Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    NSA shares zero-trust guidance to limit adversaries on the network

Featured Deal: Enjoy quick, compatible data transfers with this $59.99 portable SSD

Latest Buyer's Guide:    Hotspot Shield VPN review

Generic User Avatar

RansomNoteCleaner - Remove Ransom Notes Left Behind

Started by Demonslay335 , Jun 13 2016 06:37 PM

  • Please log in to reply
93 replies to this topic

#91 Demonslay335

Demonslay335

    Ransomware Hunter

  • Topic Starter

  • Avatar image
  • Security Colleague
  • 4,770 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:USA
  • Local time:11:07 PM

Posted 14 September 2020 - 10:14 AM



Hello! This is an amazing tool and is very appreciated!

 

Would it be possible to add a cleaner for the Avaddon ransom notes?

 

Or one possible alternative solution, if I could "choose a note" and from there it would find any other matching notes. This would potentially help it work for many future notes.

 

Thanks for the feedback. I have not added a definition for Avaddon's ransom note filename to ID Ransomware (where RansomNoteCleaner pulls its definitions) because it would cause too many false positives with real programs (*-readme.html).

 

Your suggestion would be possible though, I'll think about it when I have some time to support this tool more.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.

BC AdBot (Login to Remove)

 

#92 PintSizeNore

PintSizeNore

  • Avatar image
  • Members
  • 5 posts
  • OFFLINE
    •  
  • Local time:12:07 AM

Posted 17 September 2020 - 02:56 AM

 



Hello! This is an amazing tool and is very appreciated!

 

Would it be possible to add a cleaner for the Avaddon ransom notes?

 

Or one possible alternative solution, if I could "choose a note" and from there it would find any other matching notes. This would potentially help it work for many future notes.

 

Thanks for the feedback. I have not added a definition for Avaddon's ransom note filename to ID Ransomware (where RansomNoteCleaner pulls its definitions) because it would cause too many false positives with real programs (*-readme.html).

 

Your suggestion would be possible though, I'll think about it when I have some time to support this tool more.

 

Yes without knowing the starting part of the note filename, it is quite generic and I can see how that would be a problem. Thank you I really appreciate and applaud your efforts for this cause. The CryptoSearch tool has been extremely useful as well!


#93 Sufi863

Sufi863

  • Avatar image
  • Members
  • 4 posts
  • OFFLINE
    •  

Posted 27 October 2023 - 12:13 PM

Hi All

 

I was attacked by ransomeware a few months ago and it encrypted all my files to .NEON, and left a not there in every folder. I tried  a lot on different forums but everyone told me that it is an encryption with an online key. so its not possible to decrypt without that key. Its been few months now. any possibility of any solution or any tool yet created for this? Please Help me if anyone can do that. I have my important data. 

 

I will be looking forward anxiously for someone to solve my problem.

 

Thanks & Regards


#94 quietman7

quietman7

    Bleepin' Gumshoe


  • Avatar image
  • Global Moderator
  • 61,818 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:07 AM

Posted 27 October 2023 - 01:58 PM


...I was attacked by ransomeware a few months ago and it encrypted all my files to .NEON, and left a not there in every folder. I tried  a lot on different forums but everyone told me that it is an encryption with an online key. so its not possible to decrypt without that key. Its been few months now. any possibility of any solution or any tool yet created for this? Please Help me if anyone can do that. I have my important data. 
 
I will be looking forward anxiously for someone to solve my problem....

 

This is a support topic only for RansomNoteCleaner.
 
You are dealing with a newer variant of STOP (Djvu) Ransomware released around June 2023 as explained here by Amigo-A (Andrew Ivanov). Since switching to the new STOP Djvu variants (and the release of .gero) the malware developers have been consistent on using 4-letter extensions.
 
The .djvu* and newer variants will leave ransom notes named _openme.txt_open_.txt or _readme.txt
 
Please read the first page (Post #1) of the STOP (Djvu) Ransomware Support Topic for a summary of this infection, it's variants, any updates and possible decryption solutions using the Emsisoft STOP Djvu Decryptor.
 
If infected with an ONLINE KEY, decryption is impossible without the victim’s specific private key. ONLINE KEYS are unique for each victim and randomly generated in a secure manner with unbreakable encryption. Emsisoft cannot help decrypt files encrypted with the ONLINE KEY due to the type of encryption used by the criminals and the fact that there is no way to gain access to the criminal's command server and retrieve this KEY. ONLINE ID's for new STOP (Djvu) variants are not supported by the Emsisoft Decryptor.
 
You need to post any questions in the above support topic. If you have followed those instruction and need further assistance, then you still need to ask for help in that support topic.


.
.
Microsoft MVP Alumni 2023Windows Insider MVP 2017-2020, MVP Reconnect 2016-2023

Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Retired Police Officer, Federal Agent and Coast Guard Chief

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

Back to Ransomware Help & Tech Support


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Ransomware Help & Tech Support
  4. Privacy Policy
  5. Rules ·