LockBit 3.0 Black / CriptomanGizmo ([random 9 chars]; README.txt) Support Topic

here is the archive

after the the first post i have received

also this from

HiAbhinavGupta has sent you a new personal conversation entitled "About your virus file".

HiAbhinavGupta said:

You can contact with this cyber security expert team on Youtube . They solved our all infected files recently. I believe They can help you to get your files back
Their Youtube channel: https://youtu.be/G-xDxZUm6-g

PLEASE DO NOT REPLY DIRECTLY TO THIS EMAIL!
You can reply to this personal conversation by following the link below:

https://www.bleepingcomputer.com/forums/index.php?app=members&module=messaging&section=view&do=showConversation&topicID=196805#msg427134

---------------------

i think they should be banned

HiAbhinavGupta has been banned.
 
Ransomware victims should IGNORE, (not reply back, deal with or negotiate payments with) anyone who may contact them via Private Message (PM) on this forum or by email making claims they can decrypt your data. Please read my comments in this topic for information as to what we know about those who claim they can decrypt data (including scammers, the criminals and data recovery services). 
 
Ransomware victims should also ignore all Google searches which which provide numerous links to bogus and untrustworthy ransomware (malware) removal guides, including Youtube videos, many of which falsely claim to have decryption solutions. After our experts tweet/write about a new ransomware or new variants, junk articles with misinformation are quickly written in order to scare and goad desperate victims into using or purchasing mostly sham removal and decryption software. Victims typically are directed to download a multitude of unnecessary and useless tools. In some cases, unsuspecting victims may actually be downloading a fake decryptor with more ransomware resulting in double-encryption that makes the situation even worst. Only use trusted sources when searching for information.

Hello... 

.......From what I have found it is an asymmetric cipher works with a pair of keys. A public key used to encrypt the data and a private key used to decrypt the data. The best-known asymmetric encryption algorithm is RSA. And according to an analysis of my infected files ... I discovered that the criminals use half of this key which is in the infected file itself and the other half is at home .... and that mean a lot of things....!

Edited by TwoPack, 28 January 2023 - 05:25 PM.

Edited by Amigo-A, 29 January 2023 - 04:32 AM.

Thanks everyone for the time and research now that I've been hit, I'll go deeper thanks to the indications you've given me

@3mz

I have merged your posting and related comments into the primary support topic for victims of this ransomware.

Edited by sfc_94, 07 February 2023 - 05:10 PM.

No conozco ningún método conocido para descifrar archivos cifrados por CryptomanGizmo Ransomware sin pagar el rescate (no recomendable) y obtener las claves de cifrado privadas de los delincuentes que crearon el ransomware a menos que las autoridades las filtren o las incauten y las liberen.

Sent the files in case they can help....

There is no place to send the files. They are part of your attachment for anyone to download and inspect.

Yes, it's CriptomanGizmo Ransomware, that's what we call it, since the extortionists didn't come up with a name for their ransomware.

A decryption method does not yet exist. In addition, we do not have a sample of the malicious file to link to one of the known ransomware groups and try to conduct reverse engineering.

Edited by Amigo-A, 08 February 2023 - 02:24 AM.

The document will not be helpful with decryption.

Immediately after attacking and encrypting files, you can search for malicious files.

Temporary files can be found, which will be a copy of the malicious files.

Once time has passed and the temporary folders have been cleared, it is difficult to find anything. 

Edited by Amigo-A, 08 February 2023 - 11:23 AM.