Great software! it must have helped many victims of WannaCry and Petya ransomware recently and an article also mentioned your tool.
Jump to content
Posted 14 September 2017 - 03:29 PM
My Name Is Hemanta Naik And I'm From India......I Got Hacked By Satan Ransomware Virus From 5 Days And I Used CryptoSearch And Found 4899 encrypted folders with 61910 encrypted files All Files Become Stn. File....I Need To Decrypt My Files And Get It Back....Help Me Plss Or Let Me Know How To Decrypt It...
Note---I Dont Have Any Back Ups Of My Files And I Succesfully Removed The Virus Only Waiting For To Decrypt My Files.........
Plss Help Me To Get My Files Back.....Thanks
Posted 14 September 2017 - 04:36 PM
There is an ongoing discussion in this topic where victims can post comments, ask questions and seek further assistance. Other victims have been directed there to share information, experiences and suggestions.
....I Got Hacked By Satan Ransomware...I Need To Decrypt My Files And Get It Back....Help Me Plss Or Let Me Know How To Decrypt It...
Posted 18 October 2017 - 07:35 AM
I have a question about CryptoSearch and BandarChor ransomware.
If you put the email firstname.lastname@example.org in ID ransomware, BandarChor is detected https://id-ransomware.malwarehunterteam.com/identify.php?case=cdee5d778a099be57d27e0e4b3e645b309b8e587
But CryptoSearch can't find it because the email in BandarChor crypted files are extended with another one like that : email@example.com_donald@trampo.info
Do you think there is a way to improve the detection of BandarChor's crypted files by CryptoSearch ? Thank you very much for any help about this issue.
Posted 16 November 2017 - 05:46 AM
Ich habe mir ebenfalls den Satan *stn Virus eingefangen. Was mich dabei ärgert ist, dass ich nicht mal weis "woher" !!
Ich bräuchte dringend HILFE
Posted 16 November 2017 - 09:57 AM
What is an example of a full encrypted file's name? CryptoSearch does not use the email address data to identify encrypted files, it uses the extension patterns and filemarkers from ID Ransomware (e.g. 0x803E0000 at offset 0x00 for BandarChor). I do not support multi-layered encryptions by multiple ransomwares on either service, it would be way too much for false-positives and a serious pain.
There is no way to decrypt Satan. More info: https://www.bleepingcomputer.com/news/security/new-satan-ransomware-available-through-a-ransomware-as-a-service-/
If I have helped you and you wish to support my ransomware fighting, you may support me here.
Posted 16 November 2017 - 10:08 AM
Thank you for your answer.
Dr.Web can decrypt BandarChor ransomware if they have enough informations.
Maybe you can update this information on ID Ransomware instead of this message https://id-ransomware.malwarehunterteam.com/identify.php?case=693ddaa3087ea5142977d0b3225da1731b1d75c4
I already helped one of my client with this issue. If you need any informations, I am here to help.
Posted Yesterday, 10:18 AM
Updated CryptoSearch v0.9.9.0 to allow searching for filemarkers in files encrypted by #ransomware at end of the file too. Also minor bugfix.
a good idea!
so you can find, for example, secring.gpg files, if they are saved on the disk after the encoder with GnuPG encryption is running.
0 members, 2 guests, 0 anonymous users