New
#1
I see a file named _readme.txt
What is it?
Can you open one of those brusaf files as a jpg if you remove the .brusaf extension?
Have you done a virus and malware scan AFTER you did the OS reinstall?
I can't find any information on a brusaf extension.
Can you open the _readme.txt file that is shown? What does it say?
me to searching of brusaf extension but nowhere ... except me that readme.txt file is i did my own
here are th eproxy links corrupted file..
Proxy links.txt
- - - Updated - - -
WTF???????????????????
i got this readme text file
ATTENTION!Don't worry, you can return all your files!All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.The only method of recovering files is to purchase decrypt tool and unique key for you.This software will decrypt all your encrypted files.What guarantees you have?You can send one of your encrypted file from your PC and we decrypt it for free.But we can decrypt only 1 file for free. File must not contain valuable information.You can get and look video overview decrypt tool:The page you were looking for doesn't exist (404) of private key and decrypt software is $980.Discount 50% available if you contact us first 72 hours, that's price for you is $490.Please note that you'll never restore your data without payment.Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.To get this software you need write on our e-mail:gorentos@bitmessage.chReserve e-mail address to contact us:gorentos2@firemail.ccYour personal ID:141hGfdLgFPMgsMmlIQMmNIKRnl5
I guess that's what is called "ransomware". Most likely you were infected by a Trojan.
That read me file could mean a couple of things:
You pay the money and can recover the files.
You pay the money and cannot recover your files.
I don't have enough knowledge about it to help you, but someone else might.
Ransomware - Wikipedia
brusaf is one of the many extensions used by the STOP (DJVU) Ransomware, bit on Bleeping Computer about it. STOP Ransomware (.STOP, .Puma, .Djvu, .Promo, .Drume) Help & Support Topic - Ransomware Help & Tech Support
Clam1952 beat me. I was going to suggest getting info at IDRansomware.
The ransom note email address given is:
gorentos2@firemail.cc
Entering that address at idransomware.com will ID that address as using the STOP ransomware and provide some possibly useful links to help you.