-
Posts
16,364 -
Joined
-
Last visited
-
Days Won
7
Content Type
Events
Profiles
Forums
Posts posted by Aura
-
-
Awesome, that's good news Thanks for the update Trevor.
Stay safe!
-
Sadly as stated by Bogdan, there's nothing really that can be done about this variant of GandCrab for now. So my advice would be to follow his recommendations, and hope that they'll release a decrypter in the future.
-
Can you provide me a screenshot of what happens when you try to upload one of these files to ID-Ransomware?
-
Hi khriz360,
Are you still with me?
-
Hi Trevor_,
Are you still with me?
-
Glad we could help.
If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.
This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.
Thanks
-
No problem bcj1998, you're welcome!
Stay safe
-
Sorry, I was away this weekend.
As stated by ID-Ransomware, this variant of GandCrab might be decryptable. In that case, I suggest you to click on the link they provide (Click for here more information etc.), register on BleepingComputer.com and ask for assistance in the GandCrab thread.
-
In that case your only option is to restore your files from a backup, if you have one. Otherwise, sadly, there's nothing we can do to decrypt these files for free.
-
And IDR says that this variant cannot be decrypted for free?
-
I think that after 3 years, it might be a bit too late. You can open a thread in the Ransomware Tech Support section of BleepingComputer, and submit the SHA1 hash I posted so demonslay335 can take a look at it. But if it's an older Ransomware strain that predates ID-Ransomware, then I doubt it'll be of much use.
https://www.bleepingcomputer.com/forums/f/239/ransomware-help-tech-support/
-
Hi alaine
Can you upload an encrypted file or ransom note to ID-Ransomware and copy/paste the result here?
-
Hi bcj1998
Can you upload a ransom note or encrypted file to ID-Ransomware, and copy/paste the results here?
-
Hi Trevor
Looking at your logs, it seems like you've been infected with a worm, and that worm is being spread throughout your whole company. You should contact your IT Security team (if you have one, otherwise, the IT Department), so they can assess the situation and start the Incident Response process. They'll need to identify the threat, and contain it (preventing it from causing further damage) before moving to recovery (removing the threat).
Can you do that?
-
Hi akmalfaiq
Can you upload one of these files to ID-Ransomware, and copy/paste the results here?
-
Hi khriz360
Are you sure that this file was encrypted by a Ransomware and not something else? I just uploaded it to ID-Ransomware, but it looks like the encryption marker hasn't been seen before.
SHA1 ticket from IDR:
0002bc7c2192ed4a5b0306591fbbb2fdda40b61c
-
Question 9 uses a 1 to 100 bar instead of 1 to 5 (as stated in the question)
-
Hi Ryetee
Can you upload an encrypted file to ID-Ransomware and copy/paste the report URL here?
-
It already exists, it's called MDM (Mobile Device Management).
https://en.wikipedia.org/wiki/Mobile_device_management
Allows you to side-load apps.
-
Due to the lack of feedback, this topic is closed to prevent others from posting here.
If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.
This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.
Thanks
-
Due to the lack of feedback, this topic is closed to prevent others from posting here.
If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.
This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.
Thanks
-
Hi Harald-A,
Are you still with me?
-
IMPORTANT NOTE: One or more of the identified infections is a backdoor Trojan.
Backdoor Trojans, Botnets, and IRCBots are very dangerous because they compromise system integrity by making changes that allow it to be used by the attacker for malicious purposes. They can disable your anti-virus and security tools to prevent detection and removal. Remote attackers use backdoors as a means of accessing and taking control of a computer that bypasses security mechanisms. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is then sent back to the hacker. Read Danger: Remote Access Trojans.
You should disconnect the computer from the Internet and from any networked computers until it is cleaned. If your computer was used for online banking, paying bills, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for taxes, email, eBay, paypal and any other online activities. You should consider them to be compromised and change passwords from a clean computer, not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified immediately of the possible security breach. Failure to notify your financial institution and local law enforcement can result in refusal to reimburse funds lost due to fraud or similar criminal activity. If using a router, you need to reset it with a strong logon/password before connecting again.
Although the infection has been identified and may be removed, your machine has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot be successfully cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:
- When should I re-format? How should I reinstall?
-
Where to draw the line? When to recommend a format and reinstall?
This is what Jesper M. Johansson, Security Program Manager at Microsoft TechNet has to say: Help: I Got Hacked. Now What Do I Do?.
The only way to clean a compromised system is to flatten and rebuild. Thats right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications).You have two options: we can either continue with the clean up, or you can do a nuke and pave. I can assist you with both if needed.
-
Due to the lack of feedback, this topic is closed to prevent others from posting here.
If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.
This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.
Thanks
Need help removing Xmr.omine.org trojan
in Resolved Malware Removal Logs
Posted
Glad we could help.
If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.
This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.
Thanks