Decrypt Sorry-ID Ransomware Files -- 2

@Web1devloper

With my vast knowledge of Linux, especially in incident response, I am confident that I can restore your compromised server and decrypt your Sorry-ID ransomware files. Over 8 years, I have developed a deep understanding of various database structures particularly MySQL which are often targets of similar attacks. On top of that, my skillset includes Linux server administration. Having root access is empowering in resolving such incidents as it grants visibility and completely control over the server environment. Understanding the importance of data security, my intervention would be swift and comprehensive. I start by assessing the situation through log analysis and utilizing relevant toolkits like STOP/DJVU for decryption purposes. After the decryption or data-recovery works, I will craft a comprehensive 'post-mortem report' detailing the extent of the attack as well as provide a checklist for pertinent security improvements. Rest assured, no malicious process will remain after my work is complete. In addition to my technical capacity in resolving such complex incidents, I'm also proficient with GitHub for project documentation and collaboration while Docker and CI/CD ensures the setup is stable & reliable. I aim to not just rescue but also empower you with better security measures so you can preempt any future threats. Let's join hands and bring back your system in its original state!

@emilesd617

Hi, I am a Linux security and incident response specialist with 8 years of rich experience in software development, with a background in Linux system administration, web security, malware analysis, data recovery, and network security. I can analyze the “Sorry-ID” ransomware impact, attempt decryption using known STOP/DJVU or relevant tools, recover files where possible, and ensure the system is fully cleaned (no active threats). I’ll also provide a clear post-mortem report and apply security hardening steps to prevent future compromise. I'm an individual freelancer and can work on any time zone you want. Please contact me with the best time for you to have a quick chat. Looking forward to discussing more details. Thanks. Emile.

@sf264

Hello, I can attempt to decrypt or recover the data of the affected files. Feel free to message me and let's start. I am excited to collaborate with you, Fahad.

@engruhulajom

Dear Client, I’m an experienced full-stack developer with over 10 years of experience in web and mobile application development, specializing in building scalable, responsive, and high-performance solutions for diverse business needs. I understand you are looking for a reliable developer to build or improve your project, including web or mobile applications similar to CRM, dashboards, or APIs, and I have worked on similar solutions successfully. My skills in React, Vue, Laravel, PHP, Python, REST APIs, and database design ensure efficient and high-quality delivery. Feel free to share more details or ask questions. I’m ready to refine my approach to match your exact requirements. Looking forward to working with you. Best regards, Md Ruhul Ajom

@markupdudes

Hi, I understand the urgency of your situation with the Sorry-ID ransomware having compromised your Linux server. With extensive experience in incident response, ransomware decryption, and Linux system administration, I am confident I can help decrypt your files or recover the data using tailored strategies for STOP/DJVU and related ransomware toolkits. I will start by thoroughly analyzing your system, stopping any active malicious processes, and applying proven decryption techniques. Once your files are restored with their original names and accessible paths, I will deliver a detailed post-mortem report along with a tailored security checklist to help safeguard your server against future attacks. Full root access and system logs will allow us to act swiftly. I can begin immediately and aim to have the initial assessment and recovery progress within 3 days. Are there any specific directories or high-priority files you want me to focus on first during the recovery process? Best regards,

@amadorjay

Hello, The primary challenge involves assessing the extent of the compromise while ensuring no remnants of malicious processes persist. Another critical aspect is the potential need for data recovery from files with altered extensions, which may involve complex decryption processes. Could you clarify if there are any specific logs or indicators that suggest the nature of the attack? Additionally, are there any existing security measures that were in place prior to the incident? Understanding the current state of the infrastructure will be vital for effective remediation. I am ready to assist in restoring your system and enhancing its security posture.

@addressofak

Hi, I’ve handled similar ransomware incidents before (including cases like STOP/DJVU variants), and I want to be upfront—since you don’t have backups, recovery can take some time and full restoration isn’t always guaranteed depending on the encryption keys used. Also, continuing to trust the same compromised server is risky. In many cases, attackers leave backdoors, so even if files are recovered, the system itself may remain vulnerable. Here’s how I’d approach this: ✔ Immediate audit to ensure no active malicious processes remain ✔ Attempt file recovery/decryption using available tools and techniques ✔ Securely extract whatever recoverable data we can to a safe local environment ✔ Rebuild a fresh, hardened server (recommended) and restore clean data ✔ Apply security hardening (firewall, SSH lockdown, fail2ban, permissions, etc.) ✔ Provide a clear post-mortem report + prevention checklist If you can provide root access, I can start right away. I’ll first assess the damage and give you a realistic recovery expectation, then proceed with cleanup and rebuilding in a secure way. Let’s get your system back in a safe and usable state ?

@alluankit01

Hi, I can help investigate your Linux server ransomware incident, remove any active malicious processes, and attempt safe recovery of the files renamed with the “Sorry ID” extension. I’ll first secure the server to prevent further damage, check running processes, cron jobs, SSH access, web shells, suspicious users, recent file changes, logs, and persistence points. Then I’ll identify the ransomware family, preserve evidence, and attempt recovery through available decryptors, file system recovery, shadow copies if present, temporary files, application caches, database dumps, and any recoverable original paths. I want to be honest that decryption is only possible if the ransomware has a known weakness or available key, but I will do a careful incident response and recovery attempt instead of making false promises. You will receive restored files where possible, malware cleanup, original path reconstruction where recoverable, a post mortem report, and a security hardening checklist to reduce the chance of reinfection. Best regards Ankit

@cuyodigital

Your files are encrypted with the "Sorry-ID" extension (likely STOP/DJVU or similar), and you have no backups—but you still have root access. That's the main problem. I've handled ransomware recovery before. I'll analyse the encryption type, attempt decryption using available tools (if the variant has an offline key), remove all malicious processes, and secure your server (firewall, fail2ban, kernel hardening). After recovery, you'll get a post‑mortem and a security checklist. Let me try to get your data back. Best regards

@maylancerit

As an experienced sysadmin, I've dealt with similar situations numerous times throughout my 8+ years in the field. My specialized skills include Linux server administration, backend development, and API design. Your project aligns perfectly with my expertise and interests, making me the perfect candidate for extracting your files from the Sorry-ID ransomware. Utilizing my knowledge in STOP/DJVU and other relevant toolkits, I can confidently say, I'm your best option at decrypting and restoring your files swiftly. In terms of security, I would provide post-mortem reports as well as security checklists tailored to your needs to prevent future incidences. Furthermore, given my track record of working directly with clients and providing efficient solutions minus agency overheads, you have the benefit of streamlined communication and a quicker turn-around on your project. With immediate access to system logs and full root credentials on your end, together we can overcome this challenge successfully. Let's start decrypting those files—I'm ready when you are!

@daxm0

Hi, Your goal is to recover files encrypted by the "Sorry-ID" ransomware on your compromised Linux server. The real issue lies in the lack of usable backups and the urgency to regain access to the affected files securely. I propose a comprehensive solution leveraging my expertise in Linux, Web Security, and System Administration. With a strong background in data protection and risk assessment, I will utilize penetration testing tools to decrypt the files and ensure no active malicious processes remain. As a certified security-focused sysadmin with hands-on experience in incident response, I have successfully recovered encrypted files in similar scenarios. I am confident in delivering the desired outcome promptly. I have a few questions about the project. Please message me via chat to discuss further. My time zone is flexible, so I can easily work around yours. Cheer, Dax.M

@smitk9999

Hello, I can help investigate the ransomware incident, attempt recovery, and secure your Linux server using Linux, system administration, web security, and incident response. I’ve handled compromised servers where files were encrypted or renamed (including STOP/DJVU-like patterns). I’ll first isolate the system, check for active malicious processes, persistence mechanisms (cron, services, SSH keys), and review logs to understand the entry point. I’ll then attempt recovery using known decryptors (if applicable), check for shadow copies, temp storage, or partial backups, and try file restoration strategies. If decryption isn’t possible, I’ll still focus on recovering as much data as possible and ensuring the system is fully clean. I’ll also harden the server: patch vulnerabilities, secure SSH, audit users, review Apache configs, and provide a clear post-mortem with steps taken and improvements applied. I’m ready to start immediately. Can you confirm the OS version and share a sample encrypted file plus any ransom note? Best, Smit

@SonnyDube

I am a perfect fit for your project. I understand your critical need to decrypt or recover files affected by the “Sorry-ID” ransomware while ensuring no active malicious processes remain and restoring original file names and paths. My goal is to deliver a clean, secure system with a thorough post-mortem report and clear security improvements. While I am new to Freelancer, I have strong experience in incident response and Linux system recovery, successfully handling similar ransomware cases outside this platform. I offer a free consultation to discuss your system details and recommend the best technical approach. I would love to chat more about your project! Regards, Sonny Dube

@mahads31

With your Linux server being compromised and your files encrypted, you need someone who understands the intricacies of system security and encryption to salvage what seems lost. Although I don't solely specialize in incident-response, as I've focused heavily on web and software development, this by no means excludes my expertise in tackling daunting security-related tasks. I have extensive knowledge of not only Linux-based systems but also in data encryption and recovery processes. I am confident in handling the Sorry-ID ransomware situation and utilizing relevant toolkits such as STOP/DJVU to decrypt or recover your affected files. Moreover, choosing me as your technology partner doesn't just involve this particular project but an assurance for a long-term relationship that extends beyond fixing problems to improve system security moving forward. I promise to furnish you with a post-mortem report, along with a concise checklist specifying the security improvements executed during this exercise. I guarantee our engagement will result in your regained peace of mind and fortifying your systems against future threats. Let's start working together without delay!

@salahuddin1973

Hello I understand the severity of your situation — this is a classic ransomware-style file encryption incident, and the priority here is controlled recovery + full containment before any further damage or reinfection occurs. I will first perform a forensic-level assessment of the system using SSH access and logs to identify the exact encryption vector (commonly STOP/DJVU variants in similar cases). Then I will isolate persistence points, remove any residual malicious processes, and secure the server environment. For recovery, I will attempt structured restoration using: Known STOP/DJVU decryption possibilities (if key recovery is feasible) Shadow copies / filesystem artifacts (if available) File carving & partial recovery techniques where decryption is not possible After stabilization, I will provide a full post-mortem report including infection source analysis and a hardening checklist (firewall rules, SSH security, backup strategy, and intrusion prevention steps). Portfolio: https://www.freelancer.pk/u/salahuddin1973 I can start immediately and prioritize containment first to prevent any further impact. Naufal

@kennedya65

Hello, I can help with this “Sorry-ID” ransomware case. From the details provided, this appears to match the recent Linux/cPanel ransomware activity where files are renamed with the .sorry extension and the ransom note includes a TOX ID for contact. I will first verify the variant from the ransom note, encrypted file samples, server logs, and any remaining malware artifacts. For decryption and recovery, my first step will be to check whether the server has been rebooted. If it is still running from the time of encryption, I will capture memory first, because some ransomware can leave encryption keys or useful artifacts in RAM. I will then analyze the encrypted files, ransom note, running processes, logs, cron jobs, SSH keys, web shells, and suspicious binaries. I cannot honestly guarantee decryption before analysis, but I can attempt recovery using memory analysis, ransomware identification, available decryptor research, file carving, temporary files, caches, database recovery, and any remaining server snapshots or artifacts. I will also remove active malicious processes, check for persistence, secure the server, and provide a short post-mortem report with the recovery results and security improvements applied. I am ready to start immediately through SSH and the hosting console.