Posted 11 October 2017 - 08:45 AM
Posted 12 October 2017 - 02:11 PM
All your data set are encrypted. We can help decrypted files. Price for full decrypt all files 500$ You will get decrypt soft + personal key + manual. For recover your files - contact us email: BM-2cUunjtSxYEd6Ase6hbhVyvMBVzXPUVdvu@bitmessage.ch Please use public email for contact: gmail etc. For you to be sure, that we can decrypt your files You can send us 1-2 encrypted files and we will send back it in a decrypt format FREE. For download files use only dropmefiles.com not more then 10 Mb Send us an email: 1.your Personal ID 2.link dropmefiles.com after wait decrypted files and further instructions. Personal ID: [redacted] Do not rename encrypted files Do not try to decrypt your data using third party software, it cause pernament data loss Not use false encryption key, it cause pernament data loss You must pay within 72 hours, or the price will be more.
Edited by Demonslay335, 12 October 2017 - 02:12 PM.
ID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]
RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]
CryptoSearch - Find Files Encrypted by Ransomware [Support Topic]
If I have helped you and you wish to support my ransomware fighting, you may support me here.
Posted 14 October 2017 - 06:08 PM
Posted 19 October 2017 - 11:34 AM
We're seeing the same note submitted with files that have the extension ".protos" added. Still need a sample of the malware in order to analyze.
I've added this to ID Ransomware as "Stroman" for now, and have it pointing victims to this topic.
Edited by Demonslay335, 19 October 2017 - 11:35 AM.
ID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]
RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]
CryptoSearch - Find Files Encrypted by Ransomware [Support Topic]
If I have helped you and you wish to support my ransomware fighting, you may support me here.
Posted 05 December 2017 - 02:08 PM
One of our clients have been infected with something that looks similar to Stroman or FAT32, except all encrypted files are appended with the extension ".ntfs" on the end. However ransom note named info.txt (which is added to every directory on the hard drive) looks very similar.
ID Ransomware Case: SHA1: d55810c76936a54436bf7f4133256b29028095bc
[info.txt file contents as shown below]
Posted 05 December 2017 - 03:26 PM
Posted 08 January 2018 - 02:08 PM
I have the same note except my files have all changed to .gigahertz
Posted 08 January 2018 - 04:27 PM
.gigahertz is the newest variant reported a few days ago as noted by Amigo-A and Updated (January 2, 2018)...here.
Posted 09 January 2018 - 11:55 AM
Posted 09 January 2018 - 02:22 PM
Posted 26 February 2018 - 12:01 PM
Hi all,
all my files have been encrypted with .microsoft extension. Any news about it?
Posted 26 February 2018 - 12:41 PM
I have not seen that extension before. Did you submit (upload) any samples of encrypted files, ransom notes and any contact email addresses or hyperlinks provided by the cyber-criminals to ID Ransomware for assistance with identification and confirmation?...all my files have been encrypted with .microsoft extension. Any news about it?
Posted 26 February 2018 - 01:28 PM
Hi,
Yes I uploaded the files. One is the sample encrypted file and the Ransom note is datainfo.txt. And it says 1 Result: Stroman.
Text in the datainfo.txt:
Posted 26 February 2018 - 02:15 PM
0 members, 0 guests, 0 anonymous users