2279
We help victims of Ransomware! O foco deste grupo é soluções em tema RANSOMWARE, ou assuntos relacionados a MALWARE ANALYSIS. Decriptografia.
Yeah, I don't like your flooding. John has been temporarily muted for 4 minutes.
Читать полностью…
Can be repaired and recovered without issues
Читать полностью…
Yeah, I don't like your flooding. John has been temporarily muted for 4 minutes.
Читать полностью…
fwd: @ransomwareworld
🚨 Insider Threats Rising as Ransom Payments Hit Record Lows
Ransomware payment rates have dropped to historic lows — Only 23% of victims paid in Q3 2025, with average payments down 66% to $376K. Attackers are adapting by impersonating SaaS support teams or abusing help-desk processes to gain OAuth authorization
Despite targeting larger firms (median 362 employees), payouts continue to fall, challenging the “big-game hunting” model.
ID: https://www.coveware.com/blog/2025/10/24/insider-threats-loom-while-ransom-payment-rates-plummet
hey guys, just wondering, anyone communicate or deal with this Devman ransomware group before?
Читать полностью…
🇺🇲 English
Hello there, Ransomware such as those below are not recoverable by any recovery softwares (Recuva...) Ransomware does not DELETE your files therefore there is nothing to recover (recovery softwares are for deleted files), What You need is rebuild file structure (Header) of the file in cases such as Stop DJVU. Stop Djvu is the weakest Ransomware out there, and it allows rebuild file structure in some cases.
We have been dealing with Ransomware for so long already, We know more than 900 families of Ransomware. We are not here to disappoint You, We're here to offer free help whenever We can. We cannot rebuild all your files, We teach You how to do it, or wait for someone to develop a paid tool that You are gonna crack anyways and get in trouble again and come back to Us. Not everyone that has suffered a Ransomware attack was doing illegal practices but most of You were victims because of cracking softwares. Learn once in for all, do not crack softwares ever, it is as easy as that. We are sorry for Your losses We receive messages all day long from victims of Ransomware. Unfortunately We don't have the answer for everyone, because there isn't and there will never be. What can You expect? Threat actors release master key as soon as the FBI or any other law enforcement threatens them. It happens all the time. Keep Your hope alive. We are working non-stop to help build a better and safer environment to all of You. We are from many countries. We understand what is like to lose all your important files. Please be patient. Help is on the way.
To all that have been victims of:
Stop DJVU
Dharma
Phobos
Maze
Sodinokibi (REvil)
Globe Imposter 2.0
MedusaLocker
RYUK
Ragnarlocker
And the list goes on..
🇧🇷 Português do Brasil
Olá, Ransomware como os abaixo não são recuperáveis por nenhum software de recuperação (Recuva ...) O Ransomware não EXCLUI seus arquivos, portanto, não há nada para recuperar (softwares de recuperação são para arquivos excluídos). O que você precisa é reconstruir a estrutura do arquivo (Cabeçalho em alguns casos) do arquivo em casos como STOP DJVU. O Stop Djvu é o Ransomware mais fraco que existe e que permite reconstruir a estrutura do arquivo em alguns casos.
Já lidamos com Ransomware há muito tempo. Conhecemos mais de 900 famílias de Ransomware. Não estamos aqui para desapontá-lo. Estamos aqui para oferecer ajuda gratuita sempre que possível. Não podemos reconstruir todos os seus arquivos. Nós ensinamos você a fazer isso, ou esperar que alguém desenvolva uma ferramenta paga que você vai crackear de qualquer maneira e ter problemas novamente e voltar para nós. Nem todo mundo que sofreu um ataque de Ransomware estava realizando práticas ilegais, mas a maioria foi vítima por causa de softwares piratas(crackeado). Aprenda de uma vez por todas, não crackeie software nunca, é simples assim. Diminuirá muito as suas chances de pegar Ransomware. Lamentamos por suas perdas, Recebemos mensagens o dia todo de vítimas de Ransomware. Infelizmente não temos a resposta para todos, porque não existe e nunca haverá. O que você pode esperar? Os atores da ameaça, liberam a chave mestra assim que o FBI ou qualquer outro agente da lei os ameaça. Isso acontece o tempo todo e também pode acontecer no seu caso. Mantenha sua esperança viva. Estamos trabalhando sem parar para ajudar a construir um ambiente melhor e mais seguro para todos vocês. Somos de muitos países. Nós entendemos o que é perder todos os seus arquivos importantes. Por favor, seja paciente. A ajuda está a caminho.
A todos que foram vítimas de:
STOP DJVU
Dharma
Phobos
Maze
Sodinokibi (REVIL)
Globe Imposter 2.0
MedusaLocker
RYUK
Ragnarlocker
E a lista continua..
Fwd: @ransomwareworld
🚨 Prosecutors allege incident response pros used ALPHV/BlackCat to commit string of ransomware attacks
The alleged cybersecurity turncoats attacked at least five U.S. companies while working for their respective employers, officials said.
ID: https://cyberscoop.com/?p=86605
fwd: @ransomwareworld
⚖️ Conti Ransomware Case – Extradition
The U.S. Department of Justice announced the extradition of Ukrainian national Oleksii Lytvynenko (43, Cork, Ireland) to face charges related to the Conti ransomware operation.
Between 2020–2022, Lytvynenko allegedly conspired with others to deploy Conti, encrypt victim data, and demand ransom in cryptocurrency. The group is linked to over 1,000 victims across more than 30 countries, extorting at least $150 million in payments.
Conti was one of the most prolific ransomware strains, responsible for numerous critical infrastructure attacks.
The extradition was coordinated by Irish police (An Garda Síochána) and the FBI, reflecting growing international cooperation against cybercrime.
Full details: https://www.justice.gov/opa/pr/ukrainian-national-extradited-ireland-connection-conti-ransomware
fw from: @ransomwareworld
Qilin Ransomware – Updated Threat Overview (Oct 2025)
Ransomware-as-a-Service active since 2022, written in Golang and Rust, targeting Windows and VMware ESXi. Qilin shares traits with Black Basta, REvil, and BlackCat, and has impacted sectors like healthcare and education across multiple continents.
🧩 Key Techniques
🔑 Privilege Escalation (T1548.002) – Bypasses UAC with stolen tokens.
🧠 Credential Access (T1003.001, T1134) – Uses Mimikatz for LSASS dumping and token manipulation.
💾 Encryption (T1486) – AES-256/ChaCha20 + RSA-2048/4096 for keys.
🧱 Defense Evasion (T1562.001, T1562.009) – Kills AV, boots in Safe Mode.
⚙️ Persistence (T1547.001, T1547.004) – RunOnce & Winlogon registry entries.
🌐 Initial Access (T1190, T1566) – Exploits Citrix/RDP and spearphishing.
🧹 Impact (T1490, T1070) – Deletes shadow copies, event logs, and itself.
🕹 Lateral Movement (T1021.002, T1053.005) – Uses PsExec & GPO tasks.
🧩 Obfuscation (T1027.013) – Encrypted strings, renamed functions.
💡 Guardrails (T1480) – Requires password to execute.
🧿 VM Awareness (T1673) – Detects virtual environments.
📚 MITRE ATT&CK ID: S1242
Associated Software: Agenda
For full details, see the MITRE ATT&CK® entry for Qilin (S1242): https://attack.mitre.org/software/S1242/
fw from: @ransomwareworld
🚨 Ransomware Payments Dropped in Q3 2025: Analysis
Coveware has attributed the drop to large enterprises increasingly refusing to pay up and smaller amounts paid by mid-market firms.
ID: https://www.securityweek.com/?p=44100
fw from: @ransomwareworld
🚨 Security Incident Summary (Qilin Group) - Ransomware
Japanese retail company Muji has taken its online store offline following a ransomware attack that affected its delivery partner Askul.
On Sunday evening, Japan time, Muji reported that the incident disrupted all online retail services. Customers were unable to browse or make purchases on Muji’s website, view order histories in the Muji app, or access certain parts of the company’s web content.
According to Askul’s announcement, the ransomware attack caused a system failure that forced a suspension of order processing and delivery operations. The company stated that it is still investigating the scope of the incident, including whether any personal data was compromised.
Muji has not yet provided an estimated time for restoring its online services. The case highlights the growing supply chain risks in the retail industry, where a single partner’s cybersecurity breach can disrupt operations across multiple businesses.
Source 1 - Askul Announcement: https://www.askul.co.jp/snw/newsDispView/?newsId=18364
Source 2 - Bleeping Computer: https://www.bleepingcomputer.com/news/security/retail-giant-muji-halts-online-sales-after-ransomware-attack-on-supplier/
Tracks recent ransomware leaks in real time.
Great if you follow threat intel stuff 👇
https://www.ransomware.live/
Anyone still have for some tests the Pegasus spyware?
Читать полностью…
Doubt it, repair that file would be wrecked symetric and a-symetric of files... couldnt be read...
If you dont believe it and still want to try that you said no issue,that would be nice, and dont forget to made screen recording while process for proof it 😉
🇺🇲 English
Hello there, Ransomware such as those below are not recoverable by any recovery softwares (Recuva...) Ransomware does not DELETE your files therefore there is nothing to recover (recovery softwares are for deleted files), What You need is rebuild file structure (Header) of the file in cases such as Stop DJVU. Stop Djvu is the weakest Ransomware out there, and it allows rebuild file structure in some cases.
We have been dealing with Ransomware for so long already, We know more than 900 families of Ransomware. We are not here to disappoint You, We're here to offer free help whenever We can. We cannot rebuild all your files, We teach You how to do it, or wait for someone to develop a paid tool that You are gonna crack anyways and get in trouble again and come back to Us. Not everyone that has suffered a Ransomware attack was doing illegal practices but most of You were victims because of cracking softwares. Learn once in for all, do not crack softwares ever, it is as easy as that. We are sorry for Your losses We receive messages all day long from victims of Ransomware. Unfortunately We don't have the answer for everyone, because there isn't and there will never be. What can You expect? Threat actors release master key as soon as the FBI or any other law enforcement threatens them. It happens all the time. Keep Your hope alive. We are working non-stop to help build a better and safer environment to all of You. We are from many countries. We understand what is like to lose all your important files. Please be patient. Help is on the way.
To all that have been victims of:
Stop DJVU
Dharma
Phobos
Maze
Sodinokibi (REvil)
Globe Imposter 2.0
MedusaLocker
RYUK
Ragnarlocker
And the list goes on..
🇧🇷 Português do Brasil
Olá, Ransomware como os abaixo não são recuperáveis por nenhum software de recuperação (Recuva ...) O Ransomware não EXCLUI seus arquivos, portanto, não há nada para recuperar (softwares de recuperação são para arquivos excluídos). O que você precisa é reconstruir a estrutura do arquivo (Cabeçalho em alguns casos) do arquivo em casos como STOP DJVU. O Stop Djvu é o Ransomware mais fraco que existe e que permite reconstruir a estrutura do arquivo em alguns casos.
Já lidamos com Ransomware há muito tempo. Conhecemos mais de 900 famílias de Ransomware. Não estamos aqui para desapontá-lo. Estamos aqui para oferecer ajuda gratuita sempre que possível. Não podemos reconstruir todos os seus arquivos. Nós ensinamos você a fazer isso, ou esperar que alguém desenvolva uma ferramenta paga que você vai crackear de qualquer maneira e ter problemas novamente e voltar para nós. Nem todo mundo que sofreu um ataque de Ransomware estava realizando práticas ilegais, mas a maioria foi vítima por causa de softwares piratas(crackeado). Aprenda de uma vez por todas, não crackeie software nunca, é simples assim. Diminuirá muito as suas chances de pegar Ransomware. Lamentamos por suas perdas, Recebemos mensagens o dia todo de vítimas de Ransomware. Infelizmente não temos a resposta para todos, porque não existe e nunca haverá. O que você pode esperar? Os atores da ameaça, liberam a chave mestra assim que o FBI ou qualquer outro agente da lei os ameaça. Isso acontece o tempo todo e também pode acontecer no seu caso. Mantenha sua esperança viva. Estamos trabalhando sem parar para ajudar a construir um ambiente melhor e mais seguro para todos vocês. Somos de muitos países. Nós entendemos o que é perder todos os seus arquivos importantes. Por favor, seja paciente. A ajuda está a caminho.
A todos que foram vítimas de:
STOP DJVU
Dharma
Phobos
Maze
Sodinokibi (REVIL)
Globe Imposter 2.0
MedusaLocker
RYUK
Ragnarlocker
E a lista continua..
fwd: @ransomwareworld
🚨 Threat Actors Interviews
A collection of structured interviews that document perspectives from various threat actors. The series provides context on their methods, motivations, decision-making processes, and how different groups operate within the cyber-crime ecosystem.
Useful for understanding adversarial behaviour patterns.
ID: https://www.redhotcyber.com/en/homepage/threat-actors-interviews/
Fwd @ransomwareworld
🧩 New Research: LARM — Linux Anti-Ransomware Monitor
📄 Computers & Security (Elsevier, 2025)
🔗 https://www.sciencedirect.com/science/article/pii/S016740482500389X
As Linux becomes more widespread across servers, desktops, and cloud infra, ransomware groups are increasingly pivoting to Linux/x86_64 targets.
Researchers introduce LARM (Linux Anti-Ransomware Monitor) — a lightweight, real-time kernel-level detector using eBPF for behavioural monitoring.
🧠 Key points:
• Focuses on Linux ransomware (tested vs 14 families incl. AvosLocker & Babuk).
• Uses dynamic trap-file selection via Affinity Propagation clustering + encryption order heuristics.
• Adds pre-encryption profiling to reduce false positives.
• Achieved ~1.24 s average detection delay and 0.46 % file-loss rate.
🎯 Designed for real-time detection of multithreaded ransomware on Linux servers and cloud workloads — filling a major gap in current defenses.
#Ransomware #Linux #eBPF #Detection #Research #ThreatIntel
Someone can help to repair one .db file? Almost 5gb, and its with SQLAnywhere, SAP
Читать полностью…
Shhh... quiet now.
Muted Nathan for 10 minutes.
Reason:
Automated blocklist action, due to a match on: https://t.me
fw from: @ransomwareworld
🚨 Update Trend Micro / Cisco Talos Analysis: Qilin ransomware abuses WSL to run Linux encryptors in Windows
Trend Micro and Cisco Talos identified that Qilin affiliates are using Bring Your Own Vulnerable Driver (BYOVD) attacks to disable security tools before launching ransomware. They deployed signed but vulnerable drivers such as eskle.sys to terminate antivirus and EDR processes, and used DLL sideloading to load kernel drivers like rwdrv.sys and hlpdrv.sys for elevated privileges. The attackers also used tools including dark-kill and HRSword to stop security software and erase traces of activity. Additionally, Qilin affiliates were observed deploying a Linux-based encryptor on Windows systems through the Windows Subsystem for Linux (WSL). After gaining access, they transferred the ELF encryptor via WinSCP and executed it through Splashtop’s SRManager.exe, allowing it to run within WSL and evade Windows-focused EDR detection. This method demonstrates how ransomware groups are increasingly exploiting hybrid Windows-Linux environments to maximize impact while bypassing conventional security defenses.
Reference 1: https://blog.talosintelligence.com/uncovering-qilin-attack-methods-exposed-through-multiple-cases/
Reference 2: https://www.trendmicro.com/en_us/research/25/j/agenda-ransomware-deploys-linux-variant-on-windows-systems.html
Reference 3: https://www.bleepingcomputer.com/news/security/qilin-ransomware-abuses-wsl-to-run-linux-encryptors-in-windows/
Any solution for this virus .PIIQ affected in my system
Читать полностью…
"Please follow @stopransomware for decryptor"
Читать полностью…