Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Stroman Ransomware Help & Support Topic (.stroman, .protos)


  • Please log in to reply
3 replies to this topic

#1 clf76

clf76

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 11 October 2017 - 08:45 AM

Hello all. I am posting as I was recently infected by ransomware and have been unable to indentify it. I had submitted files to ID Ransomware and it returned the reference case # SHA1: a8341fe6217a90240ed50038a1da3967f7dd0458.[/size]
If anyone would be able to help, it would be most appreciated.[/size]
 
Thank you.[/size]

BC AdBot (Login to Remove)

 


m

#2 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,251 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:08 PM

Posted 12 October 2017 - 02:11 PM

I have not seen the extension ".stroman" before, may be new. The note looks familiar, so it may be a new variant of something.

We will need the malware itself to analyze.

For reference to others, this is the note "readinfo.txt".

All your data set are encrypted.

We can help decrypted files.

Price for full decrypt all files 500$

You will get decrypt soft + personal key + manual.



For recover your files - contact us email:

BM-2cUunjtSxYEd6Ase6hbhVyvMBVzXPUVdvu@bitmessage.ch



Please use public email for contact: gmail etc.



For you to be sure, that we can decrypt your files

You can send us 1-2 encrypted files and we will send back it in a decrypt format FREE.

For download files use only dropmefiles.com not more then 10 Mb



Send us an email:

1.your Personal ID 

2.link dropmefiles.com 

after wait decrypted files and further instructions.



Personal ID:

[redacted]



Do not rename encrypted files

Do not try to decrypt your data using third party software, it cause pernament data loss

Not use false encryption key, it cause pernament data loss



You must pay within 72 hours, or the price will be more.

Edited by Demonslay335, 12 October 2017 - 02:12 PM.

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,953 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:08 PM

Posted 14 October 2017 - 06:08 PM

Samples of suspicious executable's (installer, malicious files, attachments) that you suspect were involved in causing the infection can be submitted (uploaded) here with a link to this topic.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,251 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:08 PM

Posted 19 October 2017 - 11:34 AM

We're seeing the same note submitted with files that have the extension ".protos" added. Still need a sample of the malware in order to analyze.

 

I've added this to ID Ransomware as "Stroman" for now, and have it pointing victims to this topic.


Edited by Demonslay335, 19 October 2017 - 11:35 AM.

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users