Ransomware Protection Tips

How to protect against Ransomware Attacks (Ransomware Protection Tips)

Ransomware Protection Tips

Its very important to understand that most hacker attacks involve Remote Desktop Connection vulnerabilities.

This means that they actually brute force your remote desktop connection password or they take advantage of security flaws in your remote desktop connection to be able to access your network infrastructure from the outside.

Lets identify what you should do in order to prevent an incident that even if your infrastructure has been hacked, you can have minimum impact.

How to protect against Ransomware Attacks

  1. You should use a credible antivirus solution for your endpoints (such as Webroot, Bitdefender, Sophos etc)
  2. You should never user the user account “Administrator” on other hosts than the domain Controller.
  3. You should have active “User” privileges in the Servers / Clients so user access should be limited
  4. Don’t use the Administrator password in other devices like NAS or Backup devices
  5. You should create a new e-mail account with different password for the antivirus panel, and you should never use it on other services
  6. Don’t use common passwords anywhere. Especially Administrator or privileged user access passwords.
  7. Start using a Cloud backup solution and make sure that you use different email and password
  8. Don’t save passwords in browsers or in any text file on the computers
  9. Use 2 Factor Authentication (2FA) logins whenever available (Microsoft Accounts, Google Accounts, Banking accounts etc)
Delete facebook account or any social media account

How to delete facebook or social Media Account permanently

Many of our clients understand that exposing yourself in social media is not the best thing, so they want to delete facebook or social media Account permanently.

Lots of Malware Infections are using social media profiles to find your email and send you attachments.

This is a quick guide that will help you:

  • Delete Facebook Account
  • Delete Instagram Account
  • Delete Twitter Account
  • Delete Linkedin Account
  • Delete Google Page Listing in Search results

Instructions on how to delete Facebook Account permanently

Request an archive with your information:

  1. Go here
  2. Go to the second option, ‘Download your information’, and select ‘view’
  3. If you want to download all your information, simply select ‘click file’. Else, deselect what items you don’t want in

You will be notified via email once the file is ready for download

Block these addresses to (mostly) prevent Facebook from tracking your online activity and behaviours:


If you ever intend on going back, deactivate your account.

  1. Once logged in, go here
  2. Click on ‘Deactivate my account’ at the bottom of the section
  3. Re-enter your password
  4. Review all the options and click on ‘Deactivate’ at the bottom

IMPORTANT: Unless you specify it, this will make you unable to use Facebook Messenger as well.

If you want to get rid of your Facebook account completely, delete your account (This takes a couple of days!):

  1. Go here
  2. You will be shown a set of steps to follow if you want to keep some of your account information (To keep messenger, for example)
  3. Re-enter your password

Instructions on how to delete Instagram Account pemanently

Request an archive with your information

  1. Using instagram WEB, not the app, go here
  2. Scroll all the way down
  3. Under ‘Data Download’, click ‘Request Download’

ig instructions

  • Check the email is correct and click ‘next’
  • Enter your password and click ‘Request Download’

!!! This takes time. Don’t immediately proceed to delete your account until you’ve gotten your archive via email.

Deactivate your account:

  • Once logged in, go here.
  • Select reason of deactivation and re enter your password
  • Click on ‘Temporarily disable your account’

!!!This disables the account until you log back in, it does NOT delete it.

Delete your account:

  1. Using instagram web and NOT the app, log in and go here.
  2. Give the reason as to why you’re deleting your account
  3. re-enter your password
  4. Click on ‘Permanently delete my account’

How to delete Twitter Account permanently

Request an archive with your information:

  1. Once logged in, go to your settings.
  2. Scroll to the bottom of the page
  3. Click on request your archive

!!! This takes time. Don’t immediately proceed to delete your account until you’ve gotten your archive via email.

Delete or deactivate your account:

  1. Once logged in, go to your settings.
  2. Scroll to the bottom of the page
  3. Click on deactivate your account
  4. Read the advice carefully
  5. Confirm deactivation
  6. You have 30 days to reactivate it (by signing in) or else your account will get deleted.

How to quickly delete any Social Media or service account

If you want to quickly see a quick catalog of services that you can delete your account from, you can visit: justdelete.me

Ransomware Hacker Reviews - Hacker Email Database

Ransomware Hacker Reviews Email Database

In our company we have dealt with lots of Ransomware Incidents and we have already worked with the following Hacker emails.
We file the outcome of every Ransomware Negotiation so we can tell you what happened with every hacker team incident so you know if hacker team is reliable to pay them with Bitcoin.
We have a Rating System where we keep the outcome of every Hacker Negotiation and we can inform you about the Hacker team intentions to give you your files back after payment
Some of them keep their promises in delivering your files after payment but some of them will not release the files and will not respond to your emails after you pay them with Bitcoin.

Is a hacker reliable or not ? Based on Hacker Email Database

We charge $300 for our service to let you know if you are dealing with reliable Hacker team or not.
These are some Hacker Emails that have been involved in some Ransomware cases we have contacted in the past and we know if they can be trusted:
  • backtonormal@foxmail.com
  • Beamsell@qq.com
  • bebenrowan@aol.com
  • Badfail@qq.com
  • bitcoin888@cock.li
  • bkp@cock.li
  • black.mirror@qq.com
  • Blacklist@cock.li
  • Blammo@cock.li
  • BM-2cXonzj9ovn5qdX2MrwMK4j3qCquXBKo4h@bitmessage.ch
  • btc2017@india.com
  • btcdecrypter@qq.com
  • combo@tutanota.de
  • cooldesktop@cock.li
  • cooldesktop@protonmail.com
  • cyberwars@qq.com
  • Darknes@420blaze.it
  • decrypt_arena@india.com
  • decryptdata@qq.com (STOP .djvu)
  • decryptoperator@gmail.com
  • decryptprof@qq.com
  • decryptinfo@protonmail.com
  • decryptseller@gmail.com
  • doololostme1986@aol.com
  • evillocker@cock.li
  • gladius_rectus@aol.com
  • goodjob24@foxmail.com
  • Grizzly@airmail.cc
  • help_files@aol.com
  • icrypt@cock.li
  • johnrant@gmail.com
  • kyratsas@gmail.com
  • lassvegas@protonmail.com
  • marat20@cock.li
  • mazma@india.com
  • nigmut@ganefs.com
  • paydecryption@qq.com
  • paymentbtc@firemail.cc
  • payransom@qq.com
  • pdfhelp@india.com
  • sasutemul1972@aol.com
  • savefiles@india.com
  • sebekgrime@tutanota.com
  • stopencrypt@qq.com
  • suppfirecrypt@qq.com
  • tracsebluopa1975@aol.com
  • veradecrypt@gmail.com
  • WindyHill@cock.li
  • youneedfiles@india.com
  • kromber@tutanota.com (email shut down)
  • DonovanTudor@aol.com (Phobos)
  • kromber@india.com (email shut down)
  • Sqlbackup4@mail.fr (Phobos)
  • wolfhelp359@airmail.cc (Wolf)
  • luciolussenhoff@aol.com (Phobos)
  • zorsesecurity@airmail.cc
  • zorsesecurity@mail2tor.com
  • hyena@rape.lol (everbe 2.0)
  • hyena@cock.lu (everbe 2.0)
  • notopen@cock.li (everbe 2.0)
  • eV3rbe@rape.lol (everbe 2.0)
  • divine@cock.lu (everbe 2.0)
  • tryopen@cock.li (everbe 2.0)

Encrypted file samples from Dharma (.cezar) Ransomware

  • .idA04EBFC2.[bitcoin143@india.com].dharma
  • .id480EB957.[legionfromheaven@india.com].wallet
  • .idEB214036.[amagnus@india.com].zzzzz
  • .id5FF23AFB.[Asmodeum_daemonium@aol.com].onion
  • .id01234567.[gladius_rectus@aol.com].cezar
  • .id01234567.[btc2017@india.com].cesar
  • .idBCBEF350.[chivas@aolonline.top].arena
  • .idBCBEF350.[cranbery@colorendgrace.com].cobra
  • .id406B4F5A.[black.mirror@qq.com].java
  • .id30B3DDC1.[mazma@india.com].write
  • .idB8F053EC.[marat20@cock.li].arrow
  • .idBCBEF350.[Beamsell@qq.com].bip
  • .idFCOA3387.[combo@tutanota.de].combo
  • .idBCBEF350.[paymentbtc@firemail.cc].cmb
  • .idA0B3FFC4.[paydecryption@qq.com].brrr
  • .idBCBEF350.[bebenrowan@aol.com].gamma
  • .idBCBEF350.[icrypt@cock.li].monro
  • .idBCBEF350.[bkp@cock.li].bkp
  • .idBCBEF350.[btc@fros.cc].btc
  • .idBCBEF350.[decrypt@fros.cc].bgtx
  • .idBCBEF350.[decrypt@fros.cc].boost
  • .idBCBEF350.[Darknes@420blaze.it].waifu
  • .id8ADB6DDA.[WindyHill@cock.li].funny
  • .idBCBEF350.[backtonormal@foxmail.com].betta
  • .idBCBEF350.[Blacklist@cock.li].vanss
  • .idBCBEF350.[GetDataBack@fros.cc].like
  • .idBCBEF350.[help@decryptfiles.info].gdb
  • .idBCBEF350.[syndicateXXX@aol.com].xxxxx
  • .id30CE2F6F.[unlock@fros.cc].lock]
  • .idBCBEF350.[decrypt@fros.cc].adobe
  • .idB4BCE79D.[payransom@qq.com].AUDIT
  • .idB4BCE79D.[decrypt_arena@india.com].cccmn
  • .id001DBF12.[xtron@cockli].tron
  • .idBCBEF350.[decrypt@fros.cc].back
  • .id001DBF12.[Grizzly@airmail.cc].Bear
  • .id001DBF12.[suppfirecrypt@qq.com].fire

Emails from Phobos Ransomware

  • .id[A0BE1E93-1127].[DonovanTudor@aol.com].txt
  • .id-9CA00B4E.[Sqlbackup4@mail.fr].bat
  • .id[EAFB2DAC-1023].[luciolussenhoff@aol.com].phobos
  • .ID3EA0B923.[job2019@tutanota.com].phobos
  • .ID1ECFD954.[FobosAmerika@protonmail.ch].Frendi
  • .ID2CA6D4CB.[prejimzalma1972@aol.com].phoenix
  • .id[B29F13F31130].[fileb@protonmail.com].mamba
  • .id[F6DE80A31148].[karlosdecrypt@outlook.con].KARLOS
  • .id[FA10CE411104].[kew07@qq.com].ACTIN
  • .id[F6DE80A31148].[returnmefiles@aol.com].ACTOR
  • .id[70C80B9F1127].[DonovanTudor@aol.com].com
  • .id[70C80B9F1127].[wewillhelpyou@qq.com].adage
  • .id[C4BA36472243].[walletdata@hotmail.com].WALLET
  • .id[6C21BD381096].[lockhelp@qq.com].acute
  • .id[6C21BD381096].[Supportcrypt2019@cock.li].Adame

Emails from Matrix Ransomware

  • kromber@india.com
  • kromber@protonmail.com

.arrow Ransomware

  • .id-{id}.[bitcoin888@cock.li].arrow
  • .id-{id}.[Blammo@cock.li].arrow
  • .id-{id}.[vauvau@cock.li].arrow

THT Ransomware

  • m4xroothackerteam@protonmail.com

Everbe 2.0 Ransomware

  • .eV3rbe
  • .EVIL
  • .HYENA
  • .thunder
  • .divine


Wolf Ransomware

  • .WOLF (wolfhelp359@airmail.cc)

Zorssecurity Ransomware

  • .zorsesecurity
Everbe 2.0 Ransomware Decryption

Everbe 2.0 Ransomware Decryption – Is it possible?

Ransomware Everbe 2.0 Hacker Characteristics

Everbe 2.0 ransomware is a crypto infection, and its primary objective is to lock up data and need ransom for its the decryption secret.

The cyber threat is a successor of Everbe 2.0 ransomware, which was first potted in March 2018, and revealed up once again several times as Embrace, Embrace, EvilLocker and Hyena Locker.

The infection utilizes AES [1] and RSA file encryption algorithms to secure data. While initial variation used.everbe appendix, the newest version which was discovered in September 2018 uses.NOT _ OPEN file extension,!. txt _ HOW_RECOVERY_FILES ransom note and advises users to call hackers via the notopen@cock.li or tryopen@cock.li e-mails.

Read more “Everbe 2.0 Ransomware Decryption – Is it possible?”

Free Dharma Decryptor Ransomware

Free decryption for Dharma ransomware

Free decryption tools now available for Dharma ransomware

An anonymous user has posted the decryption keys for the Dharma Decryptor online and its now possible that you may find free decryption for Dharma.

Dharma Ransomware

Computer users who had an infection by Dharma ransomware virus and have their files encrypted and locked onto their computers can now restore them for free.

Researchers on forums have created decryption tools for Dharma ransomware variant (2017) after someone leaked the decryption keys that could unlock the files.

Dharma Ransomware first appeared in November and is based on an older ransomware program known as Crysis family.

It’s easy to recognize files affected by it because they will have the extension: .[email_address].dharma

A free Dharma Decryption is now available and works for some Dharma Variants

On Wednesday, a user named gektar published a link to a Pastebin post on the BleepingComputer.com technical support forum.

The post, he claimed, contained the decryption keys for all Dharma variants.

Interestingly, the exact same thing happened back in November with the keys for Crysis, Dharma’s predecessor, allowing researchers to create decryption tools for it.

Decryption keys for the ransomware were added to the Kaspersky Lab’s Rakhni decryptor tool Thursday morning.

It’s not clear who gektar is or what his or her reasons were for leaking the Dharma keys. The username appears to have been created on the forum just for this purpose and has had no other activity since then.

The free Dharma Decryption works and Kaspersky built a free decryption tool for Dharma

There’s also no information about how the keys were obtained in the first place.

However, they were included in a C header file, which could suggest that the leaker had access to the ransomware program’s source code.

A member of the technical forum BleepingComputer.com, lightsentinelone has posted a Pastebin link which includes about 200 decryption keys.

According to BleepingComputer, the keys have been confirmed as valid.

Security researchers have used them to create Wallet Ransomware decryptor.

The good news is that the leaked keys are real, and researchers from Kaspersky Lab and ESET verified they work.

The two companies have updated their Crysis decryption tools– downloads at Kaspersky RakhniDecryptor and ESET CrysisDecryptor– to work for Dharma affected files, too.

If this works then you will have your free decryption for Dharma Ransomware.

Keep your encrypted files, solution maybe found by researchers

This should serve as a reminder to ransomware victims to keep a copy of their affected files, even if they decide not to give into attackers’ ransom demands.

Researchers sometimes find flaws in the encryption implementations of ransomware programs that allow them to break the encryption keys.

Other times law enforcement authorities seize command-and-control servers used by ransomware gangs and release the decryption keys.

From time to time, like in this case, the keys find their way online due to unexplained leaks:

Maybe a ransomware developer decides to close up shop and publish the keys, or maybe a hacker breaks into a rival gang’s servers and releases the keys to harm its operations.

The point is: Hold onto those files, for months or even years if you need to.

Other Tools for Ransomware Decryption

It’s a good idea to check the tools section of the NoMoreRansom.org website regularly.

The website is maintained by a team of security specialists and law enforcement agencies and is frequently updated with new information and decryption tools.

Dharma first appeared in November and is based on an older ransomware program known as Crysis.

It’s easy to recognize files affected by it because they will have the extension:. .[email_address].dharma

If this is your case then the free decryption for Dharma may help you recover and decrypt your files.

This should serve as a reminder to ransomware victims to keep a copy of their affected files, even if they decide not to give into attackers’ ransom demands.

Researchers sometimes find flaws in the encryption implementations of ransomware programs that allow them to break the encryption keys.

Other times law enforcement authorities seize command-and-control servers used by ransomware gangs and release the decryption keys.

What if this free decryptor for Dharma doesn’t work?

Its very probable that this tool will not work for your Dharma Encryption at all because this is a very old version and Dharma has created lots of variants.

In that case, you should contact us.

Ransomware Payments

A Google Study from 2017 shows that more than $25 million have been paid for ransomware payments

Ransomware victims have actually paid more than $25 million in ransomware payments over the last 2 years, according to a research study provided today by researchers at Google, Chainalysis, UC San Diego, and the NYU Tandon School of Engineering.

By following those payments through the blockchain and comparing them against known samples, researchers had the ability to build a detailed photo of the ransomware ecosystem.

Ransomware has actually become a nearly inevitable hazard in recent years.

When a system is contaminated, the program secures all local files to a private crucial held only by the opponents, demanding countless dollars in bitcoin to recuperate the systems.

It’s a damaging but lucrative attack, one that’s proven particularly popular amongst cybercriminals.

This summertime, computers at San Francisco’s biggest public radio station were locked up by an especially brutal ransomware attack, requiring producers to depend on mechanical stopwatches and paper scripts in the after-effects.

A damaging however rewarding attack

The research study tracked 34 separate variants of ransomware, with a few significant stress bringing in the bulk of the earnings.

The information reveals a ransomware variant called Locky as patient zero of the current epidemic, spurring a huge uptick in payments when it got here in early 2016. I

n the years that followed, the program would bring in more than $7 million in payments.

Crucially, Locky was the very first ransomware program to keep the payment and encryption infrastructure different from the groups dispersing the malware, enabling the malware to spread farther and faster than its rivals.

” Locky’s huge benefit was the decoupling of the individuals who preserve the ransomware from the individuals who are contaminating machines,” states NYU teacher Damon McCoy, who worked on the job. ”

Locky simply focused on developing the malware and support infrastructure.

Then they had other botnets spread and disperse the malware, which were better at that end of business.”

Other pressures soon caught on. Cerber and CryptXXX followed a similar playbook to generate $6.9 million and $1.9 million in ransomware payments, respectively.

In each case, the number shows overall payouts made by victims, and it’s unclear just how much of the cash made it back to the original ransomware authors.

The very same information reveals ransomware authors getting smarter about preventing antivirus software application.

Once a specific malware program has actually been recognized, anti-virus systems typically scan for matching binaries– a similar copy of the recovered program.

However modern-day malware can immediately alter the binary when an offered stress is discovered, a trick that ransomware programs have discovered well.

Scientist discovered countless new binaries a month connected with the Cerber ransomware, enabling it to skate past many signature-based antivirus systems.