Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Scarab / Mich78 Ransomware (.scarab, .scorpio, .[mich78@usa.com]) Support Topic


  • Please log in to reply
341 replies to this topic

#331 Emmanuel_ADC-Soft

Emmanuel_ADC-Soft

  • Members
  • 297 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Paris
  • Local time:06:35 PM

Posted 12 July 2018 - 04:14 AM

 

 

All my data are encrypted by Scarab (.bomber) can i decrypt it ?

 

Follow some .bomber files :

 

https://we.tl/0xMTdNx6ln

 

Thank you to all

Hello,

 

For Scarab bomber please follow these instructions :

 

We need the HKEY_CURRENT_USER & HKEY_USERS files of the infected machine. Open regedit.exe on the infected machine to export them.

 

Then send me the requested files with https://wetransfer.com  at emte@adc-soft.com to check if decryption is possible.

 

Kind regards,

Emmanuel emte@adc-soft.com

--

Emmanuel Teillard d'Eyry – Support Manager
Dr.Web Partner :
https://partners.drweb.com/find_partner?mode=search&country=64&city=1161&searchByName=&lng=en

 

 

You can download register here : https://we.tl/c8wvKZRNNE

 

Thank you

 

We also need the ransom note file please.

 

Read this post with this link.


Edited by Emmanuel_ADC-Soft, 12 July 2018 - 04:34 AM.


BC AdBot (Login to Remove)

 


#332 powermax

powermax

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 12 July 2018 - 08:56 AM

Here is the Ransom note : https://we.tl/xqPdkkWhEG

 

Thank you for your help.


 

 

 

All my data are encrypted by Scarab (.bomber) can i decrypt it ?

 

Follow some .bomber files :

 

https://we.tl/0xMTdNx6ln

 

Thank you to all

Hello,

 

For Scarab bomber please follow these instructions :

 

We need the HKEY_CURRENT_USER & HKEY_USERS files of the infected machine. Open regedit.exe on the infected machine to export them.

 

Then send me the requested files with https://wetransfer.com  at emte@adc-soft.com to check if decryption is possible.

 

Kind regards,

Emmanuel emte@adc-soft.com

--

Emmanuel Teillard d'Eyry – Support Manager
Dr.Web Partner :
https://partners.drweb.com/find_partner?mode=search&country=64&city=1161&searchByName=&lng=en

 

 

You can download register here : https://we.tl/c8wvKZRNNE

 

Thank you

 

We also need the ransom note file please.

 

Read this post with this link.

 

 

Here is the Ransom note : https://we.tl/xqPdkkWhEG

 

Thank you for your help.



#333 Emmanuel_ADC-Soft

Emmanuel_ADC-Soft

  • Members
  • 297 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Paris
  • Local time:06:35 PM

Posted 12 July 2018 - 09:28 AM

 

We also need the ransom note file please.

 

Read this post with this link.

 

 

Here is the Ransom note : https://we.tl/xqPdkkWhEG

 

Thank you for your help.

Ok received. I will tell you shortly if we can decrypt your files.

 

Emmanuel emte@adc-soft.com

--

Emmanuel Teillard d'Eyry – Support Manager
Dr.Web Partner :
https://partners.drweb.com/find_partner?mode=search&country=64&city=1161&searchByName=&lng=en



#334 Emmanuel_ADC-Soft

Emmanuel_ADC-Soft

  • Members
  • 297 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Paris
  • Local time:06:35 PM

Posted 13 July 2018 - 03:20 AM

 

 

All my data are encrypted by Scarab (.bomber) can i decrypt it ?

 

Follow some .bomber files :

 

https://we.tl/0xMTdNx6ln

 

Thank you to all

Hello,

 

For Scarab bomber please follow these instructions :

 

We need the HKEY_CURRENT_USER & HKEY_USERS files of the infected machine. Open regedit.exe on the infected machine to export them.

 

Then send me the requested files with https://wetransfer.com  at emte@adc-soft.com to check if decryption is possible.

 

Kind regards,

Emmanuel emte@adc-soft.com

--

Emmanuel Teillard d'Eyry – Support Manager
Dr.Web Partner :
https://partners.drweb.com/find_partner?mode=search&country=64&city=1161&searchByName=&lng=en

 

 

You can download register here : https://we.tl/c8wvKZRNNE

 

Thank you

 

Unfortunately the encryption process is completely finished, and the virus has deleted the registry data that can be interresting for calculating your decryption key.

Your best option is to restore from backups, try files recovery softwares and backup and save your encrypted data as is and wait for a possible solution at a later time.
 
Kind regards,
Emmanuel



#335 powermax

powermax

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 13 July 2018 - 03:33 AM

 

 

 

All my data are encrypted by Scarab (.bomber) can i decrypt it ?

 

Follow some .bomber files :

 

https://we.tl/0xMTdNx6ln

 

Thank you to all

Hello,

 

For Scarab bomber please follow these instructions :

 

We need the HKEY_CURRENT_USER & HKEY_USERS files of the infected machine. Open regedit.exe on the infected machine to export them.

 

Then send me the requested files with https://wetransfer.com  at emte@adc-soft.com to check if decryption is possible.

 

Kind regards,

Emmanuel emte@adc-soft.com

--

Emmanuel Teillard d'Eyry – Support Manager
Dr.Web Partner :
https://partners.drweb.com/find_partner?mode=search&country=64&city=1161&searchByName=&lng=en

 

 

You can download register here : https://we.tl/c8wvKZRNNE

 

Thank you

 

Unfortunately the encryption process is completely finished, and the virus has deleted the registry data that can be interresting for calculating your decryption key.

Your best option is to restore from backups, try files recovery softwares and backup and save your encrypted data as is and wait for a possible solution at a later time.
 
Kind regards,
Emmanuel

 

 

Thank you for your great help the same :unsure: 



#336 lunawatrupesh2

lunawatrupesh2

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:05 PM

Posted 15 July 2018 - 01:57 AM

Emmanuel_ADC-Soft

I have mailed you some files along with ransom note can you please help me decrypt the files.

thanks in advance



#337 sokmax

sokmax

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted Yesterday, 03:02 AM

https://we.tl/3sQldoZZ2z

 

Please help !



#338 Amigo-A

Amigo-A

  • Members
  • 510 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:09:35 PM

Posted Yesterday, 03:26 AM

https://we.tl/3sQldoZZ2z

 

 

I named it and describe as Scarab-Omerta Ransomware
Spreads from the second half of June.
 
It is not known about successful cases of decoding. This does not mean that it is not feasible.

 

Just until no one decrypted. 
 

Let's wait for new results from Dr.Web. 


Edited by Amigo-A, Yesterday, 03:27 AM.

My projects: Digest "Crypto-Ransomwares" + Anti-Ransomware Project (In Russian) + Google Translate Technology

Have you been attacked by a Ransomware? Report here. Знаете русский язык? Пишите мне на русском. Помогу. 


#339 Emmanuel_ADC-Soft

Emmanuel_ADC-Soft

  • Members
  • 297 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Paris
  • Local time:06:35 PM

Posted Yesterday, 03:33 AM

https://we.tl/3sQldoZZ2z

 

Please help !

 

 

 

https://we.tl/3sQldoZZ2z

 

 

I named it and describe as Scarab-Omerta Ransomware
Spreads from the second half of June.
 
It is not known about successful cases of decoding. This does not mean that it is not feasible.

 

Just until no one decrypted. 
 

Let's wait for new results from Dr.Web. 

 

Ok received. I will tell you shortly if we can decrypt your files.

 

Emmanuel emte@adc-soft.com

--

Emmanuel Teillard d'Eyry – Support Manager
Dr.Web Partner :
https://partners.drweb.com/find_partner?mode=search&country=64&city=1161&searchByName=&lng=en



#340 123Mar

123Mar

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted Yesterday, 11:32 AM

Good day Emmanuel.

 

can you help me with this files?

 

https://we.tl/9MMcAwTugi



#341 Amigo-A

Amigo-A

  • Members
  • 510 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:09:35 PM

Posted Yesterday, 01:42 PM

123Mar

 

This is known to us as an update of Scarab-Bomber Ransomware

Till there is no public decryptor (decoder).


My projects: Digest "Crypto-Ransomwares" + Anti-Ransomware Project (In Russian) + Google Translate Technology

Have you been attacked by a Ransomware? Report here. Знаете русский язык? Пишите мне на русском. Помогу. 


#342 Emmanuel_ADC-Soft

Emmanuel_ADC-Soft

  • Members
  • 297 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Paris
  • Local time:06:35 PM

Posted Today, 02:23 AM

Good day Emmanuel.

 

can you help me with this files?

 

https://we.tl/9MMcAwTugi

 

 

123Mar

 

This is known to us as an update of Scarab-Bomber Ransomware

Till there is no public decryptor (decoder).

 

There is still a little chance if the trojan has not finished its work.

We have to check the registry of the infected machine.

 

Please export with regedit.exe the HKEY_CURRENT_USER & HKEY_USERS files of the infected machine and send them to me with www.wetransfer.com at emte@adc-soft.com.

 

Regards.

Emmanuel emte@adc-soft.com

--

Emmanuel Teillard d'Eyry – Support Manager
Dr.Web Partner :
https://partners.drweb.com/find_partner?mode=search&country=64&city=1161&searchByName=&lng=en






3 user(s) are reading this topic

0 members, 3 guests, 0 anonymous users