All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 19 posts ] 
Author Message
 Post subject: Repair file
PostPosted: August 28th, 2018, 16:07 
Offline
User avatar

Joined: October 14th, 2005, 9:26
Posts: 1029
Helo!!

Please help!

Repair one file is [buydecrypt@qq.com].bip

??

_________________
Нет ничего невозможного


Top
 Profile  
 
 Post subject: Re: Repair file
PostPosted: August 28th, 2018, 16:24 
Offline

Joined: December 6th, 2012, 8:49
Posts: 290
Location: españa
Unfortunately, the encryption of the new variants of Dharma ransomware ([buydecrypt@qq.com].bip) is currently completely secure and can only be decrypted using the RSA private keys of the criminals.


Top
 Profile  
 
 Post subject: Re: Repair file
PostPosted: August 30th, 2018, 9:06 
Offline
User avatar

Joined: October 14th, 2005, 9:26
Posts: 1029
Ok thanks reply!

I am view file in editor hexa.

_________________
Нет ничего невозможного


Top
 Profile  
 
 Post subject: Re: Repair file
PostPosted: August 30th, 2018, 9:06 
Offline
User avatar

Joined: October 14th, 2005, 9:26
Posts: 1029
Ok thanks reply!

I am view file in editor hexa.

_________________
Нет ничего невозможного


Top
 Profile  
 
 Post subject: Re: Repair file
PostPosted: August 30th, 2018, 11:11 
Offline

Joined: December 16th, 2015, 12:37
Posts: 94
Location: GCC
Hi, if your files are important and your client will pay for the Data we can help

regards


Top
 Profile  
 
 Post subject: Re: Repair file
PostPosted: August 30th, 2018, 13:08 
Offline
User avatar

Joined: January 29th, 2009, 11:23
Posts: 248
Location: SXSW
H13 wrote:
Hi, if your files are important and your client will pay for the Data we can help

regards



Just wondering how? Do you have a solution for this variant?


Top
 Profile  
 
 Post subject: Re: Repair file
PostPosted: August 30th, 2018, 13:16 
Offline

Joined: November 29th, 2006, 10:08
Posts: 7843
Location: UK
hdd_sand wrote:
H13 wrote:
Hi, if your files are important and your client will pay for the Data we can help

regards



Just wondering how? Do you have a solution for this variant?


Contact the crooks and pay the ransom :evil:

_________________
PC Image Data Recovery
http://www.pcimage.co.uk

New!! HDD-PCB.COM for all your PCB and donor HDD requirements!


Top
 Profile  
 
 Post subject: Re: Repair file
PostPosted: August 30th, 2018, 13:30 
Offline

Joined: December 16th, 2015, 12:37
Posts: 94
Location: GCC
pcimage wrote:
hdd_sand wrote:
H13 wrote:
Hi, if your files are important and your client will pay for the Data we can help

regards



Just wondering how? Do you have a solution for this variant?


Contact the crooks and pay the ransom :evil:



Do you think they are pay the ransom ?
http://www.rm-ransomwarerecovery.com/


Top
 Profile  
 
 Post subject: Re: Repair file
PostPosted: August 30th, 2018, 13:35 
Offline

Joined: December 16th, 2015, 12:37
Posts: 94
Location: GCC
hdd_sand wrote:
H13 wrote:
Hi, if your files are important and your client will pay for the Data we can help

regards



Just wondering how? Do you have a solution for this variant?


3200$ if the client need the Data

i just resale the the service

Regards


Top
 Profile  
 
 Post subject: Re: Repair file
PostPosted: August 30th, 2018, 13:40 
Offline
User avatar

Joined: October 14th, 2005, 9:26
Posts: 1029
Hi!

Thanks reply!

They pay for the hackers! Only that!

_________________
Нет ничего невозможного


Top
 Profile  
 
 Post subject: Re: Repair file
PostPosted: August 30th, 2018, 16:30 
Offline

Joined: November 29th, 2006, 10:08
Posts: 7843
Location: UK
H13 wrote:
pcimage wrote:
hdd_sand wrote:
H13 wrote:
Hi, if your files are important and your client will pay for the Data we can help

regards



Just wondering how? Do you have a solution for this variant?


Contact the crooks and pay the ransom :evil:



Do you think they are pay the ransom ?
http://www.rm-ransomwarerecovery.com/


From what I’ve been told by clients, yes I think they do.

I have no evidence to the contrary.

_________________
PC Image Data Recovery
http://www.pcimage.co.uk

New!! HDD-PCB.COM for all your PCB and donor HDD requirements!


Top
 Profile  
 
 Post subject: Re: Repair file
PostPosted: August 31st, 2018, 1:33 
Offline
User avatar

Joined: January 28th, 2009, 10:54
Posts: 3452
Location: Greece
It looks like the developers of Dharma have been active in comms with lots of people offering discounts to resellers.

We have been REing Ransomware strains since their very beginning and we have decrypted hundreds of cases, sometimes with homebrewed tools. And we've been contacted 3 times already by different people, offering us solution for Dharma, for a fee little smaller than the crooks' ransom.
Of course we have reported them to the police.

Listen, Dharma always has been a very well coded and very sophisticated strain.
IT HAS NO WEAKNESSES.
If someone is offering decryption services for Dharma, he's either in contact with the crooks and has a discounted flat price (and pockets the difference), or he is the developer himself and has the master key.
Period.

_________________
http://www.northwind.gr
SandForce SSD Recovery
Ransomware Reverse Engineering - NoMoreRansom! partners


Top
 Profile  
 
 Post subject: Re: Repair file
PostPosted: August 31st, 2018, 3:42 
Offline

Joined: November 29th, 2006, 10:08
Posts: 7843
Location: UK
northwind wrote:
It looks like the developers of Dharma have been active in comms with lots of people offering discounts to resellers.

We have been REing Ransomware strains since their very beginning and we have decrypted hundreds of cases, sometimes with homebrewed tools. And we've been contacted 3 times already by different people, offering us solution for Dharma, for a fee little smaller than the crooks' ransom.
Of course we have reported them to the police.

Listen, Dharma always has been a very well coded and very sophisticated strain.
IT HAS NO WEAKNESSES.
If someone is offering decryption services for Dharma, he's either in contact with the crooks and has a discounted flat price (and pockets the difference), or he is the developer himself and has the master key.
Period.


Now, that does make perfect sense. Explains a lot!

_________________
PC Image Data Recovery
http://www.pcimage.co.uk

New!! HDD-PCB.COM for all your PCB and donor HDD requirements!


Top
 Profile  
 
 Post subject: Re: Repair file
PostPosted: August 31st, 2018, 8:09 
Offline

Joined: December 6th, 2012, 8:49
Posts: 290
Location: españa
northwind wrote:
If someone is offering decryption services for Dharma, he's either in contact with the crooks and has a discounted flat price (and pockets the difference), or he is the developer himself and has the master key.
Period.

+1


Top
 Profile  
 
 Post subject: Re: Repair file
PostPosted: September 4th, 2018, 3:10 
Offline
User avatar

Joined: January 28th, 2009, 10:54
Posts: 3452
Location: Greece
As a matter of fact...
This is #4.


Attachments:
Capturece1.jpg
Capturece1.jpg [ 68.11 KiB | Viewed 9886 times ]

_________________
http://www.northwind.gr
SandForce SSD Recovery
Ransomware Reverse Engineering - NoMoreRansom! partners
Top
 Profile  
 
 Post subject: Re: Repair file
PostPosted: September 4th, 2018, 4:13 
Offline
User avatar

Joined: January 28th, 2009, 10:54
Posts: 3452
Location: Greece
and it gets better.


Attachments:
Καταγραφή9.JPG
Καταγραφή9.JPG [ 92.05 KiB | Viewed 9872 times ]

_________________
http://www.northwind.gr
SandForce SSD Recovery
Ransomware Reverse Engineering - NoMoreRansom! partners
Top
 Profile  
 
 Post subject: Re: Repair file
PostPosted: September 4th, 2018, 4:23 
Offline
User avatar

Joined: January 28th, 2009, 10:54
Posts: 3452
Location: Greece
...and better...


Attachments:
Καταγραφή10.JPG
Καταγραφή10.JPG [ 105.2 KiB | Viewed 9871 times ]

_________________
http://www.northwind.gr
SandForce SSD Recovery
Ransomware Reverse Engineering - NoMoreRansom! partners
Top
 Profile  
 
 Post subject: Re: Repair file
PostPosted: September 4th, 2018, 13:34 
Offline

Joined: November 29th, 2006, 10:08
Posts: 7843
Location: UK
northwind wrote:
As a matter of fact...
This is #4.


I got this email too!

_________________
PC Image Data Recovery
http://www.pcimage.co.uk

New!! HDD-PCB.COM for all your PCB and donor HDD requirements!


Top
 Profile  
 
 Post subject: Re: Repair file
PostPosted: September 13th, 2018, 12:09 
Offline
User avatar

Joined: December 24th, 2007, 16:08
Posts: 1420
Location: EUROPE
Guys, what you think


Code:
Good day,

i have a recovery solution for New Dharma Ransomware (arrow, java, cesar, arena, bip, combo or cmb extensions), if you have any case please send me 3-4 sample files to analysis, thanks in advance.


send 4 files and he decripit it, payment is in " x.xxx USD "

THe conversion was like this:

ME -> how this works ?


are you asking decryption procedure ?


ME -> yes payment and procedures ?


payment in advance

afterthat i will need to connect your infected computer two times, firstly to run a tool (scan and decryptor software) to collect public keys which are required to create your private key that can decrypt all your files (VERY IMPORTANT: DURING SCAN FOR PUBLIC KEYS ALL ENCRYPTED FILES CAN BE IN THAT COMPUTER, OTHERWISE WE MAY NOT ABLE TO DECRYPT ALL YOUR FILES !!!), few hours later from this action i will connect your computer again to perform fully decryption with Private Key, decyption can take few hours depending on total size of your encrypted files.



ME -> why do you need the key if you have decrypted the samples ?


public keys are required for complete and healthy decryption



ME -> how could you decrypt the samples ?



pls do not ask me more quesitons
i m very busy
if you need my service
just let me know

_________________
ZeBong
" что случилось в России - останется в России "
" Россия еще раз"


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 19 posts ] 

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 92 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group