0 Posted September 27, 2020 Author Report Share Posted September 27, 2020 today i try beg attacker , they send message back , i have no money , are you think hope for software decrypt ? Y_Y Quote Link to post Share on other sites
GT500 854 Posted September 28, 2020 Report Share Posted September 28, 2020 16 hours ago, buildstory said: ... are you think hope for software decrypt ? Y_Y If law enforcement is able to catch the criminals or otherwise gain access to their servers and release their private keys for use in decrypters, then we can add them to our database so that everyone can get their files back. Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future. We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters:https://www.bleepingcomputer.com/ If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news:https://www.bleepingcomputer.com/feed/ Quote Link to post Share on other sites
buildstory 0 Posted September 28, 2020 Author Report Share Posted September 28, 2020 8 hours ago, GT500 said: If law enforcement is able to catch the criminals or otherwise gain access to their servers and release their private keys for use in decrypters, then we can add them to our database so that everyone can get their files back. Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future. We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters:https://www.bleepingcomputer.com/ If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news:https://www.bleepingcomputer.com/feed/ Thank so much for advice GT500 😀😀 Quote Link to post Share on other sites
GT500 854 Posted September 29, 2020 Report Share Posted September 29, 2020 You're welcome. 1 Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.