Link to home
Start Free TrialLog in
Avatar of Vladimir Yastrebov
Vladimir Yastrebov

asked on

I’ve been crypted by version 1.5.1.0 doubleoffset

Hi all. I’ve been crypted by version 1.5.1.0 doubleoffset and I have a files (original and crypted) to help you create new version of decryptor. Crypted and encrypted files in https://yadi.sk/d/zI2_aUhN3apCJF 
I ask you to help me in decrypting the files.
Avatar of John
John
Flag of Canada image

No chance. Just restore from your backup.
Avatar of Vladimir Yastrebov
Vladimir Yastrebov

ASKER

sorry but the backup does not exist
We should always keep backups. So if no backup, you need to start over. Sorry, but that is about the only option.
Avatar of btan
You can try idransomware to see if there is any chance of decryptor available.
https://id-ransomware.malwarehunterteam.com
Chances are slim and especially you have no backup to recover. Suggest you rebuild your machine otherwise reinfection may recur and also review your account and change password accordingly. Opt for 2fa.
No backup == No hope of decryption == Very bad day...

Just start over + be sure you keep backups.
Per the above.  Erase the drive completely using a full drive eraser such as Darik's Boot and Nuke, then reload Windows from scratch or from the manufacturer's restore DVD.  Without full erasure and reload you will never be able to trust that system fully ever again.

See also:  

https://www.nomoreransom.org/
I have another way.  I had one client that got encrypted and his online backup had not done it's job.  I emailed the ransomware dude and said it's my disabled grand mothers computer and it's just some pictures, she is on a limited budget.  They don't know what they have.  It was actually a dr.'s office.  So he came down to 1 bit coin, at the time it was 1200 smackers.  

So we did it, and ransomware guy actually did follow through and send the decryptor key.  It took like 3 days to decrypt, but all worked after that.  Funny thing, it took mere minutes to scramble the data but three days to un do the mess.  I have been through ransomware like 10 times, and each time I just restore the clients backup, this was the only time.  

Fun part is the client had to go buy bit coins, the minimum he could get was 5 so he did, then they went up and he sold the rest, he made like 20k on that.
Current feedback from the field indicates that the new standard is to not deliver the keys after payment.  In fact, there are some variants going around that claim the key entered is incorrect and "you must buy a new correct key."

I believe it is safe to say that the general consensus here on EE is that ransom should never be paid.
Dr. I heard that before he got his business back, I think that is what people say to not give in.  There would be no reason for them not to give in, they want to keep it going.  I agree, what they use with their money is bad, but when it's a choice between going out of business and paying, I think my client did the smart choice.
here is an article, city of Detroyt didn't pay randsomware but a TN Sherif did, and they were decripted.

https://www.csoonline.com/article/2850052/microsoft-subnet/ransomware-city-of-detroit-didnt-pay-tn-sheriffs-office-did-pay-to-decrypt.html
This question needs an answer!
Become an EE member today
7 DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.