No_more_ransom virus— the price of a new encryption virus, the continuation of a summative series of viruses, to the warehouse that includes better_call_saul and da_vinci_code. Like the previous version, this virus-vimagach expands on spam alerts. Leather from tsikh electronic lists to clean up the received file - archives, which have their own line to clean up the file that is being downloaded. For the sake of trying yoga, it is necessary to activate the virus. No_more_ransom virus encrypts files of various types (documents, images, databases, including 1C databases) on the victim's computer. After the encryption process is completed, all known files are found, and new files with strange names and extensions are added to the folders where the documents are saved. no_more_ransom. Krim tsgogo on the working table z'yavlyaєtsya podomlennya podіbne to the lower level:
No_more_ransom the virus is common among other researchers of different manifestations of earlier cipher suites. As the author declares to the virus, on the vіdminu vіd earlier versions, vikoristovuvali RSA-2048 encryption mode with a long key length of 2048 bits, no_more_ransom virus vіdrіvuє more strong encryption mode, with a greater longevity of the key (al RSA-3072 encryption algorithm).
No_more-ransom virus - a form of zv'yazku
When a computer is infected with the no_more_ransom ransomware virus, the program copies its body to the system folder and adds an entry to the Windows registry, ensuring that it starts automatically when the computer is booted. Once the virus starts, encrypt the files. The No_more_ransom encryptor gives a unique ID to the No_more_ransom infected skin computer, which the victim is guilty of sending the virus to the authors in order to retrieve their own decryption key. If so, the victim is liable to pay for the decryption.no_more_ransom files in a significant amount.
At the moment, there is no 100% really practical way to transfer encrypted files without cost. For this reason, we encourage you to cheat with cost-free programs, such as ShadowExplorer and PhotoRec to try to restore copies of encrypted files. At the same time, a decryption method appeared. no_more_ransom files, we quickly updated the instructions.
How no_more_ransom ransomware virus penetrates the computer
No_more_ransom virus is spreading by email. List of retrieval of attachments infecting document chi archives. Such sheets contain a majestic base with an electronic mail address. The authors of the virus vikoristovuyut headings and zmіst listіv, scho enter into Oman, smearing deception zmusiti koristuvachа vіdkriti attachments to the document sheet. Some of the sheets tell you about the need to pay for the rahunka, others show you to marvel at the fresh price list, and the third show a funny photograph. In any case, the result of opening the attached file will be the infection of the no_more_ransom computer with the encryption virus.
What is the encryption virus no_more_ransom
Virus encoder no_more_ransom - this is a continuation of the same encoders, to which a large number of other similar programs are included. This program attacks all modern versions of Windows operating systems, including Windows XP, Windows Vista, Windows 7, Windows 8, Windows 10. for self-decryption of files.
No_more_ransom encryptor virus can infect a computer during the next hour. For example C:\ProgramData\Windows, C:\Users\All Correspondence\Windows, C:\ProgramData\Csrss, C:\Users\All Correspondence\Csrss, C:\ProgramData\System32, C:\Users\All Correspondence\ system32. The csrss.exe file is created at the papacy, which is a copy of the virus file. Then the ransomware creates an entry in the Windows registry: in the HKCU\Software\Microsoft\Windows\CurrentVersion\Run distribution, the key is named Client Server Runtime Subsystem. Cym virus ensures the ability to continue encryption. yakscho koristuvach s for any reason, turning off the computer.
As soon as the virus is launched, it scans all available disks, including many and dark files, to designate files that will be encrypted. Encryptor virus no_more_ransom using a file name extension as a way to designate a group of files that will be encrypted. This version of the virus encrypts anonymous different types of files, including the following extensions:
3dm, .3ds, .sql, .mp4, .7z, .rar, .m4a, .wma, .avi, .wmv, .csv, .d3dbsp, .zip, .sie, .sum, .ibank, .t13, .t12, .qdf, .gdb, .tax, .pkpass, .bc6, .bc7, .bkp, .qic, .bkf, .sidn, .sidd, .mddata, .itl, .itdb, .icxs, .hvpl , .hplg, .hkdb, .mdbackup, .syncdb, .gho, .cas, .svg, .map, .wmo, .itm, .sb, .fos, .mov, .vdf, .ztmp, .sis, . sid, .ncf, .menu, .layout, .dmp, .blob, .esm, .vcf, .vtf, .dazip, .fpk, .mlx, .kf, .iwd, .vpk, .tor, .psk, .rim, .w3x, .fsh, .ntl, .arch00, .lvl, .snx, .cfr, .ff, .vpp_pc, .lrf, .m2, .mcmeta, .vfs0, .mpqge, .kdb, .db0 .dba, .rofl, .hkx, .bar, .upk, .das, .iwi, .litemod, .asset, .forge, .ltx, .bsa, .apk, .re4, .sav, .lbf, . slm, .bik, .epk, .rgss3a, .pak, .big, wallet, .wotreplay, .xxx, .desc, .py, .m3u, .flv, .js, .css, .rb, .png, . jpeg, .txt, .p7c, .p7b, .p12, .pfx, .pem, .crt, .cer, .der,. .raw, .raf, .orf, .nrw, .mrwref, .mef, .erf, .kdc, .dcr, .cr2, .crw, .bay, .sr2, .srf, .arw, .3fr, .dng , .jpe, .jpg, .cdr, .indd, .ai, .eps, .pdf, .pdd, .psd, .dbf, .mdf, .wb2, .rtf, .wpd, .dxg, .xf, . dwg, .pst, .accdb, .mdb, .pptm, .pptx, .ppt, .xlk, .xlsb, .xlsm, .xlsx, .xls, .wps, .docm, .docx, .doc, .odb, .odc, .odm, .odp, .ods, .odt, .wav, .wbc, .wbd, .wbk, .wbm, .wbmp, .wbz, .wcf, .wdb, .wdp, .webdoc, .webp , .wgz, .wire, .wm, .wma, .wmd, .wmf, .wmv, .wn, .wot, .wp, .wp4, .wp5, .wp6, .wp7, .wpa, .wpb, . wpd, .wpe, .wpg, .wpl, .wps, .wpt, .wpw, .wri, .ws, .wsc, .wsd, .wsh, .x, .x3d, .x3f, .xar, .xbdoc, .xbplate, .xdb, .xdl, .xld, .xlgc, .xll, .xls, .xlsm, .xlsx, .xmind, .xml, .xmmap, .xpm, .xwp, .xx, .xy3, .xyp .xyw, .y, .yal, .ybk, .yml, .ysp, .z, .z3d, .zabw, .zdb, .zdc, .zi, .zif, .zip, .zw
Once again, as a file of encryptions, it will take a new name and extension.no_more_ransom. Then I create a virus on all disks and create text documents with the names README.txt, README1.txt, README2.txt… on all disks, so that I can delete the instructions for decrypting encrypted files.
The no_more_ransom ransomware virus actively exploits the slandering tactic, showing it on the work table in front of it. Using this rite to confuse the victim, do not hesitate to send the computer ID to the author's e-mail address to the virus in order to try to rotate your files.
My computer was infected with the no_more_ransom ransomware virus?
It is easy to detect computer infections with no_more_ransom encryption virus. In order to replace your personal files, files with strange names and extensions no_more_ransom appeared, your computer was infected. The first sign of infection is the presence of a file with README names in your directories. This file will contain instructions for decrypting files in no_more_ransom. An example of such a combination is shown below.
Your files have been encrypted.
To decrypt them, you need to send the code:
(Computer ID)
to the email address [email protected].
You will then take any necessary instructions.
Try to decipher on your own, do not lead to anything, let's go around the irrevocable waste of information.
If you still want to try it, then make backup copies of the files in advance, otherwise you should
Change your decoding to become impossible for everyday minds.
Yakshcho you did not take away the vіdpovіdі for the specified address for 48 years (and only in tіlki in tsomu vpadku!),
speed up in the form of a bell-ring. It can be done in two ways:
1) Get and install Tor Browser for free: https://www.torproject.org/download/download-easy.html.en
In the address bar of Tor Browser, enter the address:
and press Enter. Get involved with a side from the form of a return zv'yazku.
2) Any browser should go for one address:All important files on your computer have been reviewed.
To select files, you must read the following code:
(Computer ID)
to email address [email protected].
Then you will receive all necessary instructions.
All aspects of sounding like you will be the result only of incorrect spending from your data.
Whenever you are going to ask you to reconsider, what are you, maybe, backup at first because
decryption will become impossible in case of any changes inside the files.
Therefore, you do not accept information about the removed electronic mail for more than 48 years (and only in this case!),
use the feedback form. You can do it by two ways:
1) Download Tor Browser from here:
https://www.torproject.org/download/download-easy.html.en
Install it and type following address into address bar:
http://cryptsen7fo43rr6.onion/
Press the Enter key and then the page with feedback form will be loaded.
2) Go to one of the next notifications in any browser:
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
How to decrypt files encrypted with no_more_ransom encryption virus?
No_more_ransom files are currently available. The ransomware virus repeatedly reminds the victim that a strong encryption algorithm has been won. Tse means that it is practically impossible to decrypt files without a special key. Vykoristovuvaty method of picking the key so itself did not go through the great dove of the key. Therefore, unfortunately, only payment to the authors of the virus all the sum (9000 rubles and more) is the only way to try to extract the decryption key.
There is no guarantee that after paying the author, the virus will be contacted and given the key needed to decrypt your files. Krіm tsgogo, it is necessary to understand that weeping pennies to the distributors of viruses, you yourself pidshtovhuєte їx on the creation of new viruses.
How to remove the no_more_ransom encryption virus?
Before proceeding to this, you need to know that when approaching the virus and try independent updating of files, you block the ability to decrypt files by paying the authors of the virus the amount they requested.
Kaspersky Virus Removal Tool (KVRT) and Malwarebytes Anti-malware (MBAM) can detect different types of active encryption viruses and easily see them from the computer, but they can't recover encrypted files.
Press the Windows keys and R (Russian K) on the keyboard at once. It should be small at the end of the Vikonat heading in order to enter:
Press the Enter key.
Launch registry editor. Open the Edit menu, and in the new one click the Know item. Enter:
Client Server Runtime Subsystem
Press the Enter key.
View this parameter by clicking on the new right key and selecting Vidality as shown in the small box below. Be more respectful!
Close the registry editor.
Reboot the computer. Open the C:\Documents and Settings\All Users\Application Data\Windows\ directory and delete the csrss.exe file.
Start the HijackThis program by clicking on the next prompt.
Dekilka of final words
Following these instructions, your computer will be cleared of the no_more_ransom encoder virus. If you have a vinick of food, or if you need help, then turn to ours.
For example, in 2016, the world of attacks by a very non-trivial Trojan virus that encrypts documentary documents and multimedia content, which is called NO_MORE_RANSOM. How to decrypt the files after the injection of threats, then it will be looked at. However, it’s safe to get ahead of all the koristuvachs, they knew the attacks, but there is no single method. It is connected with the most common cases of one of the most protruded and with the level of penetration of the virus into the computer system, or to build a local fence (if you want a back on the fence, injecting wines and not opening).
Which virus is NO_MORE_RANSOM and how does it work?
As a result, the virus itself has been upgraded to the class of Trojans of the I Love You type, which penetrates the computer system and encrypts the files of the core file (called multimedia). It’s true, as if it was a little bit more cryptic, the whole virus is even richer in the presence of a large threat under the name DA_VINCI_COD, having combined the function of the zdirnik.
If more files in audio, video, graphics or office documents are infected, it is hoped to use the NO_MORE_RANSOM extension to overcome the folding password.
When you try these words on the screen, you will be informed about those that the files are encrypted, and for decryption, you need to pay a sum of money.
How does the threat penetrate the system?
For the time being, I’m still calm about those, as if I’ve poured NO_MORE_RANSOM to decrypt files of any kind, and to get to the technology of infiltrating a virus into a computer system. It’s a pity, it didn’t sound like it, for whom the old way of converting is used: a sheet of attachments is sent to the e-mail address, showing a kind of coristuvach and omitting the shkidly code.
Originality, like Bachimo, this technique is not challenged. However, the warning may be masked in the text, which does not mean anything. Abo, navpaki, for example, as if there were great companies, - to change the minds of a contract. It dawned on me that an ordinary clerk opened a deposit, but gave and took a deplorable result. One of the best spalahs was the encryption of the databases of the popular 1C package. And tse already on the right is serious.
NO_MORE_RANSOM: how to decrypt documents?
Ale, all the same, varto turns to the head food. Singing, sing all, how to decrypt files. Virus NO_MORE_RANSOM can be controlled by sequence. As soon as the coristuvach is trying to decrypt the decryption once it is infected, it is still possible to rob the abiyak. As if the threat was in the system, it’s a pity, without the help of fakhivtsiv, it’s impossible to do here. Ale and stinks are most often shown to be powerless.
As if the threat was detected at once, there was only one way - go back to the support services of anti-virus companies (so far not all documents were encrypted), edit a couple of files that were inaccessible to the file, and based on the analysis of the originals, savings on your noses, try and restore already infected documents , before copying to the same flash drive everything that is available for viewing (I don’t want an additional guarantee that the virus has not penetrated such documents). If necessary, for the correctness of the nose, it is necessary to cross-check the language if necessary with an anti-virus scanner (little).
Algorithm
Okremo varto say about those that the virus for encryption of vicorist algorithm RSA-3072, which, on the basis of the RSA-2048 technology, which was previously blocked, we can fold the flooring, CIM to occupy the entire contingent of antiviruses laboratories. , you can take months and months. In this rank, in order to decipher NO_MORE_RANSOM, vimagatime chimalih watch vitrates. Ale scho work, how to update the information is necessary negainno? Nasampered - remove the virus itself.
Can you see the virus and how can you kill it?
Vlasne, it doesn't matter. Judging by the impudence of the creators of the virus, the threat to the computer system is not masked. Navpaki - їй navit vigidno "self-distance" after the completion of the deed.
Prote the back, going to the drive of the virus, you should still neutralize it. We need to tweak the portable utilities for kshtalt KVRT, Malwarebytes, Dr. Web CureIt! and їm similar. Restore respect: stop for reverification of the portable type software in the general language order (without installation on a hard drive and launch in the optimal variant of the portable version). If a threat is revealed, then it will be negaly seen.
If these are not transferred, you need to start the task manager first and complete all the processes related to the virus, sorting the services by name (as a rule, the whole Runtime Broker process).
After you know the task, you need to click the system registry editor (regedit at the “Vikonati” menu) and ask a search for the name “Client Server Runtime System” (without paws), after which the navigation menu for the results “Know far ...” will see all the elements found. They gave the need to reconfigure the computer and check in the "Dispatchers of the office", there is no crazy process there.
In principle, in order to decipher the NO_MORE_RANSOM virus at the stage of infection, it can also be deciphered by this method. Imovirnist yogo neutralization, obviously, is small, but there is a chance.
How to decrypt files encrypted NO_MORE_RANSOM: backup
And yet another technique, about yak, few people know how to guess. On the right, in the fact that the operating system itself constantly creates powerful shadow backup copies (for example, at the time of renewal), otherwise it creates the same way. As practice shows, the virus itself does not spill into such a copy (in this structure it is simply not transferred, although it is not turned off).
In this way, the problem of how to decipher NO_MORE_RANSOM comes down to how to crack it yourself. It is not recommended to revoke for this Windows staff (and do not revoke access before attaching copies). That's why it's necessary to use the ShadowExplorer utility (it won't be portable).
To update, you just need to start sorting information by dates or by extensions, choose a copy (of a file, folder or of the entire system) and through the RMB menu select the export row. Then we simply select a directory, in which case I will save a streaming copy, and then we will override the standard renewal process.
Third Party Utilities
Obviously, before the problem of how to decipher NO_MORE_RANSOM, a lot of laboratories pronounce their solution. So, for example, "Kaspersky Lab" recommends victorious software product Kaspersky Decryptor, representations in two modifications - Rakhini and Rector.
Not less than the cіkavo look and similar rozrobki on the decoder character NO_MORE_RANSOM in Dr. Web. Ale here warto vіrazu vrahuvat, scho zastosuvannya of such programs is true only in times of svidkogo manifestation of threats, until all files are infected. Well, the virus has invaded the system mietically (if the encrypted files are simply impossible to match with the unencrypted originals), and so the programs can be impersonated.
Yak pouch
Vlasne, there is only one visnovok: it is necessary to fight against this virus at the stage of infection, if the first files are encrypted. And in the end, it’s best not to open attachments in e-mail notifications that are removed from the wallets (it’s necessary to deal exclusively with clients installed directly on the computer – Outlook, Oulook Express, etc.). Until then, as the company’s spivrobitnik may have its own list of clients’ and partners’ addresses, the letter “left” will become absolutely unacceptable, the oscillators are bigger when applying for a job, please note about the undisclosed commercial secrets and cyber security.
For example, in 2016, a new encryption virus – NO_MORE_RANSOM. I will name such a long time vin through the extension, as I give it to the files of the koristuvach.
Having already adopted richly from other viruses, for example, from da_vinci_cod. Shards recently appeared in Merezh, anti-virus laboratories have not yet been able to decipher the code. It is unlikely that such an increase will be possible in the next hour - the encryption algorithm will be shortened. So, let's figure it out, because your files are encrypted with the "no_more_ransom" extension.
Describe the principle of the robot
At the beginning of 2017, a lot of forums were flooded with messages "no_more_ransom virus encrypting files", in some cases they asked for help to remove the threat. The attack was recognized as a private computer, and a number of organizations (especially those that have 1C bases). The situation for all the victims is approximately the same: they opened the attachment from the electronic sheet, after an hour the files were removed with the extension No_more_ransom. Virus encoder with whom without any problems bypassing all popular anti-virus programs.
Vzagali, following the principle of infection No_more_ransom, do not quarrel with your predecessors:
How to vilіkuvat or remove the virus No_more_ransom
It is important to understand that if you recognize No_more_ransom on your own, you will be able to restore access to files for the additional password of the attackers. Can you restore the file after No_more_ransom? Today there is no 100% working data decryption algorithm. Blame become less utilities in the laboratories, but it takes a lot of hours (months, fates) to pick up a password. Ale about the renewal of a troch below. Let’s take a look at the back, how to designate a Trojan no more ransom (translation - “no more vikupu”) and fix yoga. 
As a rule, installed anti-virus software passes encryptors to the computer - often new versions are released, for which they simply do not get the bases out. Viruses can simply be seen from the computer, even shakhrai and it is necessary, so that the stench is left in the system, having finished its zavdannya (encryption). For remoteness, you can use the already prepared utilities, which can be used without cost:
It's even easier to deal with them: start, select disks, emboss "Start rechecking". Less than a check. If he appears at the end, in which all threats will appear. Tisnemo "Vidality".
Better for everything, one of the utilities to remove the encryption virus. Something that didn’t happen, it’s necessary to see it manually:
If you quickly mark the virus, having caught it, then there is a chance that some of the data will not be encrypted. It is better to save the files, yakі did not recognize the attack, on okremiya nakopichuvach.
Decryption utilities for decrypting "No_more_ransom" files
Picking up the code on your own is simply impossible, as if you weren't a hacker. For decryption, you need special utilities. I’ll tell you again that not everyone is able to decrypt the encryption file of the “No_more_ransom” type. The virus is new, so the need for a password is even more complicated.
Otzhe, first of all, we are trying to renew the tribute from shadow copies. For promotion, the operating system, starting from Windows 7, regularly takes copies of documents. In some cases, the virus does not have the power to make a copy. That's why the ShadowExplorer program is cost-free. You won’t be able to install anything - you just need to unpack.
If the virus has not made a copy, then it is possible to recover close to 80-90% of the encrypted information.
Programs-decoders for renewing files after the No_more_ransom virus are tested in the anti-virus laboratory. It's true, don't worry about how these utilities can update your data. Encryptors are constantly being fully upgraded, and facsimiles simply do not get updated for the skin version. Keep your eyes on the technical support of anti-virus laboratories to help retailers.
To combat No_more_ransom є Kaspersky Decryptor. The utility is presented in two versions with prefixes and Rakhni (more about them on our website). To fight against the virus and decrypt the files, you just need to run the program, choosing the location of the rewrite.
Why, it is necessary to indicate one of the blocked documents, so that the utility is engaged in password selection.
You can free download the best decoder No_more_ransom from Dr. Web. The utility is called matsnu1decrypt. Pratsyuє for a similar scenario with programs like Kaspersky. It is enough to start the re-verification and finish it.
It’s not a secret for anyone now that all kinds of obvious evils have been transferred to the Internet. Among them are cyber-espionage, cyber-terrorism, cyber-fraud, cyber-stealing, and cyber-blackmail.
Cyber-malice in Russia has long wanted to be equated to theft, having done more in the early morning, but the food has been ruined by the filing of banking structures, such as hackers do not give life. Mozhlivo, so out and є. Someone about what, and banks about hackers ...
The draft law, which is being prepared, has also created the downloading of unlicensed programs and audio-video-"masterpieces" of the current "masterpiece"-industry, which wiggles at us like that, like a wild water. I’m rejoicing at the view, and not at the right cyber-malicious ones, like a plague has spread throughout the All-World Merezh and the skin of the world has bumped into the skin’s edge of the world, like a plague has spread to the Internet.
So, I’m talking about the Zdirnitsky Plague: crypto-magicians, encryptors, blockers and all sorts of fakes, etc. programs, pretending to be ciphers, blockers, programs that promote "cleansing" for a fee, but they never cease to be zdirniks. Their creators open their "creations" on the Internet, not being afraid of law enforcement officers, criminal mafia, militia police, Europol and Interpol. Stink advertize, advertize and poke at the results of the search for Google and Yandex automated systems.
Axis z kim can fight laws about cyber-malice, whom the police are guilty of seizing in the first place, counting Europol, Interpol and Management "K"! I would like to believe that the robot is being directly carried out day and night, but the fact is obvious: health and crypto wealth has become a scourge and plague on the Internet, like a kovzanka pіdіm'yavshi pіd yourself a classic viral epidemic.
By the way, for my reports from Ukraine, Moldova and Romania, the largest number of Ransomware is released, so if you don’t harm the Chinese and Pvdenny regions of Asia, de more perfect, more high traffic Health and hacker attacks. Some strong attacks from Ukraine, Moldova and Romania are directed at Russia, Russian enterprises and coristuvachiv, and others at the USA, Europe and English coristuvachiv.
For the rest of the couple of years, computers have become more and more often stuck with encryption programs, fake encryption programs, blockers-wimages and others, as they charge a fee for turning access to files, as they encrypted and robbed unreadable, blocked crushed inaccessible ... Yak tse became possible?
Those hours have long passed, if one evil-doer or a programmer-pochatkіvets was engaged in expanding shkіdlivoї programs.None of the most cyber-malicious people work as a team, because such a spіlna robot to bring more surplus. For example, with the development of a healthy business model (RaaS), based on paying for the redemption in bitcoins, one group can deal with technical support, writing recommendations, via chat or by email to tell new victims how to buy, exchange , transfer bitcoins for further payment vikupu. The second group is engaged in the development, renovation and improvement of the healthy PZ. The third group will ensure that accommodation is provided. The fourth group is working on C&C and administration robot from the command center. P'yata takes care of financial matters and works with partners. Shosta compromises and infects sites... With the development of RaaS, the more foldable and wider the health, there are more rear groups and their processes.
Having been hit by the attack of the crypto-vimagers, they suffered to stand in front of the folding food: Pay the ransom? or Say goodbye to files? To secure the anonymity of the cyber-malware victorious Tor merezha and to remove the viability from the Bitcoin cryptocurrency. For the month of 2016, the penny equivalent of 1 BTC will already exceed 60 thousand rubles and will not become less. It’s a pity, having failed to pay, suffered involuntarily financially, further zdirnitsku diyalnistnost cyberzlochintsiv, the appetite of such adults is not just a day, but sgogodini and with a new skin stink of stench will change at their bezkarnosti.
Look at " Top 100 Richest Bitcoin Addresses and Bitcoin Revealed Most of the current crypto-currency riches-millionaires have become so illegal and malicious methods.
How about booty? Today, there is still no universal tool for decrypting data, and there are only a few utilities that are created that are suitable for specific ciphers. To that, as the main zakhist, it is recommended to come in, so that you do not allow infection with cipher suites, the head of which isActual anti-virus protection. In any case, it’s important that we also promote information about corruption and come in about threats that look like cryptographic software and zdirnikiv.For whom our blog was created.Here, information is collected about a skin cipher-vimagach, a fake cipher, or a blocker, which you see yourself as a cipher.
My other blouse File decryptors Starting from May 2016, information about how decrypters are expected to be created for codeless decryption of files encrypted by Crypto-Ransomware. All descriptions and instructions are first published in Russian language. Call regularly.
To help professionally in 2016, Kaspersky Lab, Intel Security, Europol and the Netherlands Police organized a collaborative project. No More Ransom", Directions to fight against vimagach programs. Project participants created a websiteoMoreRansom.org , to retrieve the most important information about ransomware (English), as well as cost-free tools for recovering encrypted data. There were only 4 such tools in the field of LC and McAfee.On the day of writing these articles were already 7This functionality is even more advanced.
It is noteworthy that this project is less for babies added a group of decrypters, which have long been described in my blogs "Cryptor-Vimagachi" and "File Decryptors".
No More Ransom!
Updated on 15 December 2016:
Other companies came to the project, as they released other decryptors earlier. There are already 20 utilities there at once (there are two of them):
WildFire Decryptor - typed by Kaspersky Lab and Intel Security
Chimera Decryptor - typed by Kaspersky Lab
Teslacrypt Decryptor - typed by Kaspersky Lab and Intel Security
Shade Decryptor - typed by Kaspersky Lab and Intel Security
CoinVault Decryptor - courtesy of Kaspersky Lab
Rannoh Decryptor - typed by Kaspersky Lab
Rakhni Decryptor - type of Kaspersky Lab
Jigsaw Decryptor - vid Check Point
Trend Micro Ransomware File Decryptor - as Trend Micro
NMoreira Decryptor - by Emsisoft
Ozozalocker Decryptor - by Emsisoft
Globe Decryptor - by Emsisoft
Globe2 Decryptor - by Emsisoft
FenixLocker Decryptor - available from Emsisoft
Philadelphia Decryptor - by Emsisoft
Stampado Decryptor - by Emsisoft
Xorist Decryptor - provided by Emsisoft
Nemucod Decryptor - by Emsisoft
Gomasom Decryptor - available from Emsisoft
Linux.Encoder Decryptor - like BitDefender
Now No More Ransom has representatives from 22 countries of the world.
Good luck decrypting!
Don't cry the wikup! Get ready! Protect your data! Robi backup! Koristuyuchisya moment guessing: Zdirstvo - tse malice, not gra! Do not play at the game.
© Amigo-A (Andrew Ivanov): All blog articles