Author Topic: Decrypt this files  (Read 712 times)

0 Members and 1 Guest are viewing this topic.

Offline iskefiyeli2004

  • Newbie
  • *
  • Posts: 4
Decrypt this files
« on: November 12, 2019, 10:29:08 PM »
I need HELP for this
".id-DCCC8723.[admin@sectex.net].bot"
How can i Decrypt this files?
Quote
We have identified "Dharma (.cezar Family)". This ransomware is not decryptable!

Identified by:

ransomnote_email: admin@sectex.net
sample_extension: .id-<id>.[<email>].bot
Click here for more information about Dharma (.cezar Family).

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 36325
  • Weihrauch Airguns
Re: Decrypt this files
« Reply #1 on: November 12, 2019, 10:48:24 PM »

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31973
  • malware fighter
Re: Decrypt this files
« Reply #2 on: November 12, 2019, 10:53:33 PM »
Next to what Pondus proposed, here some more info and download link...

Dharma Decryptor download link can be found in here:
https://www.bleepingcomputer.com/news/security/kaspersky-releases-decryptor-for-the-dharma-ransomware/

Download link: https://www.bleepingcomputer.com/download/rakhnidecryptor-ransomware-decryptor/dl/348/

For avast free ransomeware decryptors go read here: https://blog.avast.com/avast-releases-four-free-ransomware-decryptors
(decryptor credits go to avast's Ladislav Zezula and Piotr Szczepanski)

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline iskefiyeli2004

  • Newbie
  • *
  • Posts: 4
Re: Decrypt this files
« Reply #3 on: November 13, 2019, 09:18:21 AM »
they not work i try them
Next to what Pondus proposed, here some more info and download link...

Dharma Decryptor download link can be found in here:
https://www.bleepingcomputer.com/news/security/kaspersky-releases-decryptor-for-the-dharma-ransomware/

Download link: https://www.bleepingcomputer.com/download/rakhnidecryptor-ransomware-decryptor/dl/348/

For avast free ransomeware decryptors go read here: https://blog.avast.com/avast-releases-four-free-ransomware-decryptors
(decryptor credits go to avast's Ladislav Zezula and Piotr Szczepanski)

polonus
ID Ransomware  >>  https://id-ransomware.malwarehunterteam.com/

No More Ransom  >>  https://www.nomoreransom.org/en/index.html

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 61933
  • Happy Holidays..!!
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Decrypt this files
« Reply #4 on: November 13, 2019, 09:33:11 AM »
No backups..!? If so, you can only wait and hope for a future decryptor...
W8.1 [x64] - Avast PremSec 19.9.2394.B#1 - CC 5.63 - EEK - Firefox ESR 68.3 [NS/AOS/uBO/PB] - Thunderbird 68.3 [EM] - ACP/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline iskefiyeli2004

  • Newbie
  • *
  • Posts: 4
Re: Decrypt this files
« Reply #5 on: November 13, 2019, 06:57:49 PM »
No backups..!? If so, you can only wait and hope for a future decryptor...
i want to find and destroy, who made it.

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2708
  • Volunteer
Re: Decrypt this files
« Reply #6 on: November 13, 2019, 10:28:51 PM »
Do you still have the file that started this?
*Volunteer*.
Tier I SOC Analyst; Threat Hunter; Digital Forensics (no cert); HTB Competitor; Pentester (no cert).

4th Year BCS Student.

Offline iskefiyeli2004

  • Newbie
  • *
  • Posts: 4
Re: Decrypt this files
« Reply #7 on: November 14, 2019, 01:15:49 PM »
Do you still have the file that started this?
not

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2708
  • Volunteer
Re: Decrypt this files
« Reply #8 on: November 14, 2019, 06:20:36 PM »
Do you still have the file that started this?
not

Unfortunately, there isn't anything we can do for you. Backups were your best bet. There have been rare instances were attackers have been reached and recovery keys stolen based off HWIDs (Which - I will note is illegal.) You can either hope someone finds/creates a decryptor, or restart from scratch.

Sorry Mate.
*Volunteer*.
Tier I SOC Analyst; Threat Hunter; Digital Forensics (no cert); HTB Competitor; Pentester (no cert).

4th Year BCS Student.