Jump to content

My all files are encrypted.

Recommended Posts

Someone was trying to control my computer from remote and url show ip from svchOst.exe 

Amigo-A said that my the computer was hacked and attacked remotely and recommended to write to the forum section for curing and restore PC control.


I think have  a ransomware or malware attack. I am looking for decryption assistance.  My all files name in computer have become added my domain_hacked at the end of file type name.

Could you please advise me?

Here is the note:


!!! GREETINGS (my domain name)  all other employees !!!


What happened ?

We are a team of Certified network security experts, after accessing your networks for more than 3 weeks,

We hacked almost All your network , All Computers, Servers were hacked due to weak security

We Accessed All your Accounts and downloaded all google drive files, gmail contacts , passwords etc

Your files, databases, documents .etc , where DOWNLOADED and stored on our private servers

We Downloaded 900GB+ of Files, Backups, Databases,IMS,  Contract Documents, Property Documents

We Locked or Encrypted All files,databases,backups on your computer network


What Do You Want ?



You must pay us  to restore your network and all files,databases,documents ...

You have Five(5) days to pay or price increases


How can we contact YOU ?


write to this email :        [email protected]

write on telegram   :   @decryptionsupport


Why did you choose to encrypt our machines instead ?

To proof we hacked your networks and we are still in

To show the risks && side effects of unsecured network


What happens when You pay us ?

We Provide you with decryption software to unlock or decrypt all your files on network,servers and computers

We remove all malwares virus from your network

We Delete All files we downloaded to our servers

We provide tips on how to protect your network from another hack

What if We Don't Pay You ?

We downloaded all your Data, Files, Databases,Credentials,Backups we will publish , leak them on

telegram channels ,discord servers, twitter ...etc

Everyone on the internet can download for free

What if After payment you don't provide help?

This is our business.

We honour our reputation


For Guarantee of successful decryption of all files on computers, servers ..

We offer free decryption for not more than 3 encrypted files before we take PAYMENT


We will not PAY people like You, We will restore from offline backups ?

We will sell all the data we downloaded to get our money


We will publish All Files, Documents, database , Credentials for free on the internet ; telegram channels ,discord servers, twitter ...etc

Data we downloaded includes


!!!          BEWARE !!!

DON'T try to change encrypted files by yourself!

If you will try to use any third party software for restoring your data or antivirus solutions - please make a backup for all encrypted files! - Don't try because you will damage all the files

Any changes in encrypted files may entail damage of the private key and, as result, the loss all data.

Someone is remoting.jpg


Original_readme.txt.zip Original_license.txt.zip Hacked_readme.txt.zip Hacked_license.txt.zip

Link to comment
Share on other sites

Hello @Jibby,

Welcome to the Emsisoft Support Forums.

@Amigo-A has already identified the ransomware family as likely being CONTI.

Unfortunately, there is no known method to decrypt files encrypted by the CONTI family of ransomware without paying the ransom and obtaining the private keys from the criminals who created the ransomware unless they are leaked or seized & released by authorities. Without the master private key that can be used to decrypt your files, decryption is impossible. That usually means the key is unique (specific) for each victim and generated in a secure way that cannot be brute-forced.

As far as dealing with any infection that may be present:

All users of the Emsisoft Support Forums who are in need of Malware Removal assistance are required to complete the procedures listed in "Help, my PC is infected!" support forum titled "START HERE, if you don't we are just going to send you back to this thread"


Link to comment
Share on other sites

  • 2 weeks later...

Thread Closed

Reason: Lack of Response

Private Message me to have this thread reopened.

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on a system, other than the one they were written for, could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled "START HERE if you don't we are just going to send you back to this thread" https://support.emsisoft.com/topic/31345-start-here-if-you-dont-we-are-just-going-to-send-you-back-to-this-thread/

Link to comment
Share on other sites

This topic is now closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...