Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    NSA shares zero-trust guidance to limit adversaries on the network

Featured Deal: Enjoy quick, compatible data transfers with this $59.99 portable SSD

Latest Buyer's Guide:    Hotspot Shield VPN review

Generic User Avatar

Checkmate Ransomware (.checkmate) Support Topic

Started by sikich , Jun 08 2022 05:30 AM

  • Please log in to reply
91 replies to this topic

#31 justking10

justking10

  • Avatar image
  • Members
  • 1 posts
  • OFFLINE
    •  
  • Local time:07:08 AM

Posted 09 August 2022 - 02:07 AM

Hi Everyone, nice to meet you, I'm Andrea. I have a problem with a Ransomware, I have attached a text file for the unlocking procedure after the ransom and I have attached an original file. I can't attach the decrypted file because it tells me I'm not authorized. Can you help me restore my data? Thank you very much

 

 

Andrea

 

 

Ps.  I was able to upload the decrypted file in zip format, inside.

 

Thank you

Attached Files


Edited by justking10, 09 August 2022 - 02:14 AM.

BC AdBot (Login to Remove)

 

#32 quietman7

quietman7

    Bleepin' Gumshoe


  • Avatar image
  • Global Moderator
  • 61,818 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:08 AM

Posted 09 August 2022 - 06:07 AM

There is no known method that I am aware of to decrypt files encrypted by Checkmate Ransomware without paying the ransom (not advisable) and obtaining the private encryption keys from the criminals who created the ransomware unless they are leaked or seized & released by authorities. Without the master private key that can be used to decrypt your files, decryption is impossible. That usually means the key is unique (specific) for each victim and generated in a secure way (i.e. RSA, AES, Salsa20, ChaCha20, ECDH, ECC) that cannot be brute-forced.
 
If feasible, your best option is to restore from backups, try file recovery software to recover (not decrypt) some of your original files or backup/save your encrypted data as is and wait for a possible solution at a later time.


.
.
Microsoft MVP Alumni 2023Windows Insider MVP 2017-2020, MVP Reconnect 2016-2023

Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Retired Police Officer, Federal Agent and Coast Guard Chief

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#33 Andy_AMPITS

Andy_AMPITS

  • Avatar image
  • Members
  • 1 posts
  • OFFLINE
    •  
  • Local time:07:08 AM

Posted 15 August 2022 - 05:21 AM

Hello, the QNAP NAS of a friend was also encrypted. I am attaching 2 files (DOCX). Maybe someone recognizes differences and could help.
 
 
Thanks and best regards
 
Andy

#34 portyk

portyk

  • Avatar image
  • Members
  • 1 posts
  • OFFLINE
    •  
  • Local time:07:08 AM

Posted 16 August 2022 - 06:00 AM

I also have a problem, but I attach psd files. Original + infected.

 

https://wetransfer.com/?utm_campaign=WT_email_tracking&utm_content=general&utm_medium=logo&utm_source=notify_recipient_email


#35 wchuang

wchuang

  • Avatar image
  • Members
  • 4 posts
  • OFFLINE
    •  
  • Local time:01:08 PM

Posted 16 September 2022 - 02:45 AM

Could you help me to resolve the encrypted file? I attach the file contents to you.

 

You was hacked by -=CHECKMATE=- team.
All your data has been encrypted, backups have been deleted.
Your unique ID: 9CE6061BE20146D9B5921578F3E3DF38
You can restore the data by paying us money.
We determine the amount of the ransom from the number of encrypted office files.
The cost of decryption is 5820 USD for all your files.
Payment is made to a unique bitcoin wallet.
Before paying, you will be able to make sure that we can actually decrypt your files.
For this:
    1) Download and install Telegram Messenger https://telegram.org/
        Be careful! Telegram has a lot of fake accounts, for example, checkmate_teamm or checkmate_teams.
        Dont search manually, use the link above.
        If you dont follow this advice, you will lose money and files.
    3) Send a message with your unique ID, your e-mail and 3 files for test decryption. Files should be no more than 15mb each.
    4) In response, we will send the decrypted files and a bitcoin wallet for payment. Bitcoin wallet is unique for you, so we can find out what you paid.
    5) After the payment is received, we will send you the key and the decryption program.
As a bonus, we will let you know how you were hacked.
 
FAQ:
Is it possible to pay for the decryption of only part of the files?
    Yes, it is possible. For more information, please contact us.
What is Bitcoin?
read bitcoin.org
Where to buy bitcoins?
or use google.com
Where is the guarantee that I will receive my files back?
The very fact that we can decrypt your random files is a guarantee. It makes no sense for us to deceive you.
How quickly will I receive the key and decryption program after payment?
As a rule, within a few hours, but very rarely there may be a delay of 1-2 days.
How does the decryption program work?
It is simple. You need to copy the key and select a folder to decrypt. The program will automatically decrypt all encrypted files in this folder and its subfolders.

#36 quietman7

quietman7

    Bleepin' Gumshoe


  • Avatar image
  • Global Moderator
  • 61,818 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:08 AM

Posted 16 September 2022 - 06:43 AM

As I previously noted, there is no known method that I am aware of to decrypt files encrypted by Checkmate Ransomware without paying the ransom (not advisable) and obtaining the private encryption keys from the criminals who created the ransomware unless they are leaked or seized & released by authorities


.
.
Microsoft MVP Alumni 2023Windows Insider MVP 2017-2020, MVP Reconnect 2016-2023

Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Retired Police Officer, Federal Agent and Coast Guard Chief

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#37 Amigo-A

Amigo-A

    Security specialist and Ransomware expert


  • Avatar image
  • Members
  • 3,049 posts
  • ONLINE
    •  
  • Gender:Male
  • Location:Bering Strait
  • Local time:10:08 AM

Posted 20 September 2022 - 12:25 PM

Is the ransom note called !CHECKMATE_DECRYPTION_README?


My site: The Digest "Crypto-Ransomware"  + Google Translate 

 

#38 wchuang

wchuang

  • Avatar image
  • Members
  • 4 posts
  • OFFLINE
    •  
  • Local time:01:08 PM

Posted 20 September 2022 - 09:08 PM

Yes, there is.


#39 taniwha

taniwha

  • Avatar image
  • Members
  • 1 posts
  • OFFLINE
    •  
  • Local time:06:08 AM

Posted 02 February 2023 - 10:56 AM

Hi, I notice it's been a while and I was wondering if there is still no known method to decrypt files encrypted by Checkmate... any good news ?


#40 quietman7

quietman7

    Bleepin' Gumshoe


  • Avatar image
  • Global Moderator
  • 61,818 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:08 AM

Posted 02 February 2023 - 01:02 PM

There is nothing new to report that I am aware of.


.
.
Microsoft MVP Alumni 2023Windows Insider MVP 2017-2020, MVP Reconnect 2016-2023

Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Retired Police Officer, Federal Agent and Coast Guard Chief

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#41 czv

czv

  • Avatar image
  • Members
  • 31 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:05:08 AM

Posted 06 February 2023 - 11:58 AM

I have a few files from checkmate, if you interested


#42 quietman7

quietman7

    Bleepin' Gumshoe


  • Avatar image
  • Global Moderator
  • 61,818 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:08 AM

Posted 06 February 2023 - 12:34 PM

What kind of files?


.
.
Microsoft MVP Alumni 2023Windows Insider MVP 2017-2020, MVP Reconnect 2016-2023

Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Retired Police Officer, Federal Agent and Coast Guard Chief

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#43 czv

czv

  • Avatar image
  • Members
  • 31 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:05:08 AM

Posted 06 February 2023 - 02:50 PM

deleted


Edited by czv, 07 February 2023 - 01:29 PM.

#44 czv

czv

  • Avatar image
  • Members
  • 31 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:05:08 AM

Posted 06 February 2023 - 02:52 PM

deleted


Edited by czv, 07 February 2023 - 01:29 PM.

#45 quietman7

quietman7

    Bleepin' Gumshoe


  • Avatar image
  • Global Moderator
  • 61,818 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:08 AM

Posted 06 February 2023 - 03:02 PM

I have let Grinler know about this.


.
.
Microsoft MVP Alumni 2023Windows Insider MVP 2017-2020, MVP Reconnect 2016-2023

Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Retired Police Officer, Federal Agent and Coast Guard Chief

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

Back to Ransomware Help & Tech Support


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Ransomware Help & Tech Support
  4. Privacy Policy
  5. Rules ·