Michael Gillespie

@demonslay335

Loves cats and coding. Hunter. Creator of ID Ransomware.

United States
id-ransomware.malwarehunterteam.com
Na Twitteri od: apríl 2014
684 fotiek a videí Fotky a videá

Tweety

Zablokovali ste používateľa @demonslay335

Naozaj chcete zobraziť tieto Tweety? Zobrazenie Tweetov neodblokuje používateľa @demonslay335

  1. Pripnutý Tweet
    24. 3. 2016

    ID is live! Special thanks to for the sub-domain.

    13 replies 98 Retweetov 154 Tweetov sa páčilo
    Späť
  2. Retweetol používateľ
    pred 15 hodinami

    Microsoft Releases KB4090913 Update to Fix Critical USB Driver Issue

    10 Retweetov 17 Tweetov sa páčilo
    Späť
  3. pred 14 hodinami

    Looks like has updated to v1.5.1.0. ID Ransomware picked up on example file named "[email protected] -1614714137-578233478334310455516964.fname-README.txt.doubleoffset"

    6 Retweetov 6 Tweetov sa páčilo
    Späť
  4. Retweetol používateľ
    pred 17 hodinami

    ScammerLocker (Hidden Tear) ransomware: Ext: .jodis Based on name & the GUI (it won't appear if you just run, it will only encrypt & drop note), prob. will target scammers. 🤔 Also, first time I hear about IOTA related to RW.

    22 Retweetov 30 Tweetov sa páčilo
    Späť
  5. Retweetol používateľ
    pred 19 hodinami

    New Ladon ransomware portal cdmsxo25y4lfht6v[.]onion cc:

    1 reply 12 Retweetov 18 Tweetov sa páčilo
    Späť
  6. pred 22 hodinami

    Spanish with extension ".jes" and a sweet Cthulhu image. Decrypter updated.

    1 reply 12 Retweetov 20 Tweetov sa páčilo
    Späť
  7. 5. 3.

    , possible extension ".BLOCKED". Has a function for every possible drive of the system... talk about inefficient. Crashes with a 403 on trying to contact its C2, lol. Seems based on LightningCrypt and other junk ones according to

    26 Retweetov 39 Tweetov sa páčilo
    Späť
  8. 5. 3.

    Weird changes for , this one appends extension "! ,--, Revert Access ,--, [email protected] ,--,.BlockBax_v3.2" (lots of spaces in there) to files.

    1 reply 8 Retweetov 12 Tweetov sa páčilo
    Späť
  9. 5. 3.

    Anyone familiar with command line? I'm not sure from the commands used by the malware in the screenshots if we can help victims decrypt.

    Interesting spotted by , tries to use GPG to do its encryption for it, then sdelete. Supposed to use extension ".<number>.qwerty", but since I didn't have those exes bundled, just drops the note and does nothing. ¯\_(ツ)_/¯
    Zobraziť toto vlákno
    2 Retweety 4 Tweety sa páčili
    Späť
  10. Retweetol používateľ
    4. 3.

    It works! / Это работает!

    1 reply 10 Retweetov 12 Tweetov sa páčilo
    Zobraziť toto vlákno
    Zobraziť toto vlákno
    Späť
  11. Retweetol používateľ
    5. 3.

    So, the new GandCrab is arrived. 👏 And they are using a new extension, note name & even TOR domain, so we are good (). Thanks guys. 😂 They now linking to the decryption tutorial on NoMoreRansom, and says that won't work...

    Can't wait to see GandCrab v2. 😂 Just one thing GandCrab team: please use extension GDCB2 (or anything different than the current one), so we can properly separate them. Thanks. And good luck...
    Zobraziť toto vlákno
    38 Retweetov 43 Tweetov sa páčilo
    Zobraziť toto vlákno
    Zobraziť toto vlákno
    Späť
  12. Retweetol používateľ
    4. 3.

    SpyHunter again deceives users

    1 reply 11 Retweetov 13 Tweetov sa páčilo
    Späť
  13. 4. 3.

    Interesting here, using extension ".Bitconnect" and some new extortion text wanting you to take a photo of yourself to post on Instagram.

    7 Retweetov 15 Tweetov sa páčilo
    Späť
  14. Retweetol používateľ
    3. 3.

    just found this site infected with "Awesomeware" . an email for the list xD

    1 reply 5 Retweetov 13 Tweetov sa páčilo
    Späť
  15. 3. 3.

    If anyone has been hit by , please contact me. The current published decrypter can't decrypt your files right away, I have to actually bruteforce your keys manually at the present time.

    28 Retweetov 44 Tweetov sa páčilo
    Späť
  16. 3. 3.

    I've updated detection on ID Ransomware. Seems they've started using "READ_ME.txt" for the note, which is way too generic... but I can detect based on format of the URLs in the note dynamically now.

    14 Retweetov 18 Tweetov sa páčilo
    Späť
  17. Retweetol používateľ
    2. 3.

    The Week in Ransomware - March 2nd 2018 - GandCrab Decrypted, RaaS, and More - by

    1 reply 25 Retweetov 31 Tweetov sa páčilo
    Zobraziť toto vlákno
    Zobraziť toto vlákno
    Späť
  18. 1. 3.

    seems to be still out there. ID Ransomware just got a submission with note "=_HOW_TO_FIX_RQZLIN.txt" and Tor address royal25fphqilqft[.]onion. Seeing no references to this address yet, site is still up as of now.

    7 replies 31 Retweetov 29 Tweetov sa páčilo
    Späť
  19. 1. 3.

    Oh, we got 2 victim submissions to IDR this week that were false-positive for an old HiddenTear-based ransomware (sorry). This one definitely isn't HiddenTear.

    1 Retweet 4 Tweety sa páčili
    Zobraziť toto vlákno
    Zobraziť toto vlákno
    Späť
  20. 1. 3.

    Interesting spotted by , tries to use GPG to do its encryption for it, then sdelete. Supposed to use extension ".<number>.qwerty", but since I didn't have those exes bundled, just drops the note and does nothing. ¯\_(ツ)_/¯

    23 Retweetov 26 Tweetov sa páčilo
    Zobraziť toto vlákno
    Zobraziť toto vlákno
    Späť
  21. 1. 3.

    ID Ransomware spotted a new extension for yesterday - ".id-<id>.[<email>].arrow"

    1 reply 13 Retweetov 12 Tweetov sa páčilo
    Späť

Používateľ @demonslay335 zatiaľ netweetoval.

Načítavanie bude chvíľu trvať.

Twitter je preťažený alebo sa vyskytla neočakávaná chyba. Skúste to znova alebo navštívte stránku Twitter Status, ktorá obsahuje viac informácií.

    Môže sa vám páčiť aj

    ·