Far Attack/MedusaLocker3 (.farattack, .itlock*, .busavelock*) Support Topic

We were hit by the same ransomware. I contacted the Hacker. They asked for 10,000 USD at first then they reduced to 7,000 USD.

I offered 2,000 USD but they refused so i stopped the negotiation with them.

I also suspect of the RDP unsecure connection. Even they encrypted hidden and backup drives.

 

I also asked for proof to decrypt a sql database. They refused but sent me a video of the decryption. Below are all the files exchanged.

 

For the sample files they did not ask for the note. Just the encrypted file.

 

The video for the decryption in in the following link: https://we.tl/t-7IVDKGve07

Edited by GtsKsa2, 22 March 2022 - 03:59 AM.

Most security experts will advise against paying the ransom demands or engage in negotiating a payment with the malware developers. I explain why in this topic which includes victim experiences relating to dealing with them.

Hello, infected by a variant of Ransomware encrypting files and adding .chuklock extension. Infected Windows Server 2019.

Do you recognize this? Can someone point me to the right tools and direction? Does anyone know the attact vector? How the heck it came to me?

 

Attaching the ransom note and sample short encrypted TXT file.

Can you provide (copy & paste) the ransom note contents in your next reply?

jludvik

I have merged your topic into the primary support topic for victims of this ransomware.

There is a Member who contacted me through PM and offered his sevices to crack farattack ransomware. He was able to recover an encrypted file and then he asked for 7500 USD. Is he legit? I suspect him to be a middle man.
Member Name:spam82828282 or spam82828282
Email: <removed?

Bleeping Computer cannot vouch for those who claim they can decrypt data or help in other ways. 
 
While the individual or company may be legitimate, we have have no way of knowing the background, expertise or motives of all companies or individuals who indicate decryption is possible. Our experts have found that many who claim they can decrypt your files actually represent data recovery services which act as a "middleman"...they just pay the criminals...pretend they cracked the decryption and charge the victim more than the ransom demands, in many cases not telling them that is how they acquired the means of decryption. We can only advise to be cautious with whomever you are dealing with, what services they are able to provide and what claims they make before sending money or paying a fee to anyone.
 
Ransomware victims should IGNORE, (not reply back, deal with or negotiate payments with) anyone who may contact them via Private Message (PM) on this forum or by email making claims they can decrypt your data.
 
Please read my comments in this topic for information as to what we know about those who claim they can decrypt data (including scammers and data recovery services).

Hi guys apparently Ive got a slight new variant.
A friend sends me this photo and tells me his company got hit by ransomware.
https://ibb.co/YN6SKwJ
https://ibb.co/QY8tfHZ
Unfortunately at the time I got the message business was closed and couldnt get a sample.
In a couple hours Ill be there and get the sample and sent it to you guys, for now I would like to now everything about this ransomware.
I am certified oscp but ransomware attacks are outside my expertise so appreciate all the help in advanced.

Edited by Amigo-A, 03 August 2022 - 01:28 AM.

Edited by Amigo-A, 04 August 2022 - 06:04 AM.

Weird thing is I finally got the chance to access the computer directly but it seems the ransom notes deleted themselves.
Still just recovered to backup successfully just wanted to document the variant thats all.
Thx for the help

Also one more thing, I used apples text recognition in photos and got the whole id from the photo, not thats its useful now but its a neat trick.

Hi.

I have been hit by .Skynet ransomware. Is there decryption tool for this ransomware?
Files attached.

 

Thanks in advance.

 

 Skynet.zip   16.39KB   3 downloads

What is Skynet ransomware?
 
Unfortunately, there is no known method that I am aware of to decrypt files encrypted by this ransomware without paying the ransom (not advisable) and obtaining the private encryption keys from the criminals who created the ransomware unless they are leaked or seized & released by authorities. Without the master private key that can be used to decrypt your files, decryption is impossible. That usually means the key is unique (specific) for each victim and generated in a secure way (i.e. RSA, AES, Salsa20, ChaCha20, ECDH, ECC) that cannot be brute-forced.
 
If feasible, your best option is to restore from backups, try file recovery software to recover (not decrypt) some of your original files or backup/save your encrypted data as is and wait for a possible solution at a later time.