Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Dharma ransomware (filename.[<email>].dharma/.wallet/.zzzzz) Support Topic


  • Please log in to reply
594 replies to this topic

#586 ELeach

ELeach

  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 17 February 2017 - 02:15 PM

 

 

 

I have been communicating with makedonskiy@india.com for the Ransoware payment, have made the payment, ran the scanning tool, but when I tried to send the keys located from the tool, I am getting these replies from the Gmail account.

 

Delivery incomplete There was a temporary problem delivering your message to makedonskiy@india.com. Gmail will retry for 21 more hours. You'll be notified if the delivery fails permanently.

 

Anyone else in this scenario?  If you contact one of the other emails that the ransomware sets, is there a chance to get the decryptor from them?  Any advice?

Does your scanning tool offer a decrypt button on it?   The one I've seen does.   How many keys did you find?  I was able to locate 6 keys for about 500,000 files.  I'm trying to get a feel for the number of keys this thing leaves behind.

 

I haven't tried to decrypt yet, probably this weekend.

 

These guys are all using the same package from what I understand so at least in Theory you might be able to get another one to help you.

 

Do you have a scanning tool with the decrypt button on it?  I'd be willing to try it out on a test pc we have just to see if it'll work.  I'll give you an email address to send it to if you do.

 

I do have the scanning tool with the decrypt button on it.  Unfortunately I never received the encryption keys to insert into the tool to decrypt.

 

I'm not exactly sure how many keys were used, but for comparison purposes, here is 1 key

 

AQAAAItmSO8DAAAAmnREN1+njg5U8ab+L84W49TigeIXYACq5ZDqVNQ1bxLrZHDbnU6SQXVWZPouodsO6qW/+FrPSB4VzaiWj23Y/9DMNWxZnG6DMYJegv+euAcaytQs/8npDbHhs6x07ko3yoHpsR0Sg1JFQCg+AXhPvRuC3YLnp+GE/h5yyTnnytA=

 

and here are the total amount from a 7GB file server

 

--Begin Keys---

SwAAABeWpgZxKgEAmnREN1+njg5U8ab+L84W49TigeIXYACq5ZDqVNQ1bxLrZHDbnU6SQXVWZPouodsO6qW/+FrPSB4VzaiWj23Y/9DMNWxZnG6DMYJegv+euAcaytQs/8npDbHhs6x07ko3yoHpsR0Sg1JFQCg+AXhPvRuC3YLnp+GE/h5yyTnnytCyBQEA6NTUTFiI0t8PB5SppN4VkgGMD6yhh0efXtkJSC7p8omDk1A/u5WI930Kcia+Fl0dZfgNaoOMlGmUrpdB0fF2w4bYDfhO1Y0MTl31MTmcpzGxRrkEDC6zmh0aYfMC1EwawLFNDFMPVYAMQRnhSfj5a+FvjwBE6xoxjHQnEnkoJd8IAAAAO539c/p15nr+RZsWIyUS6ic8SHH7BjaaTm0eDc0wN4xrlBs5oZp+JwM22hb9yc3KYe37hY0rHFCQCIufsYD2+YMZmJHFSitPsBLALHnkPa05n0Z4tCfPTEkFx5PBdSGCjAjUAEPG7y7zWT1mWynm+VIk/M55GdDwrho+tbTTdoUCAAAAvPxdb6sGiAwbahwVuT7CbFAEoGmRIFLRBI8Qk9rP1E54wl9++YZAXOuWi8XfaR7GQ9c1JGAz2tQArYb/N6elSV6d8SYnWFTESNcTRQLr9YSAW4UnkCUZk/yg58UqXUgoEX1PzQAlT2vbXs4KOn8W+hC5MIpRATA1sbU/rdjeC8Q75AIAqYanvswmFW5JE6bQFWrCwGlLH5Wzq3vqtsRxiwTESfMNNtfYRQ7rcG/EVZzdjsvSSv2seuzW3FhhaDsbrdVC+3nBilEeGOEU/xeCGwvvppKzwJ3v9efI4yGAd70fNxH/PeVc8iQvoN9ALpNOmmLJTSde7pRvx5O5qAKTZ9p0Mxvz8QAA1sftyrkxQGWUDepJ/qDAtNvhbxDkMRbXu+uXMgx4Tl1IAzO2MhePPOMrO/chHT0l93q3AhoHekaBc+fZN0lpFR6noJZFKg6K8GJNXqxXOPQ6lIMctYAsIzOHS0j2EmB3aI+BaNQN9SbN2A97dXZuxaIvD3uYhnb0Mzavig4saKsDAAAAqDLaYnrHdc6XIEBLJM7/RuX5oklmWPkB6s/ktoAHhszp0XTUY/cfwIDOeHZeqi+umHvGhLxiD/8rATKDPPPcJoGpI8g3TkWHekq/7mMGC6Q3S5HzMTEw0jwnCafNmA/ALwoW13VonU8ZX/H++qkwrvNDAI2/4qhTWT8o4WvjNm/XMgAAO5YOCBc0gwk4mTee0u7OVWHTx0x6opEmSozNBzURFA4jJUp2a7C1QqhqTqwKs01+e1vmFC7750aK8BXXQolmPo3j00gcPhoSiwy54utMw32BKhA7fJHTvWkNcnirj3N0Xf8mWQ378D498/hRFABdxZMRVpqorkdoA3hkzB+PiNzyAgAAD5Ne9c+ehkc0GDsk+JUc7Ck6iiNeZXI5BWHQzmmJspCmovyWel1hSfGOWtib2jTaQWdHqwOMdOojLIqKiz4WC62/WkwMPlKNyzG2J5VxI1u7oezKAEDgfWjxuGzqLoFNzf/6zFHCViRXE0nQX+74XIhQO+yTKvIZRVlCf12Uw4kkBwAAaEMsuLHdc007c3xpnMQEIeiSooTArsnoVV9RaSCxy7vVnzlIRY+3eyJS+WUsIG41PuN0VYiFLsnZcAKaceAP8z+iGBAfFnLLBBcYXY0efBX9HJC2MPhEtGypSbRFPFslgikDhOql8F4I9ONGVJRWxD5cZY/+VF6Yf1GPsLUdRVytAAAArw5MbgkjDqHr/8pKdXY61WqhsWpRlJBDL2Vf1wJGkYvztdZEHR7mpUjyTwB6u3PWhEpfNVRBz5VS8vYh9IuTjvMFSf7zRMGuBtLTtXDtY83SRrpqzQnxnrpU5RGgNFDyMggy8dAPS6HXysjrK6J32LQWcEyCSKp1cZv+SmMaYmB0AQAAtiz/FS7X9YxQqIi2iyVr53qc2buJkPkZDRvGYsxjqczRTRS01eQMLHx1gG42tpQNiCLFhdQp2lYdbNJHTKeKTBvMMcZXET5rBdLDqltF91AQ9Ee86z046toQrV61DVkEQf0viDaCbwSlZ2YgsdxOIVGeL2w+5v9EQjdTfSJagzKZAAAA6zEjf7fMWGlNMhSfjvEjr2/5OadAqsvdk7o2QIhatIquXdxtAoMS9QMmk7AeF8/WuSmAB4negDtNjweuKzaa/Tgf/+h1BCSBE510T7puBiAPNjSVjHu8EI0yJrvULYbkFxJ0jRGjGt8o4VGZeIjrn8YNAK06J6PD8Uvjui8rQQ+iAAAAoO2E7YxSoDQJbexqzbMmpeef03KKkHNviz4uZ5MfB0I5Fdp1UuuLeoeeh2dTYqZ8+hU8UNCDWkAZqVuxt6KnLfLneTmhRj5FJdHksCPSWQcIuOQVXgThy/5XsRO+dTnRK7Mr2NhO+E96421RDr28iurQ2R0BRDPZn56537G3YMaHJAAA4PS6tY16jjCwDyN4xWyWl37pcbA+QSSQ/vuolp5Ie3aDIPZBAEKDyF2WLf777yeAW175CWpNbztiX/7ckv7bvRp5vnIvSRdKBsS1qti4dzxEBhcVp1/YFwF5Va7CUgF+ndhp32OEy/HmZcmJCkKK/EMc1pLXtW3hq6rggaFPvIwKAAAALQNEKvHBArvbtrMRchq/Z4/nN1WF3aVFNJDjoWphSJNP80bKtowOVf8e0/at+SsMgYTd0eAANH9vt/plJWh6oWEZLCSc5VqeQTff364oCNyPrff98gKKSXneqd8e5jVWY6KkK3AKLXP3DOsnNI5hkKMKSDAGR8Ouav6SbU+MSlYGAAAArDr/O2NlBincPNxhTANPhBoXkw7AYnWQrNiIqpSa2+pAM+yGLL10Cf9N9NqwHTlatTSGTARnfK+ySXO2n7AYTMu5zV3wHiZafaTNywaL7NJZ09t7Z8jmUTlSRxhdqAlKtgCm4bxfP4GSlhNvX8TtZd5t22jc3lvowYIxQn/uXamaAAAAQLfruyi1Kbx22n2I+f0Iu5Jd1QmCbxwruMsALqrYC8B5T5iw6i++T0jnkN7mVZuw0TsgyCJ62EfedxN9hLg6BoHOFebtdODltkripWF3QvfETw1N0TwBLdNGqSROwewLCwL50rb3+/GlWUgta+D/YP5KaLPKrax4KjHEbxG6JGp6BgAADIrWaTvDs5njOvbyWVVBl1GrY7TZoEd8zx2mt9DWj95KEJ0+AITorermRs3GHX0OJLgPD2rC65I3q92d6l3v8xWsDeX0GJ0ZUh68BjAbeiegyHhcbgWe0NncFbSx17zHXRGDentcVkT8KhJWExXVJvrOD+DRveKJ7lwQ2dw1qfkFAAAAYD7oKHNp/lDcefYypmdZ0OL0+W+BkQKv34WryaUHVZrdKqKBs2AW+B49Us99qOXtA145zbi7S8TESxCj4b+xcHEibfRtjWbCKt8a71v8fx8tqn2f20BL1SlMnVvtOpMIrmd6EJdD8IKM8xwJFX+GpfYQs4wWAmUgnl7awiHsiSr2AAAA55X+UihbTX4w8ogLrbx9f+XiltgDTRGPOSboUaGsSBWVtALODPP+YDmpl3qt82phLnOKqyM9jwREjQWDspc7IdoLc69akXp2DEK5WKsdjWz30VItEMmXUVfvkMqR7wM/nh3Q8XUb3nr7JG1zAPZ32Njk50ta2y9VGnR/H9wjeJ4CAAAASZIaK8qM/WaCOevrYC/Ah7uxlM2MeH9brDbIV9w0AnhXoOORc+Du0ficBdAgDibQl1qi9qCg2qnH37RFAeEVV0366eDW/ioZvEwwPMS8xnvte2orZXoIqQhNn4mAurUfXNAouMHW5fP2vHAoA23uau1FpaJrDcq+5K4xOU0jrIsyAAAALPupGMT+IrKAWB/64Zv578yOhUxkHw9GIwW4FSr64++IBR7NC4SRzgqjp90hXLHHJk0RRxVWwYJbpwz6Vtep+3uCqXlbh1Z+Tv0aLAjKmyjxPHXhFQIxYNiqlHSICnzWDydmuD1QnwC1ybe0tj75KqnDCgh+DvrTcW23WBtaYpgeNAAAjsXe66oVRwp+J4aLFYIJpvdXo52UN5IV92uLayA31SuT1/fxS+X8AJf5e0RpdCpFOlh3+EP+6SBAsiNtrZiKK/it6NDvaqMWsAZ7IpEVRZcC6Hv/2ZX40EnbRpdxwLCTYyVC5jOYdaFxgkfJC947olhCdfTHgtEaqGHKngR0Hla5CgAABigeCsDEQZzLkCFF8bwdPoXlqnvl9F1mxORMhf0OsPal+aLTIuMNa81j+F+P7+hwsuaOUPeS+Lrl8wON6Plp0b2Zpc4p3koiExh9afBWDdFtz3e8HnBiDy7FhhkVDzgnKolP/KSX/4Np02YfGXivYiFPtN0Da/3FyifdA0rPmZ5JCwAAAvWzrQ2F6Lijv7wzorDZhOqEOyxCASnvY9cwWXWFMfX8F1FHJGr838PJQU3YlBXUYz/hGt7VCe0Dv16A2a0iIlfllJllds9bHaQ2uU1DR2SM64Ijzdb/0INv7JizZdSKq7ec6XKCe0B7RbDQ40M+ZKWF3Ic8LooTDDEYZyCAlCioBAAAJniLUKWPM4+8zy0SIPcQsS76Kkke2IzFKweBz740h1KauTvoIBrjia8T2oQo4plcs06wCMUpo8K64/vdj9k7LH9HY1cDREx4f37gmoj0Le9YyyzCLNdd6E9FmhD4THIRhE/j8zkc/Dj06vS45OGfivkw5mv50X77u63cO7IThwEeAAAARXJDRcOVdefMr8nwEw1jjiUQoXjJbV94yV2gCx1ZLncl2PPJFSQ9pYIBavbiP6IGy6PbrHnueaOevByyJ060LS1PhtP0P9S2So8oViyVtm7LdiGIdlKp/3Rkejd1kG5dTOl9X9NypSBwPkGTrqQcIK6mVV8K8Eqt5kEbUNr9sGqAAwAAckcKUqYmL4QpU9RwWEEKz9PB7tl+/QuzH+ZRSzOHB/nUlMYEJs9EHJBJn+rHWUP/IfhOmKlmzBzBdyI+w2JBzN7VuH7QuO6J/MGKn2p+FcF+h/kI/EXu/bIQz0E2Y2rgBV/LcCDLM9rLDdpQ422XllEZRx8/u552vpCOFr+VCVMoGAAAZiMIAdmb10LkrJGkHUEAK6LdT2PAY98UMqipT11qaDhr/pk1mXeu13N6AwhkD9agthc4TF+/KANSae/hhUmJqFZnkewurBmZ+p1z+ghol3Aw2SD00h/5sbqNssvynYxc9xvqZIXoIfVGIKvC58d8NXKBak7ctFcm0swKVXvG4+T8AQAAJPSyoOq5z8URkmCNAbKolUrQLAjCCjqhdO1TCAkP5wS1JMq3RJQhdz1ngWScYt6QihH+oDSVjfmb+dXCplNxTR6uRPKpHZAAHE1ai3/R2+V2G98f4BqxChY6lVNPx9Zb9FrqYdOs02YWym+p8c4sRz7uWrjdFIXCufq7KiCLGdg+AQAAmoqoWTOIsPP72CwGgHLS7MZ2hFEHcoku66Nu7WH0Fx2wocq/pHryaxwkjDMb4z9O/63o5aMHKNcIXRZ1xwjWo91og0VonaI3uYewOqDjGxGOj/iM+0lLqonBYBJydxys+Z/drssWhZZ3rjGlq6gwel0mLJnxuFnG+q7w+mXekcWHAQAALwT1+o+xZIS0HyKlwew1QB/SjPjJapvVSyHX7OEy13O4U7j2KMXtNchODCDrgEfXs3mtNHyWxavjdUAPDn3VQ22YuAJaVeQnJNIg4A0EWoCmtgJSp39ZgACQRxusnfUdYY3bMqrCIe0ACVq/XrT210Xs5wxeOxlYZezl6zSKqAF5BAAAw2fWCxqu/CW1yq/XNhJEZapA06JBic3/gL4Kl4s49iop7NlSc4TEvMKw/0w7OvkpOVghZu9wp9QpZn6zQ5qaTHyc7U0bT+eoJrxKjfAZyxEZXQ8ZQSW7I3lFRiuMXqLKpxcnwPrIdp/FLMWgSEsWM72JK5DfwN84jY5qtAxJ4P8DAAAAev5uClCtAbznCkx4vbIZuYHeV17DGLZ+N896f4Y+Kvdq+V4hQlqFHljvtfTvZEsm/L6l482i7HfC9Nq72pQPgWD540akjPxKQlbMMCQvbzQecxRdvj1g0TAamT7UR1teP2wHHkrNIP8YQamgxp8JoRTy/PWOyaxxdUeLKrLraZ3DAQAArj0yhrQ0/ASHXrkbgemHuS7PIr9PNmPD1l+keYMNr8K37v7DwqIvZB98naD7mxrsSbVxawIq5n8pgZrW6pOBjum9sJsC1lu0iqhVmwFVe1gKBuMouVMvYj7EMyhgAulAwu6K1nhP0kTjIHJ0itVwbDnKb7wVWUXFCX/2jadpQrBxAQAA7PIS15BeW3clygbts9nH42bIuHo95bWr9hQZxSSUi4huiz3N3PsHuJgMk5DoS4FS2Jk05JjGpr0xyyIKF+F8Y8f3wQOB+Xd5F8Jm9lArCvN+x/ZAwlK+YYGNeWBrGhislSRiUYkyfHuNLkU5nhxkMqJFRKV+JxJMMOAhgKrs7zrFBwAACBnwrupgjGjdLG0CTRbs/b7af0/U8nw6PtTjJbZ9fpLHyrZtv5EjuS31Y5yrprSplmeqAPtp76/eyoOxA5+j+u209NxXjiNNqqRmDUJKZVrILjR0l6nGeprPxij8m8rJWt2BzLgnuLwMkTCo80tmhmkmMsarvQiB535cNNGTBpIHAAAAPNfNXGvthRZSrCOvy7fiZ2Epl+RXhD/e/5RU1kWXKY2inixwRcvtK0iLfci5DG/E8UVHnpuSpiwkrVJSue4wawTvD3Llv+nAgZ/17JBgLfxplxqP1u3R38At9BUIfq2F+U4v+Z/jS8wdDtiNZmIJH0+DPdwsxFZUyM/LevRgdiMRAAAAagoQPzaWY72lDJgEIiyazVDHt3O3jihcQFhtCFIWOtrzAiI4Q51lUHkhRTRnyCh/J6JBdbc0CKvP9XrRftBhY9V1VKRHQIl3vQOENFE8EF4H/+o+aTyIwmnoKIFUjNdSFYGuJu8YXGKq4c7lAOposjNGRIeIWnQX0CFS+lT49WgNAAAA1knLjKsBIIggl7NTJPSjpfslNUSpUMSYuYfxK0QkH5u3I/NgUaJQM9HzOp2zR6PoVnsYvK/IWoveqd8Xn+xajoWcgDySRT2v5eO+KtcIgkYzgRH/R/cb7oTnTnTHWSGoAHrsZQLHI4K+5ObIBNgzKm4iCcYOq3Y+QEWPn5u6aJETAAAATwS3xyC430/3aFbxP61/8WYHwCBAI+SYBRnwve+N67v16/Eo+e9Y600eOOjmHz/BF07ZSROVVLk1toGpKxvI+jNEhwOiWZALcnNnDW4sYGSDUk7x/N4P//VaFdQ0Aykz46nuwOccKqGbnNIJnQFs+zLsG5kUtWQGJAIwVfEAe0wIAAAAWT5NBQjDpBhSccyp1xFw9Kztd1wIcwv2izEwXrZO3VdMk6tVHtGMFVfME6C4kmTHaLng/XEVtszXPJ92jtiUufmzSt5ei+ui6k1U0w1zmUD5e1YaPURupzbaFlNgUrXRSBgX0gBvehe6//vqgg1tQ/0IWszVFBBlwK8Eq88BSEcHAAAAPmD7NsRkHTvVRDsZuJRuoQDDfyTIpJRdQuBwa0TI6n/pzcTW0y87kb34XwtH6Z4CFV3URxxQH7aUMV7Rt1BS7vxReBwYxcUf9DNWCiEM8BIyBoEq421rWe75m9hPBVquw8u3ZsviYj+63xx+SJuPxnEQ1BhRukpohWmsrkaeYjYGAAAA2YgPvis7jhPAWGPak/caDWhzd9AB7fU46veE0+pK62MLL8dnIYRzHTxzC68PKxT32SeB7OFAVR0I99XvAtVnjtkJB1/NOx04z5WPhlcuO3ElR3AQsXfh2G+uatpIkCm+QHQsqb/pgeYaFFzqwbw0UTvJ99kU/2F2uvgMcvj3WLUSAAAA4RsxnNm07xeXFSTQNxCa77OiJiq4GLLNhA+82DGl1huO/Wn1BGnsQu7rs/xb2TvpGAZde297ExtBbYBhonsl0KCJPuyLQIF0C6UM2pzACWbjKE2neo4GxOM3oBRVFq+4zC8gEdFINiYY5iLzuhnA9USx0m+9jbsXzYUd+5exFrAWAAAAMSuRwM5hg5Qm8ONWIXjP4pbG+kcGdQnYTvVbQ849jsQaUTZHiwl0lbSuMlrWS5cIlafgLii/+uEDIZCwF6rROdKLVVnSw8ghVXg+eG5LNE1Kqr/WGVRDepMrT8a9haR4iNaJW749ssVAUZI/xtRrvbBHV5mARK/8c4RDa3028b8JAAAAULHBF24I2Od/hdcbI+PjYHpB0CwW/yvMxJNaFiWbF1bEh8BKnMrLQlCA1LQHoO6I6GSqx/MjMOmW5/3tqE09TbQt4heVIRHcW926tm46jPcQtSIlCd5FCx5McPmZceFJxxOAoGTrkodtJUSPk0tQ+Nx3PkFk+Sfr+KTrAGHZ00sEAAAAUfjHohBSUmIYseCj1eV9w+GFF/N6pYidfhGWXJB8echJ95etbpEomHVlwSUscW5SAR/cj7hxAgZ2/+b/iPx+IGA/afxjWgIg+xJ/9JdUqlHCm1GybVMhJU9XwYXKu4YlarxonV7tztnRghXsRw1fA90Ns2yxHz7vLQsJ3GCdPmUCAAAAn6LQLl3ySZbveBIzdNqYh+YYSoFqHpNNTlRZ4ZGQhvTrDDGb9ypE2nbIrr2JMSWT5DNIn/OYxL5gEUxUczOwaTrAe7tProtBinLGzrEwzXsACx2bZJ/MyaROhwrdfIwAOHR87kP1qSFd9sLKxDI3Ya7iWU5ErzBqbjdmxvBIIy0UAAAAzJNN1NpXEA97NRWWWZsm7NVwz35wu03bYrsKospEgYcG7XLs28zLGxX8fHGNfgFzwd3Jo/7f4S+TbHGV174i48PFkvTxsxo7LK13qwSRT7xREFRQGzY33Y3k0Y5f4EkjcT5lit/kw0gS6xJ+DbD+pmVzQ6J7DKYFVBV1odyg+TtDAAAAyBqolBm9Sq2/JUB9pbBOv0sO+n81Mhr4w9Jruv5oDT/9WgEWSH/gDN1FG6YQCd0H7SaMTXNnUsbPNyrVDshVEBqFjbHbehL5ftImmyy7M5AFb/HMrlIcg0DIKhoQfWqBTA1WJYi0k/F4kZGfZmd4cbgcy5Jz358dDuxq3SPCRw8SAAAAx4aHfok1UoKUs5hW2FI+4rbzcdVihgRFBLSTlWqQbBJZbgz3v5ROCC1NXDfaGnWcsUZ8+csibj4l8+qgPFSMAc81XQQr5+FfrBg4TNQuSkgPeCapq2VTlUcGQAHQ5Kb5bt2GJOajXHN7cdU8H7jSM+SKVhtzsrksQHf/D0qI9SgIAAAALRfvpO36lwpWmvhzdLALjZtfaoBdK9kEKqZ9ufFr3+/e1wrEgWwz1jQ59CUZZLNgvFz8kpS1lxFF5oNfU+jPqJrrh4umI0Pcj5wvAiq29icxbHhlieUXt8QJGS9c8hkwh0BQmuasiEeh/4tIzBg49KSi/MLc9IV8Oy/fTpfv4x4KAAAA71EGprbUkFEG6j/jRaFA9AGMbC2KVyRKDW6fPvDY5nddhlzfkTE3DaOsY3mnFFfHTJpN8fYFihja5GMxXjvgRTab9nGEJti3znSuklTCtkFUH8SY4pnRBy9VKMVsaBtnSC2CMdWo/jLPgSAiBr+JMrTc1wSJE9/Zb92rcsxNHHkHAAAAngpbL+4rytFwkyjYUJbN84zYnAYXMZDJdQvGZf1PSUpr5ZRHmDb7UislMAw2++NCLc1XlYA72tftqtN24D/1WSqhtyHme8nQk2Eilu0QCH8bXoBsqxq9tXrApmHdz8JNcVjwOjRTOK+ESGpsqI6ClSwgYQMnOVsvCrgDXf9rY3QGAAAAs4p71rAalIkGwehlHGRWpur0h60PcANrXedr7xdbkxm5bym0YJWBBT0PzLPnePC/N0mx7iZ4UTlpmvjna1PdsaFTPZPJa7tYWnZ24xfjXn7jYJ2/ze94fQ3qCAPGd7/Mc599AXIg63H2+LMaf7iofUAsPzD4R0BwxreV/IRk7C4EAAAA5yOQf0MpgKnHkG0+wrK83lKgcHkF1WId6psPjyL/v/YLH13rPDTCfMZ8ejxvu6XasiNKtukkzxfHvdIHfCvsF3Snmg+HBNGlU+WqargfnjoYrDSPPY3Wk6GkZ7DSg0VbtHM36dpjWLonIetpzlbcbWIcueIYA5xBq4UtwXvIU/hVAAAAKUbVFoguL+h0tv/xjMcJ9yjC09ftoqxp8IePXr8JNrpTJc7xUZ6wSZO4WbcPmLMzivnVVQpOzNU0wiMAHtSMSdP16rvvWmBnyf+TvMFBadolqaC+qaCccBBwXMzsSLUER9P+xbH59aKU86L5h97L2/LiGdPk3h8oDZjRejc7yPgDAAAAy8f2yYwoQGFMYKN1rGAlQzNprWr1Ft3tQTU44LebuWiksR/V7kmbVMOr6Na3Ud8lfGaLg68G8/yNQA9o96wjFOyzpUFsXU/YA2CHmwywtTE1z8XTRXeuEO1rhIN5QDQd+0OPcfm9R1l+wynHoxJvs0hi9LauLPjBNX/WCWQNfYZEAAAABqaFmN6GEzAx/ADPv7TiKZJgZQ8bu49Ydjap0dW9ALl2Sz5IFJkBJoJmdRTG7XwgrOdEa81qimxflkgRZRwDXgaPeqCqtUNHh64qwMSJHrvRaCezVrkRg4kIUs3ykP081QNVpQWZlsTGXyzrqZqpahs+KfqfBbgNAWi8zN1XjnwUAAAAdrRW6RDP0ggwAs4crw/aTn4cCpQaRYyQWX4h93xYkDSzZ2iErRnxYNDQqSnu3BQd6vCP0SKCfF14qSy1NNbO+yOIgj36xAUTQNocNVKRgDRSSPYKJC9P2fIDFTve9Qaa7qsnQCTdHnTePigQvVfEssG3ClgP89hk/zndZC0EmR0lAAAAgcfJXjdxo2VGizE762I61ZQGsatbQLyXfptf7mOJ19qN1p6l6Bg8lpuyantXf+3RM+CgNV+fFyW0LTXSzxSY8F0OxGshqXGoasXsGaUuUAs2SfvTgCfW4aZ6k54/YtrTeFFLuri3N1cS7sHLTQNeRlYb5f2GtivrHLR2fdSopcUTAAAAbWKpAlX9qbCf7Xzg/TOIiHpcmG2+I1CJzvsCfKTLbXknA3pgGyVVa2r5Ihulowp3BlbzA778Lbc9uxP92R1Tgo+gwA3Wc/uXGI04IqaZLczIhpWjzxZZdZ0LuhitsLQzMcL2cVO0FQfr6haRCDpDSPjILqBQWZlJVihaKa+XpFwLAAAAX1R2o8RKzJ6837RERo4ecX2mgT4cg99nCBIgK3AkrZ8GrNzYipEc6nS/NvA35K18caOz2kpGgLwoQOvFU6/yiKUBGVdlzxyXAvGCiNuRm+IkF7/B0TD24zp8X/cjwQpsRtTLDplVLFXZTntMFQu1muwWUEjsB3AA+T8Ftxk7j0YHAAAA7iFTAydiycxbYVOhKyU1FZu4HA4BaGVaTTsMoVyb9zYCcLp9TWh+uBWugJGJkTyvZ+KIhnOmuo1SDBr+cUQSqzoaDPaSKKwBoP9RIGeCAcwIykRdUcjdJUbVUJkMyF0XPm//I0Qyn4vofXOOlkrK3vgAjAF6S2Syn3rcZeSle/YdAAAAyMiJkSzbOq4cPpTvw5c7qUl9nhfZdbtscn03Vvk7ZR8FXm5owy9lK2xX3a7rWbn8GRNR+sPhN2TaPiQZTvq+9l5l6faOnjxfpROEzKlpEnfF47U8nGWn/nP5ycwuqKsDUUT0sdw5wE650KBl4OoNCUHlzJhl0uVeCTjZ2NHDvXTHAAAA8AMfo6ial9n7jSS1wS1Rwxs1Hw2VGnEXapqZN6togQWur+hES4INOwCYfeYh8v8lSsfC+t+5LzEdKEZ2r/Fz8AYspxf8g5D7NrvCDDX6GBU4XXKs3fHG9n1N1YO9b0beUIva51SVNxpvKvwQhxzUuHXHZOSOHHtnS/Kh69bsMOA1AgAAb0Sz1dQw5Zd0BszB4lSdsHn+hJKW0p0kkgyzAXsDGeZ7MYlwgp8YgePaqxtFSHiEVGRwep5zelzJy/uzKx9e3XhWpt9j5KddCeZ5ch5ulNcMCxLlHyMISrwtAAYN/yziFvWyAif6jfpAFTZbrYvUy7y+8oTxLSYGlaxvtaOLT+xxBwAAGQ2btQTRF0G2/BhhYX1mm2J3oKit88uHhVu3oRlxUq1SrE9ChcKg+mXr0FtzEf1VfPix2lxlU5rdKqqRqvlcvEsbn3AYZn7D4FpctzbZvTgmHqV59WLNmPrC3f32kFYF4eKGUHWZIiNsb5jFI9xwYq18gLxuTseZLzra7JD1+MR5NwAAyZoFhNmwF8xcpsTY5SnasMH3EWxw5j8jd9BUJLUDSFKzdbQjmkJph02Jc73flzUH0kBdoblk2khbKWadNnyyUs6TW/sy1PUPla3UVbVTCVd6VYRB5x5fnS4giqCeVJwCCCsViw+XP0L4MFkLJEkO5cYrBiO45tirCijYuqWt8C9XAAAADOjkjkZ0K9H/KBAvMyEYw3Ff3lpk3KkLvpMe1FWyudkLczxFTo9NIbYKl8M4loqTgLvB3Oxflv0eza2UnnjoB8dIdx+gKOGLaMdoP/RjyLwvaJK3ZGfUG8SA8T2FebPddPdOrvl08XtUFst28eXYcaRFL4PfqMV2zmP2GzolC+wZAAAAWF2OTRYv5xaCN2UKfPkpiDEDbyCsQtTYz/TTO/NTFohiGBB6gLS5Kq4suvm0XzTRBQ8O2YJppNsGCve9MZ7IY/PrBztMqtQuNZyE84ntxQeU8YmgAKy4DjrzrZVVMrkvf8qsuUDroZJ8Ft8pguPBvI8altqodHQ2Pf2M8R3NiYT7AwAAHHo2zjAR9VyB2row0kbsNYjie5NBFoAQ+cgCkV7+RD6cSuKeYPHdBYStyi8LjeNpWijsvMljVVZoroJMFHndpYFqzgN0oS4fe9qWIFEBW3cj1OSlzhuyg5glOc+hX6ueUDhcdPRO6tx+ogDkwCiKugjyEt7MIV6ii1HXLBABh7ahAwAADaWjEO+E7m85ZeQ117rCiBeYVwHTEQ//Tw6KC0ublOAFpMnugNrG5jYNtt8AxFjxUJLbtcLl4txpS0IJRPx8/0VGl4OifgHniofEXVOGZ/1yHaiAhq97ewjPiig5RRuvB5hV60iP8o6fKv998ECtMJB24m4WQg7zqh3JecEaleg=
--End Keys---


BC AdBot (Login to Remove)

 


#587 88DocBrown

88DocBrown

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 17 February 2017 - 02:16 PM

 

 

 

I'm looking at "third party" companies to help me recover files from a .wallet infection.  I'm guessing companies offering the service have purchased the same package that the "bad guy" has.   It looks like they run a scan of all of your files to look for keys.   If they find the keys they can generate the right decryption script.   Has anyone else seen this?
 
If I go to the pirate that did this to me does he have to do the same thing, or does he have another way to create the decryption script?
 
Any help from someone who has gone through this would be appreciated.

What companies are you looking at which claim this? There's a few people farther back in this thread who were ripped off by data retrieval companies promising more than they knew was possible and charging nearly as much as the criminals for a inferior result.
There's also a handful of people who paid the bitcoin ransom and only got a few files decrypted or none at all before losing communication with the criminals.
I am looking at Monster Cloud.   They claim to only charge you if they can recover your data.   Has anyone had success with them?   When I scanned the previous posts I saw people talking about paying them upwards of $8000.  They have a website focused on the Dharma virus.
 
I am also looking at Proven Data Recovery, pretty much the same thing.  Anyone use them?
 
No one seems to be forthcoming in how they can recover files, that's a red flag.   The only way I could see this work is if they purchased the hacking kit themselves.  Then there would need to be away for them to recover the key left by the pirate.  Then with the key and the kit theoretically they could decrypt.  Is there a flaw in my logic here?
 
Anyone know how the Pirate figures out what key they used for your encryption?
 
Doc
I used monstercloud.com and they successfully recovered my files. They were very knowledgeable and friendly. I don't know how they recovered them but they did and I would much rather pay them than the ransom. I checked then out on consumer reports and verified the phone number I was contacted from wwas registered to that company before I proceded.

 

 

Thanks, that's good to hear.   I appreciate your feedback.



#588 ELeach

ELeach

  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 17 February 2017 - 02:26 PM

 

 

 

 

I have been communicating with makedonskiy@india.com for the Ransoware payment, have made the payment, ran the scanning tool, but when I tried to send the keys located from the tool, I am getting these replies from the Gmail account.

 

Delivery incomplete There was a temporary problem delivering your message to makedonskiy@india.com. Gmail will retry for 21 more hours. You'll be notified if the delivery fails permanently.

 

Anyone else in this scenario?  If you contact one of the other emails that the ransomware sets, is there a chance to get the decryptor from them?  Any advice?

Does your scanning tool offer a decrypt button on it?   The one I've seen does.   How many keys did you find?  I was able to locate 6 keys for about 500,000 files.  I'm trying to get a feel for the number of keys this thing leaves behind.

 

I haven't tried to decrypt yet, probably this weekend.

 

These guys are all using the same package from what I understand so at least in Theory you might be able to get another one to help you.

 

Do you have a scanning tool with the decrypt button on it?  I'd be willing to try it out on a test pc we have just to see if it'll work.  I'll give you an email address to send it to if you do.

 

I do have the scanning tool with the decrypt button on it.  Unfortunately I never received the encryption keys to insert into the tool to decrypt.

 

I'm not exactly sure how many keys were used, but for comparison purposes, here is 1 key

 

AQAAAItmSO8DAAAAmnREN1+njg5U8ab+L84W49TigeIXYACq5ZDqVNQ1bxLrZHDbnU6SQXVWZPouodsO6qW/+FrPSB4VzaiWj23Y/9DMNWxZnG6DMYJegv+euAcaytQs/8npDbHhs6x07ko3yoHpsR0Sg1JFQCg+AXhPvRuC3YLnp+GE/h5yyTnnytA=

 

and here are the total amount from a 7GB file server

 

--Begin Keys---

SwAAABeWpgZxKgEAmnREN1+njg5U8ab+L84W49TigeIXYACq5ZDqVNQ1bxLrZHDbnU6SQXVWZPouodsO6qW/+FrPSB4VzaiWj23Y/9DMNWxZnG6DMYJegv+euAcaytQs/8npDbHhs6x07ko3yoHpsR0Sg1JFQCg+AXhPvRuC3YLnp+GE/h5yyTnnytCyBQEA6NTUTFiI0t8PB5SppN4VkgGMD6yhh0efXtkJSC7p8omDk1A/u5WI930Kcia+Fl0dZfgNaoOMlGmUrpdB0fF2w4bYDfhO1Y0MTl31MTmcpzGxRrkEDC6zmh0aYfMC1EwawLFNDFMPVYAMQRnhSfj5a+FvjwBE6xoxjHQnEnkoJd8IAAAAO539c/p15nr+RZsWIyUS6ic8SHH7BjaaTm0eDc0wN4xrlBs5oZp+JwM22hb9yc3KYe37hY0rHFCQCIufsYD2+YMZmJHFSitPsBLALHnkPa05n0Z4tCfPTEkFx5PBdSGCjAjUAEPG7y7zWT1mWynm+VIk/M55GdDwrho+tbTTdoUCAAAAvPxdb6sGiAwbahwVuT7CbFAEoGmRIFLRBI8Qk9rP1E54wl9++YZAXOuWi8XfaR7GQ9c1JGAz2tQArYb/N6elSV6d8SYnWFTESNcTRQLr9YSAW4UnkCUZk/yg58UqXUgoEX1PzQAlT2vbXs4KOn8W+hC5MIpRATA1sbU/rdjeC8Q75AIAqYanvswmFW5JE6bQFWrCwGlLH5Wzq3vqtsRxiwTESfMNNtfYRQ7rcG/EVZzdjsvSSv2seuzW3FhhaDsbrdVC+3nBilEeGOEU/xeCGwvvppKzwJ3v9efI4yGAd70fNxH/PeVc8iQvoN9ALpNOmmLJTSde7pRvx5O5qAKTZ9p0Mxvz8QAA1sftyrkxQGWUDepJ/qDAtNvhbxDkMRbXu+uXMgx4Tl1IAzO2MhePPOMrO/chHT0l93q3AhoHekaBc+fZN0lpFR6noJZFKg6K8GJNXqxXOPQ6lIMctYAsIzOHS0j2EmB3aI+BaNQN9SbN2A97dXZuxaIvD3uYhnb0Mzavig4saKsDAAAAqDLaYnrHdc6XIEBLJM7/RuX5oklmWPkB6s/ktoAHhszp0XTUY/cfwIDOeHZeqi+umHvGhLxiD/8rATKDPPPcJoGpI8g3TkWHekq/7mMGC6Q3S5HzMTEw0jwnCafNmA/ALwoW13VonU8ZX/H++qkwrvNDAI2/4qhTWT8o4WvjNm/XMgAAO5YOCBc0gwk4mTee0u7OVWHTx0x6opEmSozNBzURFA4jJUp2a7C1QqhqTqwKs01+e1vmFC7750aK8BXXQolmPo3j00gcPhoSiwy54utMw32BKhA7fJHTvWkNcnirj3N0Xf8mWQ378D498/hRFABdxZMRVpqorkdoA3hkzB+PiNzyAgAAD5Ne9c+ehkc0GDsk+JUc7Ck6iiNeZXI5BWHQzmmJspCmovyWel1hSfGOWtib2jTaQWdHqwOMdOojLIqKiz4WC62/WkwMPlKNyzG2J5VxI1u7oezKAEDgfWjxuGzqLoFNzf/6zFHCViRXE0nQX+74XIhQO+yTKvIZRVlCf12Uw4kkBwAAaEMsuLHdc007c3xpnMQEIeiSooTArsnoVV9RaSCxy7vVnzlIRY+3eyJS+WUsIG41PuN0VYiFLsnZcAKaceAP8z+iGBAfFnLLBBcYXY0efBX9HJC2MPhEtGypSbRFPFslgikDhOql8F4I9ONGVJRWxD5cZY/+VF6Yf1GPsLUdRVytAAAArw5MbgkjDqHr/8pKdXY61WqhsWpRlJBDL2Vf1wJGkYvztdZEHR7mpUjyTwB6u3PWhEpfNVRBz5VS8vYh9IuTjvMFSf7zRMGuBtLTtXDtY83SRrpqzQnxnrpU5RGgNFDyMggy8dAPS6HXysjrK6J32LQWcEyCSKp1cZv+SmMaYmB0AQAAtiz/FS7X9YxQqIi2iyVr53qc2buJkPkZDRvGYsxjqczRTRS01eQMLHx1gG42tpQNiCLFhdQp2lYdbNJHTKeKTBvMMcZXET5rBdLDqltF91AQ9Ee86z046toQrV61DVkEQf0viDaCbwSlZ2YgsdxOIVGeL2w+5v9EQjdTfSJagzKZAAAA6zEjf7fMWGlNMhSfjvEjr2/5OadAqsvdk7o2QIhatIquXdxtAoMS9QMmk7AeF8/WuSmAB4negDtNjweuKzaa/Tgf/+h1BCSBE510T7puBiAPNjSVjHu8EI0yJrvULYbkFxJ0jRGjGt8o4VGZeIjrn8YNAK06J6PD8Uvjui8rQQ+iAAAAoO2E7YxSoDQJbexqzbMmpeef03KKkHNviz4uZ5MfB0I5Fdp1UuuLeoeeh2dTYqZ8+hU8UNCDWkAZqVuxt6KnLfLneTmhRj5FJdHksCPSWQcIuOQVXgThy/5XsRO+dTnRK7Mr2NhO+E96421RDr28iurQ2R0BRDPZn56537G3YMaHJAAA4PS6tY16jjCwDyN4xWyWl37pcbA+QSSQ/vuolp5Ie3aDIPZBAEKDyF2WLf777yeAW175CWpNbztiX/7ckv7bvRp5vnIvSRdKBsS1qti4dzxEBhcVp1/YFwF5Va7CUgF+ndhp32OEy/HmZcmJCkKK/EMc1pLXtW3hq6rggaFPvIwKAAAALQNEKvHBArvbtrMRchq/Z4/nN1WF3aVFNJDjoWphSJNP80bKtowOVf8e0/at+SsMgYTd0eAANH9vt/plJWh6oWEZLCSc5VqeQTff364oCNyPrff98gKKSXneqd8e5jVWY6KkK3AKLXP3DOsnNI5hkKMKSDAGR8Ouav6SbU+MSlYGAAAArDr/O2NlBincPNxhTANPhBoXkw7AYnWQrNiIqpSa2+pAM+yGLL10Cf9N9NqwHTlatTSGTARnfK+ySXO2n7AYTMu5zV3wHiZafaTNywaL7NJZ09t7Z8jmUTlSRxhdqAlKtgCm4bxfP4GSlhNvX8TtZd5t22jc3lvowYIxQn/uXamaAAAAQLfruyi1Kbx22n2I+f0Iu5Jd1QmCbxwruMsALqrYC8B5T5iw6i++T0jnkN7mVZuw0TsgyCJ62EfedxN9hLg6BoHOFebtdODltkripWF3QvfETw1N0TwBLdNGqSROwewLCwL50rb3+/GlWUgta+D/YP5KaLPKrax4KjHEbxG6JGp6BgAADIrWaTvDs5njOvbyWVVBl1GrY7TZoEd8zx2mt9DWj95KEJ0+AITorermRs3GHX0OJLgPD2rC65I3q92d6l3v8xWsDeX0GJ0ZUh68BjAbeiegyHhcbgWe0NncFbSx17zHXRGDentcVkT8KhJWExXVJvrOD+DRveKJ7lwQ2dw1qfkFAAAAYD7oKHNp/lDcefYypmdZ0OL0+W+BkQKv34WryaUHVZrdKqKBs2AW+B49Us99qOXtA145zbi7S8TESxCj4b+xcHEibfRtjWbCKt8a71v8fx8tqn2f20BL1SlMnVvtOpMIrmd6EJdD8IKM8xwJFX+GpfYQs4wWAmUgnl7awiHsiSr2AAAA55X+UihbTX4w8ogLrbx9f+XiltgDTRGPOSboUaGsSBWVtALODPP+YDmpl3qt82phLnOKqyM9jwREjQWDspc7IdoLc69akXp2DEK5WKsdjWz30VItEMmXUVfvkMqR7wM/nh3Q8XUb3nr7JG1zAPZ32Njk50ta2y9VGnR/H9wjeJ4CAAAASZIaK8qM/WaCOevrYC/Ah7uxlM2MeH9brDbIV9w0AnhXoOORc+Du0ficBdAgDibQl1qi9qCg2qnH37RFAeEVV0366eDW/ioZvEwwPMS8xnvte2orZXoIqQhNn4mAurUfXNAouMHW5fP2vHAoA23uau1FpaJrDcq+5K4xOU0jrIsyAAAALPupGMT+IrKAWB/64Zv578yOhUxkHw9GIwW4FSr64++IBR7NC4SRzgqjp90hXLHHJk0RRxVWwYJbpwz6Vtep+3uCqXlbh1Z+Tv0aLAjKmyjxPHXhFQIxYNiqlHSICnzWDydmuD1QnwC1ybe0tj75KqnDCgh+DvrTcW23WBtaYpgeNAAAjsXe66oVRwp+J4aLFYIJpvdXo52UN5IV92uLayA31SuT1/fxS+X8AJf5e0RpdCpFOlh3+EP+6SBAsiNtrZiKK/it6NDvaqMWsAZ7IpEVRZcC6Hv/2ZX40EnbRpdxwLCTYyVC5jOYdaFxgkfJC947olhCdfTHgtEaqGHKngR0Hla5CgAABigeCsDEQZzLkCFF8bwdPoXlqnvl9F1mxORMhf0OsPal+aLTIuMNa81j+F+P7+hwsuaOUPeS+Lrl8wON6Plp0b2Zpc4p3koiExh9afBWDdFtz3e8HnBiDy7FhhkVDzgnKolP/KSX/4Np02YfGXivYiFPtN0Da/3FyifdA0rPmZ5JCwAAAvWzrQ2F6Lijv7wzorDZhOqEOyxCASnvY9cwWXWFMfX8F1FHJGr838PJQU3YlBXUYz/hGt7VCe0Dv16A2a0iIlfllJllds9bHaQ2uU1DR2SM64Ijzdb/0INv7JizZdSKq7ec6XKCe0B7RbDQ40M+ZKWF3Ic8LooTDDEYZyCAlCioBAAAJniLUKWPM4+8zy0SIPcQsS76Kkke2IzFKweBz740h1KauTvoIBrjia8T2oQo4plcs06wCMUpo8K64/vdj9k7LH9HY1cDREx4f37gmoj0Le9YyyzCLNdd6E9FmhD4THIRhE/j8zkc/Dj06vS45OGfivkw5mv50X77u63cO7IThwEeAAAARXJDRcOVdefMr8nwEw1jjiUQoXjJbV94yV2gCx1ZLncl2PPJFSQ9pYIBavbiP6IGy6PbrHnueaOevByyJ060LS1PhtP0P9S2So8oViyVtm7LdiGIdlKp/3Rkejd1kG5dTOl9X9NypSBwPkGTrqQcIK6mVV8K8Eqt5kEbUNr9sGqAAwAAckcKUqYmL4QpU9RwWEEKz9PB7tl+/QuzH+ZRSzOHB/nUlMYEJs9EHJBJn+rHWUP/IfhOmKlmzBzBdyI+w2JBzN7VuH7QuO6J/MGKn2p+FcF+h/kI/EXu/bIQz0E2Y2rgBV/LcCDLM9rLDdpQ422XllEZRx8/u552vpCOFr+VCVMoGAAAZiMIAdmb10LkrJGkHUEAK6LdT2PAY98UMqipT11qaDhr/pk1mXeu13N6AwhkD9agthc4TF+/KANSae/hhUmJqFZnkewurBmZ+p1z+ghol3Aw2SD00h/5sbqNssvynYxc9xvqZIXoIfVGIKvC58d8NXKBak7ctFcm0swKVXvG4+T8AQAAJPSyoOq5z8URkmCNAbKolUrQLAjCCjqhdO1TCAkP5wS1JMq3RJQhdz1ngWScYt6QihH+oDSVjfmb+dXCplNxTR6uRPKpHZAAHE1ai3/R2+V2G98f4BqxChY6lVNPx9Zb9FrqYdOs02YWym+p8c4sRz7uWrjdFIXCufq7KiCLGdg+AQAAmoqoWTOIsPP72CwGgHLS7MZ2hFEHcoku66Nu7WH0Fx2wocq/pHryaxwkjDMb4z9O/63o5aMHKNcIXRZ1xwjWo91og0VonaI3uYewOqDjGxGOj/iM+0lLqonBYBJydxys+Z/drssWhZZ3rjGlq6gwel0mLJnxuFnG+q7w+mXekcWHAQAALwT1+o+xZIS0HyKlwew1QB/SjPjJapvVSyHX7OEy13O4U7j2KMXtNchODCDrgEfXs3mtNHyWxavjdUAPDn3VQ22YuAJaVeQnJNIg4A0EWoCmtgJSp39ZgACQRxusnfUdYY3bMqrCIe0ACVq/XrT210Xs5wxeOxlYZezl6zSKqAF5BAAAw2fWCxqu/CW1yq/XNhJEZapA06JBic3/gL4Kl4s49iop7NlSc4TEvMKw/0w7OvkpOVghZu9wp9QpZn6zQ5qaTHyc7U0bT+eoJrxKjfAZyxEZXQ8ZQSW7I3lFRiuMXqLKpxcnwPrIdp/FLMWgSEsWM72JK5DfwN84jY5qtAxJ4P8DAAAAev5uClCtAbznCkx4vbIZuYHeV17DGLZ+N896f4Y+Kvdq+V4hQlqFHljvtfTvZEsm/L6l482i7HfC9Nq72pQPgWD540akjPxKQlbMMCQvbzQecxRdvj1g0TAamT7UR1teP2wHHkrNIP8YQamgxp8JoRTy/PWOyaxxdUeLKrLraZ3DAQAArj0yhrQ0/ASHXrkbgemHuS7PIr9PNmPD1l+keYMNr8K37v7DwqIvZB98naD7mxrsSbVxawIq5n8pgZrW6pOBjum9sJsC1lu0iqhVmwFVe1gKBuMouVMvYj7EMyhgAulAwu6K1nhP0kTjIHJ0itVwbDnKb7wVWUXFCX/2jadpQrBxAQAA7PIS15BeW3clygbts9nH42bIuHo95bWr9hQZxSSUi4huiz3N3PsHuJgMk5DoS4FS2Jk05JjGpr0xyyIKF+F8Y8f3wQOB+Xd5F8Jm9lArCvN+x/ZAwlK+YYGNeWBrGhislSRiUYkyfHuNLkU5nhxkMqJFRKV+JxJMMOAhgKrs7zrFBwAACBnwrupgjGjdLG0CTRbs/b7af0/U8nw6PtTjJbZ9fpLHyrZtv5EjuS31Y5yrprSplmeqAPtp76/eyoOxA5+j+u209NxXjiNNqqRmDUJKZVrILjR0l6nGeprPxij8m8rJWt2BzLgnuLwMkTCo80tmhmkmMsarvQiB535cNNGTBpIHAAAAPNfNXGvthRZSrCOvy7fiZ2Epl+RXhD/e/5RU1kWXKY2inixwRcvtK0iLfci5DG/E8UVHnpuSpiwkrVJSue4wawTvD3Llv+nAgZ/17JBgLfxplxqP1u3R38At9BUIfq2F+U4v+Z/jS8wdDtiNZmIJH0+DPdwsxFZUyM/LevRgdiMRAAAAagoQPzaWY72lDJgEIiyazVDHt3O3jihcQFhtCFIWOtrzAiI4Q51lUHkhRTRnyCh/J6JBdbc0CKvP9XrRftBhY9V1VKRHQIl3vQOENFE8EF4H/+o+aTyIwmnoKIFUjNdSFYGuJu8YXGKq4c7lAOposjNGRIeIWnQX0CFS+lT49WgNAAAA1knLjKsBIIggl7NTJPSjpfslNUSpUMSYuYfxK0QkH5u3I/NgUaJQM9HzOp2zR6PoVnsYvK/IWoveqd8Xn+xajoWcgDySRT2v5eO+KtcIgkYzgRH/R/cb7oTnTnTHWSGoAHrsZQLHI4K+5ObIBNgzKm4iCcYOq3Y+QEWPn5u6aJETAAAATwS3xyC430/3aFbxP61/8WYHwCBAI+SYBRnwve+N67v16/Eo+e9Y600eOOjmHz/BF07ZSROVVLk1toGpKxvI+jNEhwOiWZALcnNnDW4sYGSDUk7x/N4P//VaFdQ0Aykz46nuwOccKqGbnNIJnQFs+zLsG5kUtWQGJAIwVfEAe0wIAAAAWT5NBQjDpBhSccyp1xFw9Kztd1wIcwv2izEwXrZO3VdMk6tVHtGMFVfME6C4kmTHaLng/XEVtszXPJ92jtiUufmzSt5ei+ui6k1U0w1zmUD5e1YaPURupzbaFlNgUrXRSBgX0gBvehe6//vqgg1tQ/0IWszVFBBlwK8Eq88BSEcHAAAAPmD7NsRkHTvVRDsZuJRuoQDDfyTIpJRdQuBwa0TI6n/pzcTW0y87kb34XwtH6Z4CFV3URxxQH7aUMV7Rt1BS7vxReBwYxcUf9DNWCiEM8BIyBoEq421rWe75m9hPBVquw8u3ZsviYj+63xx+SJuPxnEQ1BhRukpohWmsrkaeYjYGAAAA2YgPvis7jhPAWGPak/caDWhzd9AB7fU46veE0+pK62MLL8dnIYRzHTxzC68PKxT32SeB7OFAVR0I99XvAtVnjtkJB1/NOx04z5WPhlcuO3ElR3AQsXfh2G+uatpIkCm+QHQsqb/pgeYaFFzqwbw0UTvJ99kU/2F2uvgMcvj3WLUSAAAA4RsxnNm07xeXFSTQNxCa77OiJiq4GLLNhA+82DGl1huO/Wn1BGnsQu7rs/xb2TvpGAZde297ExtBbYBhonsl0KCJPuyLQIF0C6UM2pzACWbjKE2neo4GxOM3oBRVFq+4zC8gEdFINiYY5iLzuhnA9USx0m+9jbsXzYUd+5exFrAWAAAAMSuRwM5hg5Qm8ONWIXjP4pbG+kcGdQnYTvVbQ849jsQaUTZHiwl0lbSuMlrWS5cIlafgLii/+uEDIZCwF6rROdKLVVnSw8ghVXg+eG5LNE1Kqr/WGVRDepMrT8a9haR4iNaJW749ssVAUZI/xtRrvbBHV5mARK/8c4RDa3028b8JAAAAULHBF24I2Od/hdcbI+PjYHpB0CwW/yvMxJNaFiWbF1bEh8BKnMrLQlCA1LQHoO6I6GSqx/MjMOmW5/3tqE09TbQt4heVIRHcW926tm46jPcQtSIlCd5FCx5McPmZceFJxxOAoGTrkodtJUSPk0tQ+Nx3PkFk+Sfr+KTrAGHZ00sEAAAAUfjHohBSUmIYseCj1eV9w+GFF/N6pYidfhGWXJB8echJ95etbpEomHVlwSUscW5SAR/cj7hxAgZ2/+b/iPx+IGA/afxjWgIg+xJ/9JdUqlHCm1GybVMhJU9XwYXKu4YlarxonV7tztnRghXsRw1fA90Ns2yxHz7vLQsJ3GCdPmUCAAAAn6LQLl3ySZbveBIzdNqYh+YYSoFqHpNNTlRZ4ZGQhvTrDDGb9ypE2nbIrr2JMSWT5DNIn/OYxL5gEUxUczOwaTrAe7tProtBinLGzrEwzXsACx2bZJ/MyaROhwrdfIwAOHR87kP1qSFd9sLKxDI3Ya7iWU5ErzBqbjdmxvBIIy0UAAAAzJNN1NpXEA97NRWWWZsm7NVwz35wu03bYrsKospEgYcG7XLs28zLGxX8fHGNfgFzwd3Jo/7f4S+TbHGV174i48PFkvTxsxo7LK13qwSRT7xREFRQGzY33Y3k0Y5f4EkjcT5lit/kw0gS6xJ+DbD+pmVzQ6J7DKYFVBV1odyg+TtDAAAAyBqolBm9Sq2/JUB9pbBOv0sO+n81Mhr4w9Jruv5oDT/9WgEWSH/gDN1FG6YQCd0H7SaMTXNnUsbPNyrVDshVEBqFjbHbehL5ftImmyy7M5AFb/HMrlIcg0DIKhoQfWqBTA1WJYi0k/F4kZGfZmd4cbgcy5Jz358dDuxq3SPCRw8SAAAAx4aHfok1UoKUs5hW2FI+4rbzcdVihgRFBLSTlWqQbBJZbgz3v5ROCC1NXDfaGnWcsUZ8+csibj4l8+qgPFSMAc81XQQr5+FfrBg4TNQuSkgPeCapq2VTlUcGQAHQ5Kb5bt2GJOajXHN7cdU8H7jSM+SKVhtzsrksQHf/D0qI9SgIAAAALRfvpO36lwpWmvhzdLALjZtfaoBdK9kEKqZ9ufFr3+/e1wrEgWwz1jQ59CUZZLNgvFz8kpS1lxFF5oNfU+jPqJrrh4umI0Pcj5wvAiq29icxbHhlieUXt8QJGS9c8hkwh0BQmuasiEeh/4tIzBg49KSi/MLc9IV8Oy/fTpfv4x4KAAAA71EGprbUkFEG6j/jRaFA9AGMbC2KVyRKDW6fPvDY5nddhlzfkTE3DaOsY3mnFFfHTJpN8fYFihja5GMxXjvgRTab9nGEJti3znSuklTCtkFUH8SY4pnRBy9VKMVsaBtnSC2CMdWo/jLPgSAiBr+JMrTc1wSJE9/Zb92rcsxNHHkHAAAAngpbL+4rytFwkyjYUJbN84zYnAYXMZDJdQvGZf1PSUpr5ZRHmDb7UislMAw2++NCLc1XlYA72tftqtN24D/1WSqhtyHme8nQk2Eilu0QCH8bXoBsqxq9tXrApmHdz8JNcVjwOjRTOK+ESGpsqI6ClSwgYQMnOVsvCrgDXf9rY3QGAAAAs4p71rAalIkGwehlHGRWpur0h60PcANrXedr7xdbkxm5bym0YJWBBT0PzLPnePC/N0mx7iZ4UTlpmvjna1PdsaFTPZPJa7tYWnZ24xfjXn7jYJ2/ze94fQ3qCAPGd7/Mc599AXIg63H2+LMaf7iofUAsPzD4R0BwxreV/IRk7C4EAAAA5yOQf0MpgKnHkG0+wrK83lKgcHkF1WId6psPjyL/v/YLH13rPDTCfMZ8ejxvu6XasiNKtukkzxfHvdIHfCvsF3Snmg+HBNGlU+WqargfnjoYrDSPPY3Wk6GkZ7DSg0VbtHM36dpjWLonIetpzlbcbWIcueIYA5xBq4UtwXvIU/hVAAAAKUbVFoguL+h0tv/xjMcJ9yjC09ftoqxp8IePXr8JNrpTJc7xUZ6wSZO4WbcPmLMzivnVVQpOzNU0wiMAHtSMSdP16rvvWmBnyf+TvMFBadolqaC+qaCccBBwXMzsSLUER9P+xbH59aKU86L5h97L2/LiGdPk3h8oDZjRejc7yPgDAAAAy8f2yYwoQGFMYKN1rGAlQzNprWr1Ft3tQTU44LebuWiksR/V7kmbVMOr6Na3Ud8lfGaLg68G8/yNQA9o96wjFOyzpUFsXU/YA2CHmwywtTE1z8XTRXeuEO1rhIN5QDQd+0OPcfm9R1l+wynHoxJvs0hi9LauLPjBNX/WCWQNfYZEAAAABqaFmN6GEzAx/ADPv7TiKZJgZQ8bu49Ydjap0dW9ALl2Sz5IFJkBJoJmdRTG7XwgrOdEa81qimxflkgRZRwDXgaPeqCqtUNHh64qwMSJHrvRaCezVrkRg4kIUs3ykP081QNVpQWZlsTGXyzrqZqpahs+KfqfBbgNAWi8zN1XjnwUAAAAdrRW6RDP0ggwAs4crw/aTn4cCpQaRYyQWX4h93xYkDSzZ2iErRnxYNDQqSnu3BQd6vCP0SKCfF14qSy1NNbO+yOIgj36xAUTQNocNVKRgDRSSPYKJC9P2fIDFTve9Qaa7qsnQCTdHnTePigQvVfEssG3ClgP89hk/zndZC0EmR0lAAAAgcfJXjdxo2VGizE762I61ZQGsatbQLyXfptf7mOJ19qN1p6l6Bg8lpuyantXf+3RM+CgNV+fFyW0LTXSzxSY8F0OxGshqXGoasXsGaUuUAs2SfvTgCfW4aZ6k54/YtrTeFFLuri3N1cS7sHLTQNeRlYb5f2GtivrHLR2fdSopcUTAAAAbWKpAlX9qbCf7Xzg/TOIiHpcmG2+I1CJzvsCfKTLbXknA3pgGyVVa2r5Ihulowp3BlbzA778Lbc9uxP92R1Tgo+gwA3Wc/uXGI04IqaZLczIhpWjzxZZdZ0LuhitsLQzMcL2cVO0FQfr6haRCDpDSPjILqBQWZlJVihaKa+XpFwLAAAAX1R2o8RKzJ6837RERo4ecX2mgT4cg99nCBIgK3AkrZ8GrNzYipEc6nS/NvA35K18caOz2kpGgLwoQOvFU6/yiKUBGVdlzxyXAvGCiNuRm+IkF7/B0TD24zp8X/cjwQpsRtTLDplVLFXZTntMFQu1muwWUEjsB3AA+T8Ftxk7j0YHAAAA7iFTAydiycxbYVOhKyU1FZu4HA4BaGVaTTsMoVyb9zYCcLp9TWh+uBWugJGJkTyvZ+KIhnOmuo1SDBr+cUQSqzoaDPaSKKwBoP9RIGeCAcwIykRdUcjdJUbVUJkMyF0XPm//I0Qyn4vofXOOlkrK3vgAjAF6S2Syn3rcZeSle/YdAAAAyMiJkSzbOq4cPpTvw5c7qUl9nhfZdbtscn03Vvk7ZR8FXm5owy9lK2xX3a7rWbn8GRNR+sPhN2TaPiQZTvq+9l5l6faOnjxfpROEzKlpEnfF47U8nGWn/nP5ycwuqKsDUUT0sdw5wE650KBl4OoNCUHlzJhl0uVeCTjZ2NHDvXTHAAAA8AMfo6ial9n7jSS1wS1Rwxs1Hw2VGnEXapqZN6togQWur+hES4INOwCYfeYh8v8lSsfC+t+5LzEdKEZ2r/Fz8AYspxf8g5D7NrvCDDX6GBU4XXKs3fHG9n1N1YO9b0beUIva51SVNxpvKvwQhxzUuHXHZOSOHHtnS/Kh69bsMOA1AgAAb0Sz1dQw5Zd0BszB4lSdsHn+hJKW0p0kkgyzAXsDGeZ7MYlwgp8YgePaqxtFSHiEVGRwep5zelzJy/uzKx9e3XhWpt9j5KddCeZ5ch5ulNcMCxLlHyMISrwtAAYN/yziFvWyAif6jfpAFTZbrYvUy7y+8oTxLSYGlaxvtaOLT+xxBwAAGQ2btQTRF0G2/BhhYX1mm2J3oKit88uHhVu3oRlxUq1SrE9ChcKg+mXr0FtzEf1VfPix2lxlU5rdKqqRqvlcvEsbn3AYZn7D4FpctzbZvTgmHqV59WLNmPrC3f32kFYF4eKGUHWZIiNsb5jFI9xwYq18gLxuTseZLzra7JD1+MR5NwAAyZoFhNmwF8xcpsTY5SnasMH3EWxw5j8jd9BUJLUDSFKzdbQjmkJph02Jc73flzUH0kBdoblk2khbKWadNnyyUs6TW/sy1PUPla3UVbVTCVd6VYRB5x5fnS4giqCeVJwCCCsViw+XP0L4MFkLJEkO5cYrBiO45tirCijYuqWt8C9XAAAADOjkjkZ0K9H/KBAvMyEYw3Ff3lpk3KkLvpMe1FWyudkLczxFTo9NIbYKl8M4loqTgLvB3Oxflv0eza2UnnjoB8dIdx+gKOGLaMdoP/RjyLwvaJK3ZGfUG8SA8T2FebPddPdOrvl08XtUFst28eXYcaRFL4PfqMV2zmP2GzolC+wZAAAAWF2OTRYv5xaCN2UKfPkpiDEDbyCsQtTYz/TTO/NTFohiGBB6gLS5Kq4suvm0XzTRBQ8O2YJppNsGCve9MZ7IY/PrBztMqtQuNZyE84ntxQeU8YmgAKy4DjrzrZVVMrkvf8qsuUDroZJ8Ft8pguPBvI8altqodHQ2Pf2M8R3NiYT7AwAAHHo2zjAR9VyB2row0kbsNYjie5NBFoAQ+cgCkV7+RD6cSuKeYPHdBYStyi8LjeNpWijsvMljVVZoroJMFHndpYFqzgN0oS4fe9qWIFEBW3cj1OSlzhuyg5glOc+hX6ueUDhcdPRO6tx+ogDkwCiKugjyEt7MIV6ii1HXLBABh7ahAwAADaWjEO+E7m85ZeQ117rCiBeYVwHTEQ//Tw6KC0ublOAFpMnugNrG5jYNtt8AxFjxUJLbtcLl4txpS0IJRPx8/0VGl4OifgHniofEXVOGZ/1yHaiAhq97ewjPiig5RRuvB5hV60iP8o6fKv998ECtMJB24m4WQg7zqh3JecEaleg=
--End Keys---

 

I wish the tool just decrypted.  The utility asks for the decryption keys (you have to upload or paste inside the tool) and I don't have the returned decryption keys.  



#589 pablolaudicina

pablolaudicina

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:34 PM

Posted 17 February 2017 - 02:32 PM

I think all Monster Cloud does is pay for you.


Edited by pablolaudicina, 17 February 2017 - 02:33 PM.


#590 marycaraway44

marycaraway44

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 17 February 2017 - 02:38 PM

I think all [/size]Monster Cloud does is pay for you.[/size]



You may be right but doesn't matter to.me as long as I was not having to deal with them. I got my files back and I was speaking to a voice on the line that was very friendly and reassuring but most importantly, I got my files back pretty painless and quick.

#591 88DocBrown

88DocBrown

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 17 February 2017 - 04:18 PM

I think all Monster Cloud does is pay for you.

 

I think you may be right.  I can't speak for Monster since I'm not working with them.   But I've seen other parties behave like that which is making me wonder. 

 

 

 

What makes you say this?



#592 naturalstate

naturalstate

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 17 February 2017 - 08:51 PM

My bosses server SBS 11' got hit with mission_inposible@aol.com.wallet, I've only seen that addressed mentioned once on here. We had sonic wall firewall and Avast running, RDP was apparently on, not sure if IT had strong password or not. Server was also running exchange.

 

It encrypted everything including the external backup (Drive A). Windows Backup utility made the backups.

 

When an IT company came out to look at it, they tried to do a baremetal restore with another external (Drive B) that was never physically connected to server at time of attack. The last time it had been connected was a month ago. It would restore either.

 

Then we hired another person to look at Drive B. He hooked it up to linux and was able to break apart the backup and see clean files. He then turned it off. The next time he turned it on, he couldn't see any files and can't seem to mount drive at all. Is it possible that this external drive became infected when it was plugged into Server when trying to restore with server cd?

 

Any utlitities that you can recommend to salvage a windows backup from external?

 

Thanks for any help
 


Edited by naturalstate, 17 February 2017 - 10:50 PM.


#593 pablolaudicina

pablolaudicina

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:34 PM

Posted Yesterday, 07:23 AM

 

I think all [/size]Monster Cloud does is pay for you.[/size]



You may be right but doesn't matter to.me as long as I was not having to deal with them. I got my files back and I was speaking to a voice on the line that was very friendly and reassuring but most importantly, I got my files back pretty painless and quick.

 

 

You said "I don't know how they recovered them but they did and I would much rather pay them than the ransom"

I gave my opinion on how it may have decrypted the files. If i'm right, you paid the criminals indirectly.

 

 

 

I think all Monster Cloud does is pay for you.

 

I think you may be right.  I can't speak for Monster since I'm not working with them.   But I've seen other parties behave like that which is making me wonder. 

 

 

 

What makes you say this?

 

 

 

 

 

I'm not an Ciber Security Expert like Monster Cloud.
I have several times recovered files encrypted with "Shadow Explorer" and I have also paid criminals to decrypt files. I have done it for clients.
Concepts like decrypt, public key, pribate key, wallet, tor client, bitcoins (wainting for hours to get it), etc. can be difficult to understand and can scare. So it's ok someone else to intercede and charge for the service. But do not think criminals are not getting the money.
 
Monster Cloud says on his website: "Don’t Pay the Ransom...  Let our experts handle the situation for you." They imply that paying criminals is wrong.
If I am right (and only if I am right), it is misleading advertising.
 
They also say: "We guarantee to remove the ransomware or the Ransomware Removal Service is FREE". If I do not misunderstand they guarantee the elimination of ramsonware, not the decryption of files. But maybe I'm wrong.
 
But do not misunderstand me. Monster Cloud seems to be a good option for anyone who does not want to deal with the criminals. I would even recommend it to anyone who does not know anyone can perform the process.


#594 marycaraway44

marycaraway44

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted Yesterday, 08:49 AM

I know there is a chance they may have paid the ransom, but my point is, I felt more comfortable dealing with a voice on the phone, a company listed with the BBB out of Florida than a no-name, faceless email that may or may not make me a victom twice if I pay and get nothing g in return. I even looked MonsterCloud.com up on facebook before I called. They were so reassuring and so easy to work with. I have no regrets and have no hesitatation recommending them. I was just faced with a choice of rebuilding from scratch and reentering close to 100 thousand books, pay the ransom, or hire somebody that guarantees my files back and will deal with it for me. There is an interesting interview on cbs12 news with the guy I ceo whom I worked with.

#595 pablolaudicina

pablolaudicina

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:34 PM

Posted Yesterday, 09:49 AM

I know there is a chance they may have paid the ransom, but my point is, I felt more comfortable dealing with a voice on the phone, a company listed with the BBB out of Florida than a no-name, faceless email that may or may not make me a victom twice if I pay and get nothing g in return. I even looked MonsterCloud.com up on facebook before I called. They were so reassuring and so easy to work with. I have no regrets and have no hesitatation recommending them. I was just faced with a choice of rebuilding from scratch and reentering close to 100 thousand books, pay the ransom, or hire somebody that guarantees my files back and will deal with it for me. There is an interesting interview on cbs12 news with the guy I ceo whom I worked with.

 

I understand you and I agree with you.

I would also recommend them.

I just wanted to show my point of view so people know it's a possibility they're paying for the ransom.


Edited by pablolaudicina, Yesterday, 09:50 AM.





24 user(s) are reading this topic

0 members, 24 guests, 0 anonymous users