/build/static/layout/Breadcrumb_cap_w.png

webmafia.wallet ransomware question

Hello! I have a huge problem with my laptop. Last Friday I heedless and opened misleading email which infected my computer and encrypted all files. Now almost all files in my hard drive looks like [webmafia@asia.com].wallet. I’ve tried to fix it manually using ShadowExplorer, TrendMicro and this manual removal guide but nothing helps. So I want to ask you if there is any possibility to decrypt flies or the only way out is to pay hackers? Thank you in advance!


0 Comments   [ + ] Show comments

Answers (4)

Posted by: rileyz 7 years ago
Red Belt
2
You might have to get your wallet out (hah, couldn't resist!) and get a proper anti malware/virus software next time.

If its that important (your data) you will probably need to pay your way out of it, looks encryption hasn't been broken, so to be utterly frank and brutal - your fecked. 
Posted by: alphabeta 7 years ago
Black Belt
0
Have you tried using the free MalwareBytes software? Link here - https://www.malwarebytes.com/mwb-download/thankyou/ If you get it installed and get the latest definitions installed and boot into safe mode. I'm not sure how successful it is with ransom ware but I've found it to be very helpful with other virus's. If you are able to fix issues at the end of a scan I'd give it a second scan to make sure there is nothing else there.
Posted by: rad33k 7 years ago
Fourth Degree Brown Belt
0
I think you will need to monitor any updates on this particular ramsonware and cross your fingers that someone will post a valid encryption key. In general - you can't recover your data until encryption keys are released. If you really really need your files right now, I do not see any other option than paying the fee (and believe that hackers will be fair with you).
I'm assuming you have checked some other forums, especially these related to the OS security and you found information about file encryption. General approach in such cases is well described by Bleepin' Janitor here (I totally agree with that):
Regardless of what ransomware it is, you should create a copy or image of the entire hard drive. Doing that allows you to save the complete state of your system (and all encrypted data) in the event that a free decryption solution is developed. In some cases, there may be decryption tools available but there is no guarantee they will work properly since the malware writers keep releasing new variants in order to defeat the efforts of security researchers.
Imaging the drive backs up everything related to the infection including encrypted files, ransom notes and registry entries containing possible information which may be needed if a solution is ever discovered. The encrypted files do not contain malicious code so they are safe. Even if a decryption tool is available, they do not always work correctly so keeping a backup of the original encrypted files and related information is a good practice.
Good Luck!
Posted by: JoshRoss 7 years ago
Senior White Belt
0
It has been quite a while, wanted to put my input for anyone who is going to be surfing this in the future. Ransomware name is Dharma. Quite a pesky one, considering it has countless variations at this point. Some master decryption keys have been released, and Kaspersky had some courtesy to making a decryptor. I am fairly certain that the Rakhni would be able to decrypt some or most iterations of this malware. As people have mentioned, you should always remove the malware first. Otherwise, your files will get infected again. You can do so by using Malwarebytes or Adwcleaner, fairly certain that both will work just fine. Oh, and I also found some thorough removal instructions and general guide for people who need more help with this. Hopefully, you can find your luck and decrypt your files.
 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ