What is SamSam Ransomware

SamSam Ransomware is wide-spreaded Ransomware virus. It encrypts files using AES or RSA cryptography. A Malware program also modifies filename with certain template, as a result encrypted files have the same names as the original files, but with modified extensions such as:
.encryptedRSA, .weareyourfriends, .weapologize, .areyoulovemyrans, .breeding123, decrypt .country82000, decrypt .country82000, .disposed2017, .disposed2017, .mention9823, .mention9823, .moments2900, .moments2900, .myransext2017, .myransext2017, .prosperous666, .prosperous666, .vekanhelpu, .vekanhelpu, .weapologize, .weapologize, 0000-sorry-for-files, .weareyourfriends, .weareyourfriends files
Besides, SamSam Ransomware creates an HTML file in the target’s folders with the names or names containing prefixes/suffixes such as:
– “HELP_DECRYPT_YOUR_FILES”
– “TRY-READ-ME-TO-DEC”
– “-SORRY-FOR-FILES” (new variant) with following message:

What happened to your files?
All your files encrypted with RSA-2048 encryption, For more information search in Google ‘RSA Encryption’
How to recover files?
RSA is a asymmetric cryptographic algorithm, You need one key for encryption and one key for decryption
So you need Private key to recover your files.
It’s not possible to recover your files without private key
How to get private key?
You can get your private key in 3 easy step:
Stepl: You must send us 0.7 BitCoin for each affected PC OR 3 BitCoins to receive ALL Private Keys for ALL affected PC’s.
Step2: After you send us 0.7 BitCoin, Leave a comment on our Site with this detail: Just write Your ‘Host name’ in your comment
Your Host name is:
Step3: We will reply to your comment with a decryption software, You should run it on your affected PC and all encrypted files will be recovered
Our Site Address: http://jcmi5n4c3mvgtyt5.onion/familiarisingly/
Our BitCoin Address: 1MdthqRCJe825ywjdbijsttWBpKanR
(If you send us 3 BitCoins For all PC’s, Leave a comment on our site with this detail: Just write ‘For All Affected PC‘s’ in your comment)
(Also if you want pay for ‘all affected PC‘s’ You can pay 1.5 Bitcoins to receive half of keys(randomly) and after you verify it send 2nd half to receive all
How To Access To Our Site
For access to our site you must install Tor browser and enter our site URL in your tor browser.
You can download tor browser from https://www.torproject.org/download/download.html.en
For more information please search in Google ‘How to access onion sites’
Test Decryption
Check our site, You can upload 2 encrypted files and we will decrypt your files as demo.
If you are worry that you don’t get your keys after you paid, You can get one key for free on you choise(except important servers), Te
Also you can get some single key and if all single BTC taht you paid reached to all keys price you will get all keys
Anyway be sure that you will get all your keys if you paid for them and we don’t want damage our reliability
with buying the first key you will find that we are honest.

SamSam ransomware

SamSam Ransomware demands ransom in BitCoins. SamSam, was updated in late December 2017 and compared to the previous version, has new .weapologize extension. A virus spreads in English-speaking countries. Ransomware runs destructive commands to remove shadow copies. Follow instructions below to remove SamSam Ransomware and decrypt .weapologize (or other) files in Windows 10, Windows 8, Windows 7.

Update: Use following service to identify the version and type of ransomware you were attacked by: ID Ransomware. Also check following website for possible decryptor: Emsisoft Decryptors.

June 2018 Update. SamSam 2 ransomware

SamSam ransomware ver.2 has the foolowing contains:

SamSam 2 Ransomware

How SamSam Ransomware infected your PC

At this moment, we know that several e-mails are used to distribute .docx files with malicious macroses. E-mails are distributed all over the world. You can also get this ransomware on file-sharing networks, including torrent files. Ransom is asked to be paid in BitCoins, that also makes the task difficult for the police, as the user in this network is often anonymous. Encryption starts in the background. Way to protect your computer from such threats is to use antiviruses with crypto-protection like HitmanPro.Alert with CryptoGuard.

First of all, don’t panic. Follow these easy steps below.

1. Start your computer in Safe Mode with networking. To do that, restart your computer before your system starts hit F8 several times. This will stop system from loading and will show Advanced boot options screen. Choose Safe mode with networking option from the options list using up and down arrows on your keyboard and hit Enter.
2. Log in to the system infected with the SamSam Ransomware virus. Launch your Internet browser and download a reliable anti-malware program and start a full system scan. Once the scan is complete, review scan results and remove all entries detected.

Recommended Solution:

Norton is a powerful removal tool. It can remove all instances of newest viruses, similar to SamSam Ransomware – files, folders, registry keys.

 

Download Norton*Trial version of Norton provides detection of computer viruses for FREE. To remove malware, you have to purchase the full version of Norton.

Step 2: Remove following files and folders of SamSam Ransomware:

Remove following registry entries:

no information

Remove following files and folders:

samsam.exe

How to decrypt files infected by SamSam Ransomware (.weapologize files)?

Use automated decryption tools

kaspersky rakhni decryptor for SamSam Ransomware

There is ransomware decryptor from Kaspersky that can decrypt .weapologize files. It is free and may help you restore .weapologize files encrypted by SamSam Ransomware virus. Download it here:

Download Kaspersky RakhniDecryptor

You can also try to use manual methods to restore and decrypt .weapologize files.

Decrypt .weapologize files manually

Restore the system using System Restore

system restore

Although latest versions of SamSam Ransomware remove system restore files, this method may help you partially restore your files. Give it a try and use standard System Restore to revive your data.

  1. Initiate the search for ‘system restore
  2. Click on the result
  3. Choose the date before the infection appearance
  4. Follow the on-screen instructions

Roll the files back to the previous version

Previous versions can be copies of files and folders created by Windows Backup (if it is active) or copies of files and folders created by System Restore. You can use this feature to restore files and folders that you accidentally modified or deleted, or that were damaged (in our case – SamSam Ransomware by SamSam Ransomware). This feature is available in Windows 7 and later versions.

windows previous versions

  1. Right-click the file and choose Properties
  2. Open the Previous Version tab
  3. Select the latest version and click Copy
  4. Click Restore

Restore .weapologize files using shadow copies

shadow explorer gui

  1. Download and run Shadow Explorer.
  2. Select the drive and folder where your files are located and date that you want to restore them from.
  3. Right-click on folder you want to restore and select Export.
  4. Once the scanning process is done, click Recover to restore your files.

Protect your computer from ransomware

hitmanpro alert with cryptoguard

Most modern antiviruses can protect your PC from ransomware and crypto-trojans, but thousands of people still get infected. There are several programs that use different approach t protect from ransomware and lockers. One of the best is HitmanPro.Alert with CryptoGuard. You may already know HitmanPro as famous cloud-based anti-malware scanner. Check out ultimate active protection software from SurfRight.

Download HitmanPro.Alert with CryptoGuard

Information provided by: Alexey Abalmasov

Leave a Reply

Your email address will not be published. Required fields are marked *