buildstory

# My friend's Photo is over 100gb encrypted ROGER.lockbit , Help me

Recommended Posts

Hi i am in Thailand

I don't know why me ransomware attack . My friend's picture is over 100gb encrypted , It is a picture of 2 daughters from birth to growing up TT.
Please who know Decrypted This ransomware , I can't find a decryption tool. Help me , Please Thank so much

DSC_0287.JPG.lockbit.id-8CE7A8C0.[[email protected]].ROGER.lockbit.id-8CE7A8C0.[[email protected]].ROGER.lockbit

i attacted file picture encripted

Please Thanks

DSC_0287.JPG.lockbit.id-8CE7A8C0.[[email protected]].ROGER.lockbit.id-8CE7A8C0.[[email protected]].ROGER.lockbit.id-8CE7A8C0.[[email protected]].ROGER

119957600_441001003950112_1213789245580446675_n.jpg
Download Image

Share this post


Link to post
Share on other sites

Most double and multiple encryptions can't be decrypted because at one stage the file will be unrecoverable.

I recently identified this case as 'double encryption': LockBit + Dharma Ransomware. Both are impossible to decipher without paying the ransom. The same 'Telegram contact' is used in double attacks from about August 2020, or it started earlier. 
Later I recieve and  analyzed the sample and found out that this is not Dharma per se. Someone bought the source code of Dharma's predecessor, which was called Crysis, and redid the encryption out of him. To make it look like Dharma's elements.
If Emsisoft examines this encryption in more detail, they will tell you the result — can this be decrypted. This requires a deeper research than a superficial view.

  • Upvote 1

Share this post


Link to post
Share on other sites

@buildstory the screenshot shows your computer's clock is over 500 years off. I highly recommend resetting the clock to the correct date, as having the date wrong by years will break encryption on HTTPS websites, and various other things meant to keep your data private. It may also prevent installation of Windows Updates which are required for the protection of your computer, and may prevent third-party Anti-Virus software from updating as well.

Share this post


Link to post
Share on other sites
On 9/20/2020 at 1:30 PM, GT500 said:

@buildstory the screenshot shows your computer's clock is over 500 years off. I highly recommend resetting the clock to the correct date, as having the date wrong by years will break encryption on HTTPS websites, and various other things meant to keep your data private. It may also prevent installation of Windows Updates which are required for the protection of your computer, and may prevent third-party Anti-Virus software from updating as well.

1. I think my friend's computer battery has deteriorated with the BIOS battery.
2 . I have a question. My friend's files are encrypted. Do you think the future can be decrypted?
3 .I backed up the encrypted data, I want to know Encrypted Some 1 files can be loaded. Into a computer that is not infected I want to know Will my computer be infected?

Thanks GT500 , and Amigo-A

Share this post


Link to post
Share on other sites
16 hours ago, buildstory said:

 I have a question. My friend's files are encrypted. Do you think the future can be decrypted?

There is a small possibility, however since they were encrypted by two different ransomwares the odds are not very good.

 

16 hours ago, buildstory said:

I backed up the encrypted data, I want to know Encrypted Some 1 files can be loaded. Into a computer that is not infected I want to know Will my computer be infected?

You can not infect another computer with the encrypted files.

  • Like 1

Share this post


Link to post
Share on other sites
On 9/22/2020 at 11:43 AM, GT500 said:

There is a small possibility, however since they were encrypted by two different ransomwares the odds are not very good.

 

You can not infect another computer with the encrypted files.

Thank So much 🙂

Share this post


Link to post
Share on other sites
On 9/19/2020 at 9:39 PM, Amigo-A said:

Most double and multiple encryptions can't be decrypted because at one stage the file will be unrecoverable.

I recently identified this case as 'double encryption': LockBit + Dharma Ransomware. Both are impossible to decipher without paying the ransom. The same 'Telegram contact' is used in double attacks from about August 2020, or it started earlier. 
Later I recieve and  analyzed the sample and found out that this is not Dharma per se. Someone bought the source code of Dharma's predecessor, which was called Crysis, and redid the encryption out of him. To make it look like Dharma's elements.
If Emsisoft examines this encryption in more detail, they will tell you the result — can this be decrypted. This requires a deeper research than a superficial view.

Thank So Much for Answer 🙂

Share this post


Link to post
Share on other sites
16 hours ago, buildstory said:

... are you think hope for software decrypt ? Y_Y

If law enforcement is able to catch the criminals or otherwise gain access to their servers and release their private keys for use in decrypters, then we can add them to our database so that everyone can get their files back.

Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future.

We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters:
https://www.bleepingcomputer.com/

If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news:
https://www.bleepingcomputer.com/feed/

Share this post


Link to post
Share on other sites
8 hours ago, GT500 said:

If law enforcement is able to catch the criminals or otherwise gain access to their servers and release their private keys for use in decrypters, then we can add them to our database so that everyone can get their files back.

Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future.

We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters:
https://www.bleepingcomputer.com/

If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news:
https://www.bleepingcomputer.com/feed/

 Thank so much for advice GT500 😀😀

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.