How to Restore Files Encrypted by Ransomware (Without Decrypter)
THREAT REMOVAL

How to Recover Ransomware Encrypted Files (Without Decrypter)

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

We have created this instructive article to best explain the current options that you as a victim have to restore your files in case you do not wish to pay ransom to cyber-criminals.

Ransomware viruses have been around for quite some time and with most of them now decryptable the developers of viruses have “learnt” their lesson and have created a much stronger encryption scripts than before. So with ransomware evolving, the common user does not really have the capability or the know-how on how he or she can fight back to this menace and get the files back without having to go through the painstaking process of paying BitCoins. This is why, we as a security blog with extensive experience in how such viruses encrypt your files have decided to go over the main methods that you can use to restore your encrypted files in the event that there is no decryptor that is officially working for the virus at hand.

How Do Ransomware Viruses Encrypt Files?

By default, encryption can be explained as “The process of encoding information so that only parties with access to it can read it.”, according to it.ucsf.edu. This basically means that the virus infects your computer after which runs a set of processes which create a copy of the original file and this copy has parts of data replaces with data from the encryption algorithm used (RSA, AES, etc.). The original file is then deleted and the virus leaves the file to appear as if it is corrupt. After the encryption is complete the ransomware generates a decryption key, which can be either Private(symmetric) or public. The trend nowadays is for ransomware viruses to use a combination of both, making the direct decryption even more impossible than it was before, unless you have a decryption software which is again, coded by the ransomware authors. For more information on how encryption exactly works, you can check the related article underneath:

Related: Ransomware Encryption Explained – Why Is It So Effective?

Before you start to recover files, be advised that for some methods to work, you will need to remove the ransomware virus from your computer beforehand. We recommend using an advanced anti-malware software for the removal process, since it is capable to fully and swiftly detect all malicious files and secure your computer by removing them and providing active protection against all possible threats, known at the moment.

How to Get Encrypted Files to Work (Alternative Ways)?

So, having briefly explained what has happened to your files, let us now discuss what you can do to get them to work again. In this article we have done our research to best provide you with instructions on the different alternative tools that you can use to get the files back. Do not consider the methods underneath a 100% solution, but rather something that you can try and it may or may not work. To install some hope in you recovering your files, however, I will say that depending on the virus and the situation, we have received feedback from ransomware victims who used those methods to restore some of their files and users who were able to restore absolutely every file that was encrypted successfully. Oh yes, and before you start readin about those tools and methods, be advised to read the decription of each method as we have explained where it can be used with maximum effectiveness, since this method is likely to be appropriate for your specific situation. Let us start!

Method 1 - Restore Files via Data Recovery Software
Method 2 - Restore Files via Windows Backup
Method 3 - Restore Files by Using Shadow Explorer (Shadow Copies)
Method 4 - Restore Files by Plugging Your Hard Drive to Another Computer
Method 5 - Restore Files by Using a Network Sniffer
Method 6 - Restore Files by Using Decrypters for Other Ransomware Viruses

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

253 Comments

  1. karim

    my computer is infected by a quite new malware named ilksktivw and demands money to release files.

    Reply
    1. Milena Dimitrova

      Hi Karim,
      Is that the extension that has been appended to your files? Can you give us more information?

      Reply
      1. Sergio Herrera

        Hola Milena

        Mi nombre es Sergio Herrera, yo tambien tengo problemas con mis archivos. estan encriptados por el virus pumax tienen extencion *.pumax. podras ayudarme para desencriptar mis archivos. realmente agradezco su ayuda.
        saludos cordiales.

        Reply
        1. Milena Dimitrova

          Hi Sergio,

          Fortunately there is a decrypter for the .pumax ransomware, please find it here: https://sensorstechforum.com/pumax-files-virus-remove/
          Have a look at the .pumax Virus – Update December 2018 section of the article where the download link is situated.

          Reply
          1. Otto Garzon Lazo

            Milena Dimitrova ,hola por favor, mi maquina se infecto con la extensión .promarad, según he revisado es de DJVU, puedes ayudarme por favor

      2. Gerardo ramos

        Perdí fotos muy importantes de un casamiento y se transformaron con extensión .blower no tengo dinero para pagar los desencriptadores quisiera saber si se puede hacer algo …. Incluso todo el disco quedo con los files en .blower por favor auxilio que hago

        Reply
        1. Mario

          we are having the same problem, if you can find any solution to this problem please let me know and I will do the same
          thank you.

          Reply
      3. ekankam

        ‘mdenwoscnv’… this is the extension that has appended my files. Gandcrab 5.2

        —= GANDCRAB V5.2 =—

        ***********************UNDER NO CIRCUMSTANCES DO NOT DELETE THIS FILE, UNTIL ALL YOUR DATA IS RECOVERED***********************

        *****FAILING TO DO SO, WILL RESULT IN YOUR SYSTEM CORRUPTION, IF THERE ARE DECRYPTION ERRORS*****

        Attention!

        All your files, documents, photos, databases and other important files are encrypted and have the extension: .MDENWOSCNV

        The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files.

        The server with your key is in a closed network TOR. You can get there by the following ways:

        —————————————————————————————-

        | 0. Download Tor browser – https://www.torproject.org/

        | 1. Install Tor browser
        | 2. Open Tor Browser
        | 3. Open link in TOR browser: http://gandcrabmfe6mnef.onion/7a5cf7ad42ee203
        | 4. Follow the instructions on this page

        —————————————————————————————-

        On our page you will see instructions on payment and get the opportunity to decrypt 1 file for free.

        ATTENTION!

        IN ORDER TO PREVENT DATA DAMAGE:

        * DO NOT MODIFY ENCRYPTED FILES
        * DO NOT CHANGE DATA BELOW

        —BEGIN GANDCRAB KEY—
        lAQAADAJgYtRzogG6VI9idTrIRXUeN8zn21wcirjNWAzsNW1s730AtMEXjfdRNRIeJffhU2DD0qJCF3yElHQ5Rh6/WxbILF5P/Etfr/NV6ITyymPASD0FkIH/kX7P0gXgW5RUIOjZIvCGUSCPcdGyFxE5MtP9AQIEPOCcRyUPpj2CM4jDfhhjfFoNiJEGu3vxGPWIuPODXCCcZF9y5DoA+oiUs3z6HInQC3ANuimBUAwcOkaykjSLaqykN2EXnaboXM0Mq8d8UbilmxFBdDtElfN624leVspQny/GDwjZcyt5P0hY5Ql1okq55M8XlolPInQQKpGEfmR8efMM9uak0RDk1FAamQG63/XCFJvHYXwezLFFVVZPlsgsLYx1p5vr+bpgf53VU+jsYZsvhx7ZXAhOzojRIPUHrmlZcfWt8siNM3p4GVz2C+9ZitDG2I+HhxyGiubPEyqQ8Lgm9lVZH/2/Lk0LEKxnu3CXG1yslLVBI4y2f2NO+doIlXcpj7UwTLxna3vsnxrQASyqVIqrNte4G0yvN8YEAi7jyFQA2lPVEUDNidEmeGF2mBNewtBlNFzX2QIMPd4VxkaOE8SCeX+2nrNskXJaSldZVUcUXEC4KUi+9jlX4djJX2EHO/rLpVc9oEwojfOf/SD1ZoMqpXzaFigPL/0zlH+ItasEyiYcpevWq5TZX8oBx+YwZe+pPfKf1GXUCDGwKfM4/J71X+3i17gs5sKrK7+Q5Amy23Wri0RLsugonqpGN76pRUHI7WaJj0TidiVv/MX4d3V3oCfRsY69jKrkp1WyPpT6kZS9kunr9k7SCOsN1e0/YHXKPhfxw6qADZqyioi3qjeBJf4eletP8FV/3owH/MZtNUW3+wBfSrUe0aYrivkRza9GZvQsBjJONk4FP4CGmbzXWF55YukxTdkylHYrMh8XC/kZkPdq6Wb/MZ0NGn+saZ2vv8D1Lm6Y54e5MxUTc2yo3smVf03Btyl6Ur/NY5X1U04QzfUFg/PhsQqYRaXvFO6GU7J425ZUPgp5n9U4a2dSS+BClyqoDYg7P2K2BkXMAw027AEjjHpAbNn4G2iXdt9heBXPzbEPmLosemHxNVkQEYQW31TbddowmZbfxo4m2J92MyQD9FsmpF0cMNtXuVLg8wcB+Xqhz3qADg2Su9Cemslu6AYkmcpQsXOCKrZsoYGbw0ry/lWERSqP1DboDQWHWXGQN/cLfD6PxWT7pUJsDfMyfZxV5DW6IuFg79rBZOBUCur4W20JWUBFKJPjvX9ao3tlLxcKsf5pAh5nNYSBRs0s8w6r7a7vda+7aoBAgfKTTlkd6trLBJUt87IqAGCS/hu1ENH8EEZOSjQ2j0B3u9d0Xt2KyVWoyyzPoUbFI7YRdzsanicwPbQ2cWJQgz7P/taD9FacpAmIyzOrkeM9C63cc7hAazGr15/llCxLetrfcVgwHl5iK7SEBKIVDIpY171G8p3Nx/v/+rGXI0ace7UTwRyu0vWNvql4adJsmzqPRcd1KB8L/YwHHoMWkQ3t4VvJ6/U5SnKYdDfmiGI6OyHa2dgzxu7yI6OL803YwXY4Lkc+Imw9u8GTK4qL19zWz+bqUsVLn+5BZ55WBM/gThSWNmI8y3sv+KVK+ClmMA+xGDP7vLG0+XAvamOn5Jo6A/eXKTMvXMQaMujgiLXbnS7ISQFQLwNm16HBNUWBOMFmHQ2KvdachMGlUxeahems8hryl1W6FjtrIc7wsCuadT0uNzRPmL26g8QivdUM91YXwioP0wcs4YQw95RZyTLeDm+8PYbg70Nwhrc7KyXltvJxn//GNdKROvFjS4JI5fj1gxl2VppwkYib76Si+Sch1aBkX94hWjJQTIG3Uv7rtHcqBTHwByGeADV/JEa675OHU/ifWzBxksDBy01kJmOPY4A/qyydbXFLO5uYgntEg1YHFFB0vZWt/rAA1UBS2dixBi+Jt3WdSy5C2s+YQYfbR/inH+cZimIBFf0fQjacmKU5S9Nc7tried1+cLpSbSgLGIAKwWZoA3HdvQ6UW6Wg25vr71Zk0iOhNmCEhAPJn7FAk4JOWWgHYFeb2zFpbwNol0jlI4ryecdinvFXiXLLMAcyPiVVsbhPEG1q2biBxLzOXSw6dUTRciFFyLip8xURVaKEjq7DWzrEe3YdvMNaIZ573mi3u6IdBnQjv8ezj27hbxLSUVPbWuHXAbsLFTqu5oKVpmqqkdNXsI8Ew53vy0eZuXuGO4=
        —END GANDCRAB KEY—

        —BEGIN PC DATA—
        7ftDEgLb/ZS0lcmZbHM61KPJ5QOnD5UKmw6YbtogFHYeWLYCxZ+XYFtxBmDb9KHJMJDbAvSVseDPRXvIIXQmQ2qay7PczsgSeehmapSX2qbLGOIpU0uVIkugicQ2qivs7UgEXVJiDcF0iWP/gFL8WqBHGyOgMof74iZHO883kWa60KsRG/ofEubBktllsrKHT/UeIK90f4NTA3Q0Aa7fDOtFnCOTB5ome7FLZ/fMCt27gAb2/52sUzN7xdxdWKoyoIWs5zhHRnLzMN2B2FCdeiqo6lrnnIaZ6V9BSTXO4zB9mPr7qICkGFwpU6i/RSEVcPfH0wpSWSCYtNWJJNBZBilqqcZvR+W3YrGamdOR3UfUP93y/vMwLOHjW6PirwtWo+YkTxTJi/a4L0V0svf5S0uz66BfoUfFwZ2FPDCx4ShFud3oPVoJ6iuVz+mqqBpva7wdrtMyqi8A1fqlXTmS7qd4Aew/gTiwNUzEb+Yfs9wmLRGjwLinwCjinzPeKPygh42fWKb+7gkWvC6ijoFSEvtEvCM/AMXhw9QRIEb1V0GbyemMap0N1g0/++Qbe2sEznTBCrbrZtdJPEOVLco+Lu0bswnKcECVorCUEcCsFrTRnIiaaUI1b9k0s1GLcyrSiKIADBDFnYGgqEJw2kbHxMHGvHUKm+/KPPM0EpSdBZiuzltfHLo=
        —END PC DATA—

        Reply
      4. Shameer

        Sir my files are infected with .skymap extension. I have tried Stop Decrypter but no luck.When do you think that the decrypter will be available.

        Reply
        1. Milena Dimitrova

          Hi Shameer,

          There is a decryption tool but is is designed to support specific offline IDs, so it may not be effective for all cases of .skymap ransomware infections. More information here: https://sensorstechforum.com/remove-skymap-files-virus/

          Reply
  2. Steven

    Hello Milena,

    My computer also infected by ransomeware and most of the files extensions are renamed as .zeyilkz, are there any ways to decrypt them? Million thanks.

    Best regards,
    Steven

    Reply
    1. Tsetso MihailovTsetso Mihailov

      That is a custom extension – it is robably GandCrab. Did you get a ransomware note or a text file with instructions? If you did, can you share the text here?

      Reply
  3. Kay

    Mine was named .adobe. Has anybody had any progress with resolving this?

    Reply
    1. Tsetso MihailovTsetso Mihailov

      Hello, Kay.
      I have seen a person on Twitter who was able to decrypt some files encrypted by the .adobe ransomware. However, that person asks for thousands of dollars for his services. I guess a free decryption tool might be available soon.

      Reply
    2. Gergana IvanovaGergana Ivanova

      Hey, Kay!
      The same extension has been detected as one used by STOP ransomware strain. The good news is that security researchers have cracked the code of this threat and released a decryption tool. So you may be able to recover .adobe files with the help of this tool. Have in mind that another ransomware called Dharma also has a train that appends the extension .adobe. In case that your files were corrupted by Dharma .adobe your best option is to attempt to restore them from backups or consider the use of alternative data recovery approaches.

      Reply
  4. vaggelis

    my files are decrypted and the extension is ktpviuiin.
    how can i decrypt them ?
    please help i am desperate………..

    Reply
    1. Tsetso MihailovTsetso Mihailov

      Hello, vaggelis. This is a custom extension. It might be GandCrab ransomware. If it is a newer version – there is no solution. If the version is older, try the official decryption tool released last year – https://sensorstechforum.com/decrypt-gandcrab-ransomware-files/

      Reply
  5. Norma

    Mi equipo esta infectado por un randsomware y añadió a mis archivos y fotografías una extensión .djvuq y en cada carpeta hay una hoja nombrada .openme.tx Ustedes creen que sea posible restaurar mis archivos? Gracias por su ayuda!

    Reply
    1. Tsetso MihailovTsetso Mihailov

      Yes – there is a decryption tool released. You can find a download link in the beginning of this article: https://sensorstechforum.com/djvur-ransomware-remove/

      .djvur and .djvuq are both variants of STOP ransomware and have the same decryption tool mentioned above.

      Reply
  6. DJELMEN

    My computer also infected udjvu and most of the files extensions are renamed as udjvu, are there any ways to decrypt them?

    Reply
    1. Gergana IvanovaGergana Ivanova

      Hey, DJELMEN!

      Happily, you can attempt to restore .udjvu files with a free decryption tool released by the security researcher Michael Gillespie. You can download the tool via the Decryption Tool link here. The tool requires a pair of an original file and its encrypted version.

      Reply
      1. anturi

        thx a lot

        Reply
  7. Jenaro

    Buenos días, tengo información encriptada por extención .Rapid, se puede salvar ?
    Gracias!!

    Reply
    1. Tsetso MihailovTsetso Mihailov

      You can copy your encrypted files to another disk drive and wait for an official decryption tool released for free.

      As for the decryption tool sold by the criminals, do not buy it – it is broken. Only a few files are decrypted with it if the criminals decide to give you a decryptor. Wait and maybe there will be a solution in the future.

      Reply
  8. Eliodoro

    Hola,
    el pasado 9 de enero de 2019 fue atacado mi pc y me encriptaron los archivos, la extensión de los archivos es “*.no_more_ransom”.
    En las carpetas dejaron un fichero llamador “How Recovery Files.txt” con el siguiente texto:
    Hello, dear friend!
    All your files have been ENCRYPTED
    Do you really want to restore your files?
    Write to our email – [email protected] …………
    El programa Spyhunter 5 no me ha detectado nada extraño en el sistema.
    La última copia de seguridad es de hace 2 meses.
    ¿Cómo podría desencriptar los archivos?
    Gracias de antemano

    Reply
    1. Tsetso MihailovTsetso Mihailov

      Hello, Eliodoro,
      write to the support of Spy Hunter regarding the detection. As for the files – for the time being there is no official solution.

      Reply
  9. Umar Javed

    My computer is infected with all hard drives with gandcrab 5.1 and i am searching how can i get my files back and do not pay to that bastards

    Reply
    1. SUN

      MY PC ALSO AFFECTED WITH GAND CRAB 5.1 on 20 Jan 2019

      AND SEARCHING FOR A SOLUTION…..

      Reply
  10. Ban

    My PC also has been infected by ransomeware and all the files extension are in UIYAGBSI file. Please help

    Thank you.

    Reply
    1. Tsetso MihailovTsetso Mihailov

      Umar Javed, SUN – GandCrab 5.1 is a newer version and there is no decryption solution for it.

      Ban – that sounds like GandCrab as well, but try the official decryptor if it is an older version of the virus: https://sensorstechforum.com/decrypt-gandcrab-ransomware-files/

      Reply
  11. Titan

    Hola alquien encontro como recuperar los archivos… Esos malnacidos me contaminaron todo el trabajo

    Reply
    1. Tsetso MihailovTsetso Mihailov

      Hello, Titan,
      have you tried any of the above methods? Also, what ransomware has infected your files? If you know – share here.

      Reply
  12. ventsislav georgiev

    infected the extension is .ekptwbs tray many methods and nothing if abybody can help me my email is [email protected]

    Reply
  13. rach

    mon pc est infecte par un ransomware ; NANO aider moi svp a recupere tout mes fichiers

    Reply
    1. Tsetso MihailovTsetso Mihailov

      Hey rach,
      try using the Aurora Decrypter tool linked in this article : https://sensorstechforum.com/nano-files-virus-ransomware-remove/ There is a chance that this is another ransomware using the same extension (a Scarab ransomware variant), in which case we are unaware of a decryption solution.

      Reply
  14. ventsislav georgiev

    grandgrab5.0.4 extension .ekptwbs please help me to decrypt them with bitdefender its impossible my email is [email protected]

    Reply
    1. Tsetso MihailovTsetso Mihailov

      Ventsislav,
      5.0.4 version of Gandcrab is not decryptable yet. You should backup your files and wait for an update to the decrypter – hopefully it will happen.

      Reply
  15. Jim

    Hi,

    A friend got infected with a ransomware called [email protected]

    Any ideas?

    Thanks

    Reply
    1. Tsetso MihailovTsetso Mihailov

      We are aware of the ransomware – you can check our article for more information – https://sensorstechforum.com/remove-jaffe-ransomware/

      Other than that, there is no known official decryption tool released for Jaffe ransomware.

      Reply
  16. Sagar SR

    Hi Milena,
    all my desktop files are infected by a GANDCRAB v5.1 under the file name .ubhoiy
    please help me retrieve my files..

    Reply
    1. Tsetso MihailovTsetso Mihailov

      Unfortunately, GANDCRAB v5.1 is not decryptable for now. We cannot help you as no solution exists, yet.

      Reply
  17. Flamas

    Hola.. Mi pc se infecto con un ransomware que deja todos mis archivos con una terminación .blower me puedes ayudar?

    Reply
    1. Tsetso MihailovTsetso Mihailov

      Hola Flamas,
      currently there is no decryptor for .blower ransomware. As it is a STOP variant a decryptor might be developed. Just save your files and wait.

      Reply
  18. VIVEK

    my photo files are all encrypted with extension .bklhn
    Any help would be much appreciated

    Reply
    1. Tsetso MihailovTsetso Mihailov

      VIVEK,
      nowadays, solely knowing the extension of a ransomware virus is not enough to determine of which ransomware family it is. It looks as if you have a custom extension, which is probably generated by GandCrab ransomware. If that is the case and the infection is new (from this month) you probably got a newer version of the virus and it is not decryptable.

      Do you see anything else that you can share – a ransom note, message with instructions?

      Reply
  19. xfoun

    Buenas chicos , mis archivos estan encriptados en .local , alguna idea ?? muchas gracias

    Reply
    1. Tsetso MihailovTsetso Mihailov

      Hey xfoun,
      I have never heard of the .local extension. Any other information you can share on the virus – .txt file, ransom message or instructions on the infected computer?

      Reply
  20. Mario

    hi, let me know if you find any solution on this, we have the same problem. I will do the same for you.

    Thanks

    Reply
  21. Azhar Abbas

    My files infected on 9th February 2019, by KRAKEN CRYPTOR, encrypted files extension is .YTUSU , Please suggest any decryptor if available.

    Reply
    1. Tsetso MihailovTsetso Mihailov

      Hello Azhar,
      there is no too that can decrypt KRAKEN CRYPTOR yet. We will write if such a tool is released.

      Reply
  22. KOSKAMP

    CAN SOMEBODY HELP ME WITH THIS EXTENSION .KUFQZTS TO REMOVE FROM MY FILES THANK YOU

    Reply
    1. Tsetso MihailovTsetso Mihailov

      Probably GandCrab ransomware. If its new – it cannot be helped.

      Reply
  23. Akila

    is there any decrypter for the *.xoloed ransomware ? plz help

    Reply
    1. Milena Dimitrova

      Hi there,

      Can you give us more details about your infection? Is there a ransom note you can share with us?

      Reply
  24. Roan

    My files are named .qdsmrc is there a way to fix it ? I really want my good trip memories memories back :(.

    Reply
    1. Milena Dimitrova

      Hi Roan,
      Can you provide us with further details about your infection?

      Reply
  25. cristain

    hola mis archivos asido infectados con la extencion ( BTEGHU ) y deja un archivo de nota en cada carpeta con el nombre de BTEGHU-DECRYPT hay alguna solución para recuperar mis cosas

    Reply
    1. Tsetso MihailovTsetso Mihailov

      Hello, cristain.
      This is most likely GandCrab ransomware. Can you share the contents (text) of the BTEGHU-DECRYPT.TXT file?

      Reply
  26. Dialora

    My files are all infected on 16th February, encrypted files extension is JXSCT.
    Please suggest any decryptor if available

    Reply
  27. Gergana IvanovaGergana Ivanova

    Hello, Dialora!

    Considering the random extension you mentioned, we believe that your PC has been infected by a version of GandCrab ransomware. Do you see any ransom note or a text file with instructions? If you do, look for the mention of specific numbers. When you find them visit our article on how to decrypt files encrypted by GandCrab Ransomware and find your version. Beware that all versions released after 5.0.4 including the newest 5.1 are still not decryptable.

    Reply
  28. Bauti

    All my file are infected by gandcrab 5.1 on 16 February, encrypted files extension is “krsefzfhq”. I would really appreciate any help and suggestions.

    Reply
    1. Milena Dimitrova

      Hello,

      Sorry to hear about your infection. Unfortunately, there is no decryption tool for this version of the ransomware. You can remove the ransomware using an anti-malware program but there is no option to restore your files. More information about the ransomware: https://sensorstechforum.com/remove-gandcrab-5-1-ransomware/?%D0%B4%D0%BB%D0%BD

      Reply
  29. sivone

    Hi, every one on the internet who is kind. Can you help me?, my files were encrypted by gancrab ransomware 5.1. The file shows look like this:

    Diffraction.docx.djhzsis.blower.

    All my files are blower file.
    Could you please help me?

    Reply
    1. Milena Dimitrova

      Hi Sivone,

      Unfortunately, this version of the ransomware is not decryptable. You can try alternative data restoration methods but there is no guarantee. More information here: https://sensorstechforum.com/blower-files-virus-remove/?lnln

      Reply
  30. Valerio

    Dear Sensors Tech Forum,
    can You help me? Please! All my files, documents, photos, images, videos, and other important files are encrypted and have the extension “.JRSGLQXT”.
    Within each corrupt folder there is the following file!
    “GANDCRAB V5.1 – UNDER NO CIRCUMSTANCES DO NOT DELETE THIS FILE, UNTIL ALL YOUR DATA IS RECOVERED FAILING TO DO SO, WILL RESULT IN YOUR SYSTEM CORRUPTION, IF THERE ARE DECRYPTION ERRORS – Attention! All your files, documents, photos, databases and other important files are encrypted and have the extension: .JRSGLQXT – The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files.”
    Thank’s in advance for Your reply.

    Reply
    1. Milena Dimitrova

      Hi Valerio,

      We are very sorry for the loss of your files. Unfortunately, this version of the ransomware is not decryptable. You can learn more about it here: https://sensorstechforum.com/remove-gandcrab-5-1-ransomware/

      Reply
  31. Miguel

    alguien puede ayudarme a desencriptar archivos con la extensión. blower

    Reply
  32. Maik

    Dear Sensors Tech Forum,
    Please can you help me?All my files,photos,videos,documents and other´s are encrypted by Gandcrab V5.1 on February 09,2019 and have now the Extension “SPKFSF”

    Reply
  33. Maik Oebels

    Hallo Sensors Tech Forum,
    Bitte um Hilfe.All meine Dateien,Fotos,Videos etc. wurden am 09. Februar 2019 durch “Gandcrab V5.1” verschlüsselt und haben nun die Erweiterung “spkfsf”.Gibt es da eine Möglichkeit die Daten wieder zu entschlüsseln?

    Reply
  34. Ignacio

    Hola, mis archivos estan encriptados bajo la extensión .cbupus, por GANDCRAB v5.2. Estos métodos me funcionaran? Saludos

    Reply
  35. MARA

    ESTIMADOS.
    POR FAVOR ME PUEDEN AYUDAR, A MI SERVIDOR LE INGRESÓ Ransomware denominado CRYPT. BORRO TODA MI BASE DE DATOS.
    HAN LOGRADO RECUPERAR LOS ARCHIVOS.
    SLDS

    Reply
  36. Jaume

    No se el nombre del MALWARE me pone la extensión, . FAIL
    Alguien me puede ayudar!!!!

    Reply
  37. Lock

    My PC was affected GandCrab V5.2 with .WKNZFU extension in all my files.. any decryptor for V5.2 released ?

    Reply
  38. elias

    buenas tengo mis archivos con la extension .ukbmz no se q tipo de virus es m si alguien podria ayudarme gracias ♥

    Reply
  39. ELIAS

    hola buenas mi pc esta con los archivos y tiene la extension .UKBMZ si me podrian ayudar se los agradeceria muchisimo

    Reply
  40. Jhon

    Mis archivos estan infectados con la extension ETH

    Reply
  41. jorge

    Hola, me paso lo mismo, la extension es .promoz, el mail de rescate [email protected] y [email protected]. Me pueden informar si hay algun desencriptador por favor? Estoy desesperado.

    Reply
    1. Ismael

      Hola, tengo exactamente el mismo problema….haz podido solucionarlo? de ser así, como lo hiciste? saludos

      Reply
  42. Kuki

    I got ransomware with .promok extension :(((
    Asking 490 USD to these email addresses [email protected], [email protected]
    Do you know if there is decrypter for this please? .promok

    Reply
  43. Ismael

    Hola, tengo un NAS el cual fue infectado con rasomware todos los archivos estan encriptador con la extension .PROMOZ, spyhunter5 logro limpiar mi equipo, pero el servidor NAS aun sigue infectado, alguien conoce alguna herramienta (aunq sea de pago) o alguna forma de recuperar los archivos? la mayoría de mis archivos infectados son solo fotos y video familiares, estoy desesperado, estan las fotos de toda la vida ='( …. esta es la nota de rescate que aparece, desde ya muchas gracias por su ayuda
    ——————————————————————————————————————————-
    ATTENTION!

    Don’t worry my friend, you can return all your files!
    All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
    The only method of recovering files is to purchase decrypt tool and unique key for you.
    This software will decrypt all your encrypted files.
    What guarantees you have?
    You can send one of your encrypted file from your PC and we decrypt it for free.
    But we can decrypt only 1 file for free. File must not contain valuable information.
    You can get and look video overview decrypt tool:
    https://we.tl/t-ll0rIToOhf
    Price of private key and decrypt software is $980.
    Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
    Please note that you’ll never restore your data without payment.
    Check your e-mail “Spam” folder if you don’t get answer more than 6 hours.

    To get this software you need write on our e-mail:
    [email protected]

    Reserve e-mail address to contact us:
    [email protected]

    Your personal ID:
    034OspdywaduiShdktrecpmTcuXM4gQ1VxOiWCronjaflECHMOiIWMEQKZy2r
    ——————————————————————————————————————————-

    Reply
  44. dean i

    hi my files have been changed to FJLTS is therre a fix for this?

    Reply
  45. dean

    all been changed too FJLTS

    —= GANDCRAB V5.2 =—

    ***********************UNDER NO CIRCUMSTANCES DO NOT DELETE THIS FILE, UNTIL ALL YOUR DATA IS RECOVERED***********************

    *****FAILING TO DO SO, WILL RESULT IN YOUR SYSTEM CORRUPTION, IF THERE ARE DECRYPTION ERRORS*****

    Attention!

    All your files, documents, photos, databases and other important files are encrypted and have the extension: .FJLTS

    The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files.

    The server with your key is in a closed network TOR. You can get there by the following ways:

    and this left in every folder on all my hard drives

    Reply
    1. Milena Dimitrova

      Hi Dean,

      Unfortunately, this version of GandCrab is not decryptable at the moment. You can follow our website for updates on the ransomware.

      Reply
  46. ravee

    hi My files has an extention of 87a1 how to I recover it I’ve waited for almost a year now,
    please help

    Reply
    1. Milena Dimitrova

      Hi ravee,

      Can you give us more details about your infection? The extension looks like Cerber ransomware: https://sensorstechforum.com/new-cerber-ransomware-remove-restore-encrypted-files/

      Reply
  47. Ismael

    me paso lo mismo, mis archivos fueron encriptador por .promoz rasomware…alguien tiene alguna soluciona? (aunq sea de pago

    Reply
    1. Milena Dimitrova

      Hi there,

      More information about this ransomware is available here: https://sensorstechforum.com/remove-promoz-files-virus/

      Reply
  48. Kevin

    Hello,
    I was hit with a ransomeware and all my files have the extension .local. Can someone help me?

    Reply
    1. Milena Dimitrova

      Hi there,

      Can you give us more details about your infection?

      Reply
      1. Kevin

        Sure, all files have a .local extension.

        The name of the ransomenote is “HOW TO RECOVER ENCRYPTED FILES”

        And they want me to contact
        [email protected]

        Reply
        1. kkeny

          Exactement le meme probleme mais en anglais ‘HOW TO RECOVER ENCRYPTED FILES.TXT”
          Tout mes fichiers son en .local
          Même adresse mail.
          l’id fourni est énorme
          help please????

          Reply
  49. marcelo

    Hola, en mayo de 2018 perdí todos mis archivos, mas de 50 gb, y mis backups también fueron infectados con la siguiente extensión [email protected] y [email protected] si existe un descifrador se lo agradecería.

    Reply
  50. Alamin Rahman

    Hello, My PC Effected By .IOPUMLYM Exctension and GANDCRAB V5.2
    Please Anyone Help me for Decrypted my Encrypted file and folder

    Reply
  51. Facundo Gil

    Hola, soy victima de [email protected], me encripto archivos con la extension .adobe.
    Me pueden ayudar?
    Saludos y muchas gracias

    Reply
  52. Santi JR

    Hola hace un par de meses me infectó un ransomware con extensión .missing, y a día de hoy aún no he podido descifrarlo. lo único que he podido averiguar es que se trata de una nueva variante del APOCALYPSE.
    dejo nota de rescate:(el archivo figura así: IMG_9345.JPG.Contact_Data_Recovery)

    Your computer was hit by ransomware

    Contact by Email for your data recovery.

    Email : [email protected]
    Your Personal Identification ID: ID_RESTORE_E1B5040FES

    We’ll provide proof of recovery and Data Decryption Software to you.

    WARNING: If you don’t contact us, your data will be damaged. If we do not reply, email from a different email service.

    Luego el archivo al cual se dirige citada nota del rescate figura con el nombre seguido de la extensión .missing

    Se sabe algo al respecto, ayuda por favor

    Reply
  53. jean

    hola necesito ayuda mi pc se infecto con un ransomware .promorad existe alguna aplicación para desencriptar mis datos gracias

    Reply
  54. Tunmise

    My SD card got infected with uuuuuuuu.uuu and it created so many folders. My files are still there but i’m unable to open or use them

    Reply
  55. Cristhian lesmes

    Buena noche tengo un problema con uno de estos virus quisiera solicitar su ayuda el virus es un Promorad2 ransomware, agradezco su ayuda Milena.

    Reply
  56. Jijith J V

    Hi All my files have affected by .bomber extension is there any way to decrypt the same?

    Reply
  57. luis

    i got my files changed to .kroput files any advice to get it back?

    Reply
  58. IVAN

    holaa necesito ayuda mis archivos se infectaron por un virus llamado streamer que encripto mis documentos y les puso la extension *.promorad2 alguien que sepa si hay alguna forma de recuperar los documentos, gracias de antemano

    Reply
  59. Cristobal

    hola yo tengo desde ayer uno que encripto todo lo que alcanzo en mi red en archivos compartidos con extension .KROPUT… habra alguna solucion??? me pide 980dls

    Reply
    1. Leonardo Rovira

      todos mis archivos infectados con la extension .kropun. alguna solucion para recuperarlos? gracias

      Reply
      1. Milena Dimitrova

        Hi Leonardo, here’s more information about your infection https://sensorstechforum.com/remove-kropun-files-virus/

        Reply
  60. Guido

    Hola cómo están gente…un virus me infectó mí PC y me cambio las extensiones a .promora2 alguien tiene info o como se puede hacer, muchas gracias de antemano.

    Reply
  61. Guido

    Hola gente…se me infectó mí PC y mis archivos de trabajo se cambiaron a la extensión .promora2 alguna solución o info de cómo recuperarlos…muchas gracias de antemano

    Reply
    1. ronald revilla

      a mi me paso igual amigo, no has conseguido solucion? soy de Venezuela

      Reply
      1. Guido

        Nada aún, sigo buscando soluciones…me avisas si encuentras algo… gracias

        Reply
  62. Carlos

    En mi laptop, memoria usb, y disco duro externo… se infectaron con el promorad2… como puedo recuperar mis archivos sin necesidad de formatear nada.

    Reply
  63. Carlos g.x.

    En mi laptop, memoria usb, y disco duro externo se infectaron con una extensión que es promorad2… como puedo recuperar archivos de mis discos extraíble sin necesidad de formatear nada.

    Reply
  64. Rolando

    buenas tardes alguien me puede ayudar a recuperar mis archivos que tienen la extecion .promorad2

    Reply
  65. ronald revilla

    buenas noches, fui atacado por virus ransomware que encrypta y deja extension .promorad2 tendrán alguna solucion para esto?????

    Reply
  66. rizwan

    my pc is infected by ransomware please help me
    —= GANDCRAB V5.2 =—

    ***********************UNDER NO CIRCUMSTANCES DO NOT DELETE THIS FILE, UNTIL ALL YOUR DATA IS RECOVERED***********************

    *****FAILING TO DO SO, WILL RESULT IN YOUR SYSTEM CORRUPTION, IF THERE ARE DECRYPTION ERRORS*****

    Attention!

    All your files, documents, photos, databases and other important files are encrypted and have the extension: .GBYXADMGV

    The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files.

    The server with your key is in a closed network TOR. You can get there by the following ways:

    Reply
  67. Angel corso

    Buenas tardes por favor ayudaaa help me le entro ese virus a mi pc y todos mis archivos tienen esta extencion ( .pulsar1 ) aguien que me ayude a como resolverlo por favor

    Reply
  68. Marco

    Hola
    Mis archivos han sido infectados por la extensión .charck, hay alguna solución?

    Reply
  69. JOE

    Hola, necesito su ayuda todos mis documentos de mis discos(Archivos, fotos, videos entre otros) se han puesto con la extension . CHARCK necesito recuperarlos…… I NEED YOU!

    Reply
    1. Milena Dimitrova

      Hi Joe,

      You have been attacked by a version of Stop ransomware. https://www.sensorstechforum.com/remove-charck-files-virus/
      Unfortunately, there is no decrypter for it at the moment.

      Reply
  70. Ivan Naranjo

    ME PUEDEN AYUDAR POR FAVOR, TENGO INFECTADOS MIS ARCHIVOS, ESTAN CON UNA EXTENSION .pulsar1
    agradezco mucho si alguien me puede ayudar. gracias Iván

    Reply
    1. Milena Dimitrova

      Hi Ivan and Freddy,

      You both have been infected by a version of Stop ransomware which is not decryprable at the moment. You can read more about it in our article: https://sensorstechforum.com/remove-pulsar1-files-virus/
      If a decrypter is released, we will update the article with information. You can follow us for updates.

      Reply
  71. Manhal

    hello any solution my files all get extension kroput

    Reply
    1. Milena Dimitrova

      Hi Manhal,
      Unfortunately, no decryption for now. Here’s more information about the ransomware: https://sensorstechforum.com/remove-kroput-ransomware/

      Reply
  72. daniel

    buenas noches tengo ransomware que me encripto todos mis documentos con extension .pulsar1 alguien que me pueda ayudar son documentos muy importantes.

    Reply
    1. Milena Dimitrova

      Hi daniel,

      You’ve been infected by https://sensorstechforum.com/remove-pulsar1-files-virus/. The bad news is that there is no decryption for it at this point.

      Reply
  73. imi737

    Zdravo , Hallo
    All my data hdd is infected *HXCNTD*
    Help…….

    Reply
    1. Milena Dimitrova

      Hi there,

      It seems that you’ve been infected by а version of GancCrab. Can you give us more details about your infection, such as ransom note, to tell you if a decrypter is available.

      Reply
  74. Pool

    My files are crypted by .kroput,anybody knows the solution?

    Reply
    1. Milena Dimitrova

      Hi Pool,

      Unfortunately, no decryption tool is available at the moment. We will update our article (https://sensorstechforum.com/remove-kroput-ransomware/) if a decrypter is released.

      Reply
      1. Pool

        Thanks Milena,but i did manage to decrypt 202 files from 4000+ with STOPDecryptor if that helps :)

        Reply
  75. Pool

    Stellar Phoenix Photo Recovery will recover any photo or video,it doesn’t matter what virus ti is,that helped me,cheers

    Reply
  76. Majo

    Hola como estas. He notado la gran cantidad de virus ransomware. Hace casi un mes que estoy buscando solucion-. Mi pc fue atacada por el GandCrab v.5.2, bien nuevito…. Si uno compra el SpyHunter, recupera los archivos encriptados? o solo elimina el virus? Otra cosa, como hay tantas fallas de seguridad, mi bandeja de entrada de email llena de Spam. (yahoo y fibertel, no asi gmail hasta ahora)Muchas gracias.

    Reply
  77. LOURDES

    como restaurar archivos cifrados por ransomware

    Reply
  78. imi737

    —= GANDCRAB V5.2 =—

    ***********************UNDER NO CIRCUMSTANCES DO NOT DELETE THIS FILE, UNTIL ALL YOUR DATA IS RECOVERED***********************

    *****FAILING TO DO SO, WILL RESULT IN YOUR SYSTEM CORRUPTION, IF THERE ARE DECRYPTION ERRORS*****

    Attention!

    All your files, documents, photos, databases and other important files are encrypted and have the extension: .HXCNTD

    The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files.

    The server with your key is in a closed network TOR. You can get there by the following ways:

    —————————————————————————————-

    | 0. Download Tor browser – https://www.torproject.org/

    | 1. Install Tor browser
    | 2. Open Tor Browser
    | 3. Open link in TOR browser: http://gandcrabmfe6mnef.onion/5b768db9b0f8d3d0
    | 4. Follow the instructions on this page

    —————————————————————————————-

    On our page you will see instructions on payment and get the opportunity to decrypt 1 file for free.

    ATTENTION!

    IN ORDER TO PREVENT DATA DAMAGE:

    * DO NOT MODIFY ENCRYPTED FILES
    * DO NOT CHANGE DATA BELOW

    —BEGIN GANDCRAB KEY—
    lAQAALG5rR06FGgc3Z3vHwAexWFvWe6pXKGNmTrUK3/IVnbXC4qekGu5jJZRWr1ycEWWR5+CS8XOrzOzYlWAAgG5fh9i8rcW/NGDy4yCmMzwweh1BadN1ey3T5/DDGcmTPE6y6YMQDEzBqKRrgbUMp3wkFZi8QH67l8laDuZQZtuqE/JCuhGA3knB6B2qkbkYo28Yz6c8cEGjLpN6QYf8MH70IIheuPxthDbuGDLGad9gsng4VujjJ4bPNcJoa+ppIRpiumz8Mkjuxec3nZ81aJE3q9AAfOrmeQvNtW7pvq983CkrfmFf1+9tttOn5xYJYXjfZu2CA+UnbJC3WAwYGMRAkjpqeQFSr2ShlUcgeihKOFFgFugdrHT0nbaxUbDVVgAfC46ScDU8Ro5g4EmPnDS1tS2IUr1RKQBOJxkNyWsbH/CcGt1zmsEfAZP6GHk+8qFVV/O4swwlRIkDGeWk676XQuIGOacH3LzmcT3eei9a5pKEFd0dNeA96JVv6OsK9UHiytpE9SyWohLP+dIfBm5MQi9jJ2yE7i1Rt9nD4D8cdQeKji67n9KZXpjJZliVoRsatamTWkK/+tGgfK+vZY4ob3d6BWl8XWtEvTTLwumWcd2AQcjzJQed2znUdIbjyPCZSe+bW/RCcKuX58TluN2CgOLVWHr/WpjfhEQiIBkk/bXQJsGLTQ3KcM1ZiRRUDutf7UtUkKWNM5OCY9weSYG3qVaCzk9YKVP5FRWbB+AijXkINuN/5alRNfnQ8z+cGEsMB8ss6nbdh6m6l9vEUTkIsbmfEco3sn4rCk+UrxIuAXXKCynPD8q08mHPYjCDCscMTlQ+3cS1tnWpMgC7I8QCQkkX6P6aGzZnLeS2zJ6ewzPlRxwm4e8Uez8RUrQpHT82geycigfblQWe1HnuKnQXeRY1712dt2sgtaoqBvy2xGI8zDnc/gXnvKATm+bdYLoMfYL587IZrTJEw1btpB6Dfr+q0UxPmIWdNIPGsLCSzFZFT1HZI5C8l2dgGJXH6k+LlYl3YalD010WeezH9WMb9yokNHmvzVoD5rDru9M9yNoh/AdzS5Y261c94COD2tGN74Yv+W+AhVI0TTDyA9h4XH0hdQSZbbA9WCGi8Ef/wUn5fbddEK0uOP75X3PZtOCvhdFRSd+7iKFG/6iqvVYnDtT7bsdD0Go3H4Fku3LtBJXmqCuyUsmYqW7rc7gNUvjpRYbFjk/ht19hsblmcytqhODto9X2DHJCpKwoZOOeyuTt/N7UT2It58LohD7OPuRaVXTt4r+tmBopQloYuNpwumKOEj3I0UIT9J5zUlYWdHaw9oQU6HbIGhQRZELsLjMjKZTHpT7MN2jhDVIWwLShEutYCbUSjT757t0ebSLXESrUVrWKuCvtRyFd9LGZDJ+x25R7oeMooFVKysdM4J4WTTYkEhvUCucrP8HrEgnd/7SAPn2MuI7lXbYvOMH6CNYyOvCaNBlCQSX6jlbRdrDRVk6srSd+L4edc8vB7+uVGO+Pt1GY6YV8rrot6JQS2NS9ht3tHui3nk6Uu8+aztnJE6CdRXXXs7PctftNZneRIaZJghTuYDWHgBqoXcJ9tBjt07lEElJRgmRAV7WGgOj9psIysujQpNJUVL9olbR6eikNuulxTgtQK2vLD5LuNv6G9AyB3A/Qdh1E5pGG0dy9gZ6JMtfXJOcR7ud0N3eDCxOoXGkKpi0ocxQ2TRkChvIMxyHwsvQWuKyioVqPn1yovk5LZmwXYiWCsdItGhN9rwvoBR1QPqgn3n/MTv8E1P8Lw24amHWNUBKZTfbVRYwpxY4gHBHcKBxWJL7Zb6vcTRFPBvXNwWyrV3Z68GHMTt351fRG2y5yXGNuHYctNa61IJc/QEiDYlbE9NorWcWaEQO0hRixsYhPDSM1quHTeIsR04tMWnmjXV4UMjYJmNETuS5HKp9semkleUSaMhsB4ThCZaafqe2Jjj+22oQP3OhpVUVK+QOniuFFp5DJG3p6XT8i2Ouxm8lpp7KvVboVO8ZpyrpHGTJt00WvSTjeFgc4jZj3yMy/TP76BeRNdx97bn0KNOsLMV7uK+ounggIdx3+eznL/7Tyuc2sr7cG7F08TwG3LtsaSA83KJ2An7SrKqBw8T+elO7XwKGqtsBsEnM3vnEklN+8qVdlJoTRl/x4JRU6mtlIeUJcyXV1R4ZE+vWI22V8C2GMyasSFKgktc3u8IRllAglXdYokZJEQTTeNQyGjE=
    —END GANDCRAB KEY—

    —BEGIN PC DATA—
    7ftDEgLb/ZS0lcmZbHM61LvJzQOaD5cK2A6MbtAgbXYAWLQC95+cYAdxMWD/9MbJPZC3AvSVpuCmRVvIb3Q4Qz+a8bP6zo4STehtaoWXs6bpGMopS0ugInags8QTqn3soEgwXUJiM8FeiUr/tVKOWpBHJSOrMqL70iY+O9M3k2aL0KcRQ/oDEurBgtkSstyHBvUdIJN0TYNZA3s0F67PDOtF+yPcB5smbLF7Z+3MGN3xgF72rZ3ZUwt7wdxWWO4yn4Wp5y5HC3KrMJiBlVDzeiqo9FrdnMKZ719GSVfO+TAimLr7s4CuGAspCajqRTwVfPf20xBSUiDItL+JL9AKBiJqpsZqR7K3OLGemdSR2keIP43y//MxLLTjT6O6r1xW4eZxTzPJ1fbDL0900Pf6S0az7KAroTHFqZ2NPDKx6yhBud7oMVoK6ieVzOm2qBlvYbwCrtoyoy8A1fmlVjmS7q94BOw8gSWwQ0zSb+QfwNw4LR2j3Li9wF7i8DPfKPyghI2WWKL+6QkQvCyii4FeEv9EqiMxANjhx9QXIE31U0GeyeGMa50B1gs//OQPexoE0nTuCpvrA9c9PD6VRsopLqob8QmecC6V+7DIEcqsE7TRnIeaZEIlb4A05VHMc2nS0KJeDErFmIGkqFpw2EbRxIzGl3VEm8DKGvMCEuydIpiQzgJfQrpB71s2/1/ZdDB8r5KiQFhjqF1/yoXwoFyOuqdBYA56yRhuMMZxGB5sV+B3uzvqG6fuaplMs3UQDWsYCcS6Le3Uxn/maKAeNd3QiFB7RdqsfCI9+d2XxPVJsuoXhfB2B0kLztEkOcK3e/qYaj0JwNTW5DnfJK2n5OfHK1Pv1icGnIlS
    —END PC DATA—

    Reply
  79. Gustavo

    hola mis archivos estan cifrados por una extension.CHARCK, me pueden ayudar a resolver mi problema?

    Reply
  80. uncut

    Hello

    My computer also infected by ransomeware and most of the files extensions are renamed as .doples, are there any ways to decrypt them? Million thanks.

    Reply
  81. Rachael Leigh

    Hello

    My computer also infected by ransomeware and most of the files extensions are renamed as .[[email protected]].GFS are there any ways to decrypt them? Million thanks.

    Reply
    1. Vencislav Krustev

      Hi, besides the [[email protected]].GFS, do you see something else, before it, like:

      “ID-9238H23B. [[email protected]].GFS”

      The reason I am asking Is because this could be a variant of Dharma ransomware.

      Also, do you see any ransom note or other type of Readme file with ransom instructions and if so, what’s the file’s name?

      Reply
  82. Angel corso

    Hola mi pc esta infectada todos mis archivos tienen la extencion PULSAR.1 Ayudenme como puedo desencriptarlo

    Reply
  83. Christos

    Hi,

    I have also the [[email protected]].GFS issue.

    Any help regarding removal and decryption?

    Thank you

    Reply
    1. Vencislav Krustev

      Hi, besides the [[email protected]].GFS, do you see something else, before it, like:

      “ID-9238H23B. [[email protected]].GFS”

      The reason I am asking Is because this could be a variant of Dharma ransomware.

      Also, do you see any ransom note or other type of Readme file with ransom instructions and if so, what’s the file’s name?

      Reply
      1. Christos

        Hi Vencislav,

        1. Nothing before that

        2. Yes, there are ransome txts all over the place…

        Any thoughts?

        Reply
        1. Ventsislav Krastev (Post author)

          You have been infected by a new version of Gefest ransomware. It is still pending decryption so when a decryptor is released we will post it with a link in this article:
          https://sensorstechforum.com/remove-gfs-ransomware/

          Reply
          1. Christos

            Thanks.

            Hope that you will find the decryptor soon1

  84. Juan Domingo

    is there any decryptor for this .GMPF virus? i have all my files encrypted with it on an external hard drive but i have no idea how to recover them. can u please help me? thx

    Reply
    1. Ventsislav Krastev (Post author)

      I think that your computer has been infected with a new version of this ransomware: https://sensorstechforum.com/gmpf-virus-ransomware-remove/

      We will update this article as soon as there is a decryptor available.

      Reply
  85. Christos

    It seems that my messages are not getting through.

    So, (a) nothing else before [[email protected]].GFS and (b) yes there are ransome txts all over the place.

    Any thoughts?

    Reply
  86. BOnbon

    My files are all infected by luceq , encrypted files extension is luceq
    Please suggest any decryptor if available

    Reply
  87. ABDO1430

    Hello
    My computer also infected by ransomeware and most of the files extensions are renamed as .[.chech.xejgsuypc.chech ] are there any ways to decrypt them? Million thanks.

    Reply
    1. Milena Dimitrova

      Hi there,

      It appears you’ve been infected by this ransomware: https://sensorstechforum.com/remove-chech-ransomware-files/

      Reply
  88. gerra

    I NEED .GFS files decrypter

    Reply
  89. Pierre

    Hallo, nun hat´s auch mich erwischt:

    “GANDCRAB V5.2” (alle jpg avi mp4 mp3 pfd etc) haben jetzt .zaciox Dateiendungen und sind verschlüsselt.

    Gibt wohl noch keinen Decryptor, oder? :/

    Reply
  90. Iván

    Hola, mi pc ha sido infectada con el virus DHARMA, y mis extensiones han sido encriptadas como archivos .ETH
    ¿Hay alguna manera de poder desencriptarlos? Necesito mi archivo de Outlook .pst urgente.
    Gracias!

    Reply
    1. Milena Dimitrova

      Hi Ivan,

      Unfortunately, there is no solution for this version of Dharma ransomware. We will update our article if a decryption tool is released https://sensorstechforum.com/remove-eth-files-virus/

      Reply
  91. malick

    bonjour,
    Mon pc est infecté par un ransomware avec l’extension « .promos ». Tous les fichiers du pc sont cryptés ainsi ceux de mon disque dur externe.
    Merci pour votre aide

    Reply
    1. Milena Dimitrova

      Hi Malick,

      You’ve been infected by a version of STOP ransomware – https://sensorstechforum.com/remove-promos-files-virus/. Unfortunately, for now there is no official decryption tool.

      Reply
  92. Guido

    Buenas noches gente, alguien pudo encontrar una solución para desencriptar archivos con la extensión . promora2
    Gracias

    Reply
  93. Felicianus Roni

    My PC got infected by [[email protected]].GFS and all files are encrypted by this extension. Is there any decryptor available to decrypt the encrypted files.

    Thanks in advance

    Reply
  94. Beto calderon

    Buenas noches, tengo un problema con un servidor que fue infectado por el ciphered, hay algun descifrador que me pueda funcionar, tengo una backup de postgres para poder liberar, muchas gracias por su aporte

    Reply
  95. alberto

    Hola, para archivos con .ETH existe alguna solución

    Reply
  96. Ed Sullivan

    I was infected on Nov. 29, 2018. The encrypted files end with the extension .RYK. Is there any hope of getting these files back?

    Reply
  97. Ana

    Hola mis archivos se infectaron y se agregó una extension refols.
    Existe alguna herramienta que puede salvarlos?
    gracias

    Reply
  98. Elio

    I was infected on Apr. 4, 2019. The encrypted files end with the extension .refols. Is there any hope of getting these files back?

    Reply
    1. Raghda

      Me too

      Reply
  99. Atif Mahmood

    Hello sir,

    my files got .grovas extension. I tried some data recovery software but these softwares recover encrypted files instead of recovering original files.
    Please help.
    Thanks

    Reply
  100. Daud

    Please Help me

    My computer also infected by ransomeware and most of the files extensions are renamed as .[.tronas ] are there any ways to decrypt them? Million thanks.

    ATTENTION!

    Don’t worry my friend, you can return all your files!
    All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
    The only method of recovering files is to purchase decrypt tool and unique key for you.
    This software will decrypt all your encrypted files.
    What guarantees you have?
    You can send one of your encrypted file from your PC and we decrypt it for free.
    But we can decrypt only 1 file for free. File must not contain valuable information.
    You can get and look video overview decrypt tool:
    https://we.tl/t-hK4tAv2Ed9
    Price of private key and decrypt software is $980.
    Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
    Please note that you’ll never restore your data without payment.
    Check your e-mail “Spam” folder if you don’t get answer more than 6 hours.

    To get this software you need write on our e-mail:
    [email protected]

    Reserve e-mail address to contact us:
    [email protected]

    Your personal ID:
    056dhfgrtycbnalgAGsHWxzelVxa0mbMD7wO0Q0b160JGHBy0OlE6ja

    Reply
  101. MUNIR

    The encrypted files end with the extension .gjlxe. Is there any hope of getting these files back?

    Reply
  102. Darryn Reeds

    Anyone know what this one is – Only hit one netword hard drive used for downloading and storing media:
    What happened to your files ?
    All of your files were protected by a strong encryption with AES cbc-128 using NamPoHyu Virus.

    What does this mean ?
    This means that the structure and data within your files have been irrevocably changed,
    you will not be able to work with them, read them or see them,
    it is the same thing as losing them forever, but with our help, you can restore them.

    Reply
    1. Milena Dimitrova

      Hi Darryn,

      Can you send us further details about your infection? Please contact us via email – support [at] sensorstechforum.com. Thank you!

      Reply
  103. Darryn Reeds

    Hi Milena – I’ve sent detail in an email.

    Reply
    1. Milena Dimitrova

      Thank you! We will review your problem!

      Reply
  104. Luis

    Good afternoon, I have been attacked by a virus called “nampohyu” and I can not see or edit my files, any tool for disinfection?
    Thank you

    Reply
    1. Milena Dimitrova

      Hi Luis, here is more information about the ransomware:

      https://sensorstechforum.com/remove-nampohyu-virus/

      Reply
  105. Atif Mahmood

    please help me too….. my comment is above

    Reply
  106. martin

    good afternoon, got files infected with “.kaedsgbr”
    does anyone know how to recover this?
    Thanks

    Reply
  107. martin

    The grandcrab v5.2 attacked my laptop and got the .KAEDSGBR extension in my files.
    Any idea how to recover them?
    Thanks

    Reply
  108. Farras G

    Hello, My PC Effected By .browec Exctension , anyone please help me

    Reply
    1. Milena Dimitrova

      Hi Farras,

      You have been infected by a new variant of STOP ransomware. We are working on an article, so stay tuned.

      Reply
      1. Milena Dimitrova

        Hi again,
        Here’s the promised article: https://sensorstechforum.com/browec-files-virus-remove/

        Reply
  109. Feguino

    Hi, all of my hard drives got encrypted by gancrab 5.2 and I have tried many things and seen lot of tutorials to get my files decrypted but it wasn’t possible. If someone knows a way, please let me know.

    Reply
  110. John

    Hi guys. I desperately need help. My computer files are locked by ransomware. Filename now changed to .id-5D33294E.[[email protected]]. Any help is greatly appreciated. Many thanks.

    Reply
  111. ivu

    guys any solution for .norvas extension?
    STOP (Djvu)

    any decrypt software available? please i need help

    Reply
  112. Wira

    Hi Milena,
    My laptop just got Grancrab v5.2

    here’s what TXT says :

    —= GANDCRAB V5.2 =—

    ***********************UNDER NO CIRCUMSTANCES DO NOT DELETE THIS FILE, UNTIL ALL YOUR DATA IS RECOVERED***********************

    *****FAILING TO DO SO, WILL RESULT IN YOUR SYSTEM CORRUPTION, IF THERE ARE DECRYPTION ERRORS*****

    Attention!

    All your files, documents, photos, databases and other important files are encrypted and have the extension: .GKONVWPZSS

    The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files.

    The server with your key is in a closed network TOR. You can get there by the following ways:

    —————————————————————————————-

    | 0. Download Tor browser – https://www.torproject.org/

    | 1. Install Tor browser
    | 2. Open Tor Browser
    | 3. Open link in TOR browser: http://gandcrabmfe6mnef.onion/3a3b3d4da4ed05fe
    | 4. Follow the instructions on this page

    —————————————————————————————-

    On our page you will see instructions on payment and get the opportunity to decrypt 1 file for free.

    ATTENTION!

    IN ORDER TO PREVENT DATA DAMAGE:

    * DO NOT MODIFY ENCRYPTED FILES
    * DO NOT CHANGE DATA BELOW

    —BEGIN GANDCRAB KEY—
    lAQAAAZ0eV0htBBzATPZz/UKOECfCBqXFPicOdyBgxWQ7EFZEEls+UHMTebpH30xUKQSitaF5Hm24p9iKLE1bHeYXD0Q9WZ8HIwaAK943NAUdflI7R6xs44vfh+lVL1YTFw+rL3l73juWi3hjN5BoeiAyWCfE4LPI6sot6DvyOrvy5BuRrECDi1l8J7FiBG4JNANP9qjw4CwrlF3+fazZrRdnns/gJWWwDMjZIunhnU52xv5hegC8sGkyUCW+Dmp/+33T2xZWBUL5j3gSeOiIaNxXq8aJUZH+ciy4XIz/evOv8YAEvDyXftIR7mCssRRnyAvIp5gDYXv0l9hqJGd+iHbGqkFcxXXDF5AE0g/KvVcaB66k4g8el4f/wVluMi7n1ZgcZSMOlBnN5elOrNssxOVtdbYEMqPrK837MVIRNgGSuRS2CQ01COUg68VCHEuSEvcb6/dCpUWX8DSkGgF5IFiUkXycIkRyaOQh9nMI+wlLI4KUa2eysNL7OkE4piQwx7VQO11MspiE3nYzZulO6dVh/0jHtS2qR+zH1qSPbD2PFKZiiAY9X9HRt2/QF+mjEof6tVW4aE4ewk3ndfs0nGx8quSP4Mwkh4Xe+GxQLl1q4Pg5mEm83H1R+4eZoW+mV7rL4knpWTAGk7rXY8BiWrZUOrdajl/T8hyqy/zd3M+WsNDssVrBzwEFbMMdPnoNeVtP5hCGlf3xmXvst824FjUktG09pJuNor4aXLBy8qB/dxdJfMfLR7vVRMK2C3yyVTUvQpC9JF+qLee8ZGc4WsCNooh44omwCbnFLPCcVP8eUKm5wPtzLpJNOhjZ/Q1+Uw6s/3Wgy6yhpBQRTduA+71NbnqIRVv0Oa687OVfJWOWymmFQj1AEi/PnZezS+DuWOdnPcZfe7U+cAARv8zcjqegobHKx9S8vtXfzAbTXuSZFA2IeJOxm76hpZfZD2qGhFLJSYuZcs2rqvVxFsrJEwhYin05x/K/jZN40S4McpkPutRmcTrlRBICMonJlXgDhP/onoZ6BD0Gyg4yd/R+2ggVtC6sqaxmJ+mvvw7eQP/tKIwkLAOSo+LPdEYRuF0Gs57KD7j08L6oLnwx4uAlVN4LfZj190psAUlesDUxQUlx4sVWTdFA/jeu19XBOfm+vvoijtK/6B1Yng4LKKVKeIYZOosxqk30tFW7kMj6bz3irXJfCNpCgL09aogDVuh82BsQhKlomg+Ck+AZp+ddzA4CndsOHspyZY0mPN0XtBuvguQn+Q5cQs15eF1kk98KF6Cww+QwA4gE0TPacqp+7E+9JYtc6pCy21OrGbqwTRkE0G4k37eMEXHS0OCXh+JoXLDK7jED8zFStuK4SQGwH87N7+mexjitvN8ZAXLvV2xWmYMyw25nPANv0zmgb8qWDLZSFjCBklHDsgfpQ6z+IuEOAe7d/yJ1UOhcoqHDOQ5w4MzE5TH9jrTvy0QNg9ygDj+e9hWsYXP0NXda7EcEJF8ZsE890x2qg+W3ivpODul3viCDWM12EZtc1VwS/mIkOeQoewtzvtmPnVFB3dE2vyWxcF1OLrnQjTc6+UCYyjlADEjfAyJbg1I2wX//dwNfNwWD4Y+snS45/AxVY7k8TXsPWHCz+Q4rQAHp+E8q9Vptrt8DJfSalzJX3qHZIBHmWvXg4H4JYhAuVpZPW8n1U2B5ldgla0Fh1TtU6Ve9ZkAN48iJGdisD1DXsyHk2u9WZjSWxDwFvTiIc1oKjKgm+TT6WG+VoNU+yCcyq3sbNUwJ1pHw7RIbuHF4VihOamGRia5PHoh4q68FDDejiMOxsRT8RwKrH7dXK6aDHzCtGSbISjlQ3ps+Hjeneq4Q5+LGQ3jyYqOgLGIEM55AeWdghjNTeaZEx7gfqSiUaqmqqv6bdHFJln19zMtgNzOF0xD1+ouvGnmtcLc4jw7wqoWz4B5VGB9i6FudGNskiwHowznJmJ+Y9uRI+XXx7g1zH+bTqWvNssenT1LfRyMBogC3BInWimdOFAEDG1TEiNJ1ZIsmx5AKpt+YoPbeRYHDANd/ZomsxL01ZWHeSyO/gSYsLdnQNYPFmJ0Q6wEdb8p1TAWIY29mYRLYh1Fpq1KGG5IImmQwmfLVij+ZHjypiqkKPACPYwneu54jbdjmR4eQZ6Gsz9XtSKuQ6L1Sffgl947J2MD2u7YgJFpYeGHk5Br6tmwRieTCiog/sQ5oBbGbZvnx6E8voLii7P4BD0bC3V5QxQPSdeCTr8=
    —END GANDCRAB KEY—

    —BEGIN PC DATA—
    7ftDEgLb/ZS0lcmZbHM61LbJ5QOrD78K2A6MbtAgbXYAWLQC95+cYAdxPGD39NfJNZC3AvSVpuCmRVvIb3Q4Qz+a8bP6zo4STehtaoWXs6bpGMopS0ugInags8QTqn3soEgwXUJiM8FeiUr/tVKOWpBHJSOrMqL70iY+O9M3k2aL0KcRQ/oDEurBgtkSstyHBvUdIJN0TYNZA3s0F67PDOtF+yPcB5smbLF7Z+3MGN3xgF72rZ3EUwh72NxaWKMyroWv5y5HQHKtMJ6Bp1C3eiyo81q/nNiZsF8GSUzO8zB1mOD75oCzGAcpOKjwRTcVLPea0xhSBSCXtLmJKdAJBnBq/8Y6R7W3ZbHMmdGR2kfVP8/ypPMxLODjVKORrwJWw+YFTyjJqvbBL1l0uveLSzuzh6AsoTfFqJ2FPDSx6ihDudroK1oI6iCVzemgqBFvYbwKrt8yoS8F1f6lXzmN7tp4DOxOgUCwX0ytb+Yf1txSLW2jqLjSwFri8TPXKP2ggo2XWKT+5gkLvCyiiYFfEvhEtSMwANrhxdQRIEb1UEGbyfSMGJ0C1n0/geR7exoErHT3CuvrYtdAPEKVL8osLq4b8wmecCyV+bDAEdKsHrTanImaZUIqb5k071HAc27S0qJYDEjFjIHSqFZwrkaoxPjGmnU6m9nKYvNqEp2dXpj6zgRfRbpC71g26F/SdD18r5KgQFNjrF16ypzwu1zyuq1BFw4LyXBuRcYDGHRsVuB+uynqR6e5apBMsXUeDWYYGsT7LbfUl3+JaP8eZ93ZiFR7QdqtfCI97N3TxLxJiupehd92IUk9zqkkSMLGe/yYdD1dwIDWoDmEJPWnvefCKwjvjydFnNFS+UC8uMJ2OEuUY4im4bC4pFh1PKMdocIIMVHNSiuljM5atLVUtveokNxYVn1oo84bQY8icmg97wv6B922CjhdeBucwZMdVSGaL80KTREDeZesAqtbG6ipmfSgPyWMYwOJrrF9NPJ0rIe6Pg==
    —END PC DATA—

    Any chance how to decrypt my files? i just lucky it happen quick but i saw it and disconnect the internet and remove it using loaris trojan remover. so it’s only effecting some folders not all.
    Please let us know what should we do to decrypt the files back to normal.

    Thanks a lot Milena !
    Greetings from Indonesia

    Wira

    Reply
  113. Kit

    ANY SOLUTION FOR THE FILE *.NORVAS” AND “.ETOLS” Extension?

    I’m really in trouble..
    ————————————–
    No key for ID: a6O73oLJl0WDKZZiiIi16sXgsZpPrZGnunxnaffu (.norvas )
    No key for ID: a6O73oLJl0WDKZZiiIi16sXgsZpPrZGnunxnaffu (.txt )
    No key for ID: a6O73oLJl0WDKZZiiIi16sXgsZpPrZGnunxnaffu (.pdf )
    No key for ID: a6O73oLJl0WDKZZiiIi16sXgsZpPrZGnunxnaffu (.xlsx )
    No key for ID: a6O73oLJl0WDKZZiiIi16sXgsZpPrZGnunxnaffu (.xls )
    No key for ID: a6O73oLJl0WDKZZiiIi16sXgsZpPrZGnunxnaffu (.jpg )
    No key for ID: a6O73oLJl0WDKZZiiIi16sXgsZpPrZGnunxnaffu (.docx )
    No key for ID: a6O73oLJl0WDKZZiiIi16sXgsZpPrZGnunxnaffu (.doc )
    No key for ID: a6O73oLJl0WDKZZiiIi16sXgsZpPrZGnunxnaffu (.zip )
    No key for ID: a6O73oLJl0WDKZZiiIi16sXgsZpPrZGnunxnaffu (.ttf )
    No key for ID: a6O73oLJl0WDKZZiiIi16sXgsZpPrZGnunxnaffu (.ppsx )
    No key for ID: a6O73oLJl0WDKZZiiIi16sXgsZpPrZGnunxnaffu (.MP4 )
    No key for ID: a6O73oLJl0WDKZZiiIi16sXgsZpPrZGnunxnaffu (.pptx )
    Unidentified ID: a6O73oLJl0WDKZZiiIi16sXgsZpPrZGnunxnaffu (.norvas )
    Unidentified ID: a6O73oLJl0WDKZZiiIi16sXgsZpPrZGnunxnaffu (.txt )
    Unidentified ID: a6O73oLJl0WDKZZiiIi16sXgsZpPrZGnunxnaffu (.pdf )
    Unidentified ID: a6O73oLJl0WDKZZiiIi16sXgsZpPrZGnunxnaffu (.xlsx )
    Unidentified ID: a6O73oLJl0WDKZZiiIi16sXgsZpPrZGnunxnaffu (.xls )
    Unidentified ID: a6O73oLJl0WDKZZiiIi16sXgsZpPrZGnunxnaffu (.jpg )
    Unidentified ID: a6O73oLJl0WDKZZiiIi16sXgsZpPrZGnunxnaffu (.docx )
    Unidentified ID: a6O73oLJl0WDKZZiiIi16sXgsZpPrZGnunxnaffu (.doc )
    Unidentified ID: a6O73oLJl0WDKZZiiIi16sXgsZpPrZGnunxnaffu (.zip )
    Unidentified ID: a6O73oLJl0WDKZZiiIi16sXgsZpPrZGnunxnaffu (.ttf )
    Unidentified ID: a6O73oLJl0WDKZZiiIi16sXgsZpPrZGnunxnaffu (.ppsx )
    Unidentified ID: a6O73oLJl0WDKZZiiIi16sXgsZpPrZGnunxnaffu (.MP4 )
    Unidentified ID: a6O73oLJl0WDKZZiiIi16sXgsZpPrZGnunxnaffu (.pptx )
    MAC: 14:2D:27:26:13:F7
    MAC: 00:00:00:00:00:00:00:E0
    Decrypted 5 files, skipped 2987

    Reply
  114. nabeel

    i have all my file extension with .verasto !!! i installed a clean copy of windows in C: but my other separate drive that i have kept for back is all still infected i want to clear that ” .verasto ‘ extension that is show up any solution?

    Reply
  115. dhs

    same with me..need help

    Reply
  116. dhs

    I need help to overcome the virus. norvas, does anyone have a solution?

    Reply
  117. Ari

    Can some body help me with this extention .guesswho to decrypt my file, Thank You

    Reply
    1. Milena Dimitrova

      Hi Ari,

      Can you give us more details about your infection? You can send us more information on support [at] sensorstechforum.com.

      Reply
      1. Ari

        all my file become extention .guesswho

        xample my file :
        HFKO2QUQAS.guesswho

        this information :
        Hello, dear friend!
        All your files have been ENCRYPTED
        Do you really want to restore your files?
        Write to our email – [email protected] or [email protected]
        and tell us your unique ID – ID-94PB343W

        Reply
        1. Ari

          this link xample my file extention .guesswho
          https://drive.google.com/file/d/1ZtvTX6MmOVjBaqDA_Ou1EQjIStEvqlrD/view

          thank you..

          Reply
          1. Milena Dimitrova

            Hi Ari,

            Unfortunately, this appears to be a new ransomware, not much is known so far.
            What have you done so far with your infection?

          2. Milena Dimitrova

            Hey Ari, we created this article https://sensorstechforum.com/remove-guesswho-files-virus/ which will be updated with more details. In the meantime, you can remove the ransomware using an anti-malware program but first make sure to back up your encrypted files.

          3. Ari

            Hi Dimitrova,
            thank you for your respons, i am very confused because my server backup infected too, now i am start fron zero data..but my encrypted file still keep it.

          4. Milena Dimitrova

            Hi Ari,
            Do you have an idea what started the infection? Where did you get the ransomware from?

  118. Juan Vargas

    My files were infected with verasto ransonware. Is there a solution to recover? Any decrypt software? Thnks

    Reply
    1. Milena Dimitrova

      Hi Juan,
      This appears to be a new version of STOP ransomware. You can learn more about it here: https://sensorstechforum.com/remove-verasto-files-virus/

      Reply
  119. Ari

    Hi Dimitrova,
    thank you for your respons, i am very confused because my server backup infected too, now i am start fron zero data..but my encrypted file still keep it.

    Reply
  120. takewa

    Hi, I have been infected with morsea virus on the whole machine and leave me a message if you want to return my files sent a sum of money
    What should I do

    Reply
  121. Mark Anthony Pelegrin

    My files were decrypted by kiranos virus or i believe STOP ransomware. I cannot open it anymore. I tried removing the double extension but to no avail.

    Ex. wordfiles.docx.kiratos to wordfile.docx.

    Please need your help. Important family files to be retrieved.

    Thank you for your immediate response.

    Reply
  122. frizol

    Please help. All my files have been infected with ransomware and all of it has an extension name .TODARIUS

    Reply
  123. Agung

    my computer was infected by a ransomwire named VERASTO. The virus left almost my data & applications (doc, xls, pictures (pdf, cdr), music, executable) encrypted and the file extension changed to VERASTO. So far I failed find the way to decrypt the encrypted files.

    Reply
  124. Antonio Cardoza

    Hi, My files been infected with file extension n064h.

    Reply
  125. JUDY

    Hola mi pc fue infectada y toda mi.información fue encriptada. En todos los archivos me sale la extensión HOFOS. Como recupero . Alguien q pueda ayudarme por favor.

    Reply
  126. Eni

    My files got infected with Phoenix ransomware, all documents encrypted. Any solution please, or a decrypter software?

    Reply
    1. Milena Dimitrova

      Hi Eni,

      Is this the ransomware that attacked you? https://sensorstechforum.com/phoenix-files-virus-remove/

      Reply
      1. Eni

        Hello Milena,
        Thank you, yes it is: .id[4A792664-0001].[[email protected]].phoenix

        Albeit, I am yet to find decryptors seen above that specifically decrpyts .phoenix encrypted files.

        Please assist further. Thanks again.

        Reply
  127. Ahmed

    Any help about .Fordan ?

    Reply
    1. Milena Dimitrova

      Hi Ahmed,
      Unfortunately there is no decrypter for the latest version of STOP ransomware (.fordan).

      Reply
  128. terry

    hi is there any decryptor for a ransomeware .fordan

    Reply
    1. Milena Dimitrova

      Hi Terry,
      Unfortunately there is no decrypter for the latest version of STOP ransomware (.fordan).

      Reply
  129. Cristiano

    Hello!
    All my files have the extension .fordan….Not working…..It’s a ransomware….Is there any decryptor ?

    Reply
  130. Kamran

    Hello Milena,
    Thank you, yes it is: .id-721A22A5.[[email protected]]
    I am yet to find decryptors seen above that specifically decrpyts encrypted files.
    Please assist further. Thanks.

    Reply
  131. Admir

    Hello, any decryptors for .bufas extension. It seems it has been online just recently and spreads fast. Thanks.

    Reply
  132. Tanveer

    hi .. I got my files attacked with .fordan… ransomware ..I wonder if someone can help me

    Reply
  133. John Garcia M:

    Hola.. Mi pc se infecto con un ransomware que deja todos mis archivos con una terminación .forasom me puedes ayudar? Muchas gracias

    Reply
  134. zeeshan

    My pc attacked with .bufas virus extension , if anyone know the solution how to decrypt them , please help me

    Reply
  135. Vibhanshu

    My files got attacked by .dotmap ransomware.Please help me anyone to get rid of this…

    Reply
  136. James

    my files are decrypted and the extension is .hclqephnq
    how can i decrypt them ?
    please help i am desperate………..

    Reply
  137. Xaris

    My external hardrive got infected by ransomware virus and all my files got .radman extension in the filename and they doesn’t work anymore… please help me resolve this issue.. most article that i have read are for pc and laptops.. how about external hardrives or usb?..please please please help

    Reply
  138. Mikhail

    my files are decrypted and the extension is .locked, .locked2, .locked3
    But if rename files – totalcomander asks for a password
    files 7zAES:19
    how can i decrypt them ?
    please help

    Reply
  139. Miklos Alin

    Hello,

    Can you help me?
    The extension of all my files were changed into .i1n7y95pm6
    How can I have the files back?

    Thank you for your help.
    Best regards,
    Alin

    Reply
    1. Milena Dimitrova

      Hi Alin, can you give us more details about your infection?

      Reply
  140. allen

    my files were infected and changed to .uvwfn and .roaqonoe can you help me with this?

    Reply
  141. Hallder Hans Ramos Martel

    Hola Milena Dimitrova, mi computador se acaba de infectar con el ransomware con la extensión .DOTMAP, por favor me podrías ayudar, necesito esa información que esta infectada, te lo agradecería mucho

    Reply
  142. Miklos Alin

    Hello,

    7 days ago my computer got infected.
    It started with the files from Dropbox and then everything what was saved on my hard drive.
    The files were encrypted in each folder, I have all files with extension “.i1n7y95pm6”, a text file and a file with extension “.lock”.
    It asks me to follow a link and to pay to have them back. It also says that i need the i1n7y95pm6-decryptor app, they can provide if I pay the fee.
    Sadly, beeing a photographer, all my photos from last wedding were affected, so I’m screwd up.
    Please help, if possible.

    Thank you.
    Best regards,
    Alin Miklos

    Reply
  143. Kevin

    My files are encrypted with extension of .a0cb

    Anyone able to help?

    Reply
    1. Milena Dimitrova

      Hi Kevin,

      You can refer to our support chat on this page: https://sensorstechforum.com/spyhunter-download-and-install-instructions/?nr=1
      Our experts may be able to assist you.

      Reply
  144. Ciella

    My files are encrypted with extension of .DOCM

    Please help me.

    Thank you.

    Reply
    1. Milena Dimitrova

      Hi Ciella,

      More information about the ransomware: https://sensorstechforum.com/docm-ransomware-remove/

      Reply
      1. iwan

        how to decrypt ransomeware .BLOWER

        Reply
  145. nabin

    Hey Guys what’s up ? my backup drive infected by a . REZUC Ransome virous. I tried to recover the infected files by POWER DATA RECOVERY and Steller PHONIX WINDOWS DATA RECOVERY but not working. these two software recover the file but same as a infected one with same name. (infected file name. jpeg.rezuc)

    is there any Solution for this problem? please help me

    Reply
    1. Niyal Nagar

      Hello, friend
      my data is also infected from the same extension .REZUC
      Please tell the solution if you got.
      I will inform you if i got something.
      [email protected]

      Reply
  146. jhoswal

    ! YOUR FILES ARE ENCRYPTED !!!

    All your files, documents, photos, databases and other important
    files are encrypted.

    You are not able to decrypt it by yourself! The only method
    of recovering files is to purchase an unique private key.
    Only we can give you this key and only we can recover your files.

    To be sure we have the decryptor and it works you can send an
    email [email protected] / [email protected] and decrypt one
    file for free. But this file should be of not valuable!

    Do you really want to restore your files?
    Write to email:
    [email protected]
    [email protected]

    Your personal ID: C596F821-01E7-AE6C-9025-74F883BF38C8

    Attention!
    * Do not rename encrypted files.
    * Do not try to decrypt your data using third party software,
    it may cause permanent data loss.
    * Decryption of your files with the help of third parties may
    cause increased price (they add their fee to our) or you can
    become a victim of a scam.

    Reply
    1. Milena Dimitrova

      Hi jhoswal,

      Can you tell us what file extension is appended to your files?

      Reply
  147. Geet

    In my PC all files are encrypted by .boston file extension and it shows this message everywhere:
    ATTENTION!

    Don’t worry, you can return all your files!
    All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
    The only method of recovering files is to purchase decrypt tool and unique key for you.
    This software will decrypt all your encrypted files.
    What guarantees you have?
    You can send one of your encrypted file from your PC and we decrypt it for free.
    But we can decrypt only 1 file for free. File must not contain valuable information.
    You can get and look video overview decrypt tool:
    https://we.tl/t-BTtULebL7F
    Price of private key and decrypt software is $980.
    Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
    Please note that you’ll never restore your data without payment.
    Check your e-mail “Spam” or “Junk” folder if you don’t get answer more than 6 hours.

    To get this software you need write on our e-mail:
    [email protected]

    Reserve e-mail address to contact us:
    [email protected]

    Our Telegram account:
    @datarestore

    Your personal ID:
    099nHgSrtddgsDC8wRtYGBcyY3EID5WKqCqXmHWXfRi1IuCpGaki3

    Reply
  148. savan virani

    Sir my files are infected with .pidon extension. I have tried Stop Decrypter but no luck.When do you think that the decrypter will be available.

    Reply
    1. shafiq

      My files have also being infected by .pidon extension. Please help to decrypt it.

      Reply
  149. Dino Bribe

    hay, My files are encrypted with extension of .Truke
    do you have any idea how to get my file back ???
    thanks

    Reply
  150. Jose Olivera

    Hi Milena Dimitrova,

    I see you are trying to help a lot of us with similar problems, the file extensions that are appended to our files. I see a lot of common extensions but have not found the one that infected my PC. Can you help me? The extension is .HBTOSE

    Warm Regards

    Reply
    1. Milena Dimitrova

      Hi Jose,

      Can you please send us more information? What does the ransom note say? You can send us an email at support [at] sensorstechforum.com.

      Reply
  151. King

    Hi Team, can anyone help. files encrypted with .nusar extension.

    Ransom note:

    ATTENTION!

    Don’t worry, you can return all your files!
    All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
    The only method of recovering files is to purchase decrypt tool and unique key for you.
    This software will decrypt all your encrypted files.
    What guarantees you have?
    You can send one of your encrypted file from your PC and we decrypt it for free.
    But we can decrypt only 1 file for free. File must not contain valuable information.
    You can get and look video overview decrypt tool:
    https://we.tl/t-26O6Irjllx
    Price of private key and decrypt software is $980.
    Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
    Please note that you’ll never restore your data without payment.
    Check your e-mail “Spam” or “Junk” folder if you don’t get answer more than 6 hours.

    To get this software you need write on our e-mail:
    [email protected]

    Reserve e-mail address to contact us:
    [email protected]

    Our Telegram account:
    @datarestore

    Your personal ID:
    108bTddSKjtqXoxZBYibA1m4sRgLU28MuDKhXF3Gru7Uy0IKrP

    Reply
    1. Milena Dimitrova

      Hi King,

      Currently, there is no decrypter for .nusar files. You can try alternative data recovery methods listed in the article but unfortunately there is no guarantee they will work. Our advice is to be patient and wait for an official decrypter.

      Reply
      1. King

        Hey thank you for responding Milena. Its very much appreciated. Hopefully i wont have to wait too long for a decrypter.

        Thanks again

        Reply
  152. Jaja Azeez

    Hello,

    Can anybody help me?
    The extension of all my files were changed into .qbfubc
    How can I have the files back?

    Thank you for your help.
    Best regards,
    Jaja

    Reply
    1. Jaja Azeez

      My pc was infected since December 24th 2018, but i was never switch on my pc since that. I thought it will be remove itself when i do not open for a long time, but it still have. So, i really need help on this.

      Reply
    2. Milena Dimitrova

      Hi Jaja,

      I believe you’re infected by GandCrab ransomware. Can you tell us what is written in the ransom note? There are a few other ransomware that use similar random extensions and we need more information to confirm.

      Reply
  153. Aditya T

    My whole system got infected through ransomware and each and every file get extension .lotep . How shall I get back my files in original file formats ?
    Help me Pleaseeeeeeeeeee

    Reply
  154. mahmoud

    my lap infected with ransomware and each and every file get extension herad
    how to recover my data
    plz

    Reply
    1. Aniket

      hii mahmoud,
      Try STOP decryptor it might be helpful to decrypt your files which are encrypted with offline key.

      Reply
  155. Aniket

    my laptop got attacked with new ransomware and they are asking for money

    Reply
  156. Aniket

    my laptop got attacked with new ransomware and they are asking for money what to do
    with .berosuce extension

    Reply
    1. Milena Dimitrova

      Hi Aniket,

      You’ve been affected by the latest strain of STOP ransomware. We’re currently working on an article with more details.

      Reply
  157. Aniket

    Thanks Mam for replying,
    My files are decrypted now.

    Reply

Leave a Reply to Akila Cancel reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Stay tuned
Subscribe for our newsletter regarding the latest cybersecurity and tech-related news.