Jump to content

Sarah W

Emsisoft Employee
  • Content Count

    226
  • Joined

  • Last visited

  • Days Won

    10

Everything posted by Sarah W

  1. Hi Jim, Sorry about the delay. The nemucod decrypter was able to find a key for me. What error did you get when you tried it? Regards, Sarah
  2. A few things. First of all, we are a 30 people team, hardly the scale of most antivirus vendors with 500+ employees. This means that many of us have to work multiple roles and we offer the decrypters for free, meaning that we don't directly profit from them (however, we appreciate anyone who considers our products based on them), so they have to be balanced around the other work we have to do. Giving a timeline would not be a good idea, we rarely know how long it will take. We would not like to give a set time and then fail to meet it because we came across a problem we didn't expect. In the e
  3. Hi RaZoR, To secure the system, please make sure to either close RDP if you do not want to use it, or if you do, secure it with a strong password. You will also want to do windows updates as there have been vulnerabilities fixed which allowed attackers to access your system. I forgot to mention this before, you can try file recovery tools in the meantime as some users have had success with them. Regards, Sarah
  4. Hi Jimmy, Closing those security holes is very important, so I'm glad you did so. I forgot to mention this before, you can try file recovery tools in the meantime as some users have had success with them. Regards, Sarah
  5. Hi, Unfortunately renaming files doesn't help. You can try some file recovery tools, as I know some user have had luck with those. Regards, Sarah
  6. Hi Borgdrone, Please upload some encrypted files here and the ransom note. Also, please run a scan with Emsisoft Emergency Kit again and then delete what you find as it looks like you're infected with malware. Regards, Sarah
  7. Hi COnsu1, We updated our decrypter to handle the file name encryption. Regards, Sarah
  8. Hi Tee Jay, Sorry about the delay, looks like you got missed. Can you upload a bigger file pair and share the ransom note? Regards, Sarah
  9. Hi handtrix, Sorry about the delay, looks like you got missed. You can download the Nemucod decrypter. To use it you will need an encrypted and unencrypted version of the same file which you can then drag onto the decrypter. The usual approach is to try to find an un-encrypted file - in a backup, or on your phone, or something you emailed to a friend that could be sent back to you or something you know you downloaded from somewhere else that you could try to get again (clearly it would need to be precisely the same file again). Regards, Sarah
  10. Hi buakbuak, PCLock is unfortunately not decryptable. You can either backup your files and wait for a solution, or pay the criminals (we do not recommend this) currently. You can also try data recovery tools like A good backup procedure is very important and well worth the investment. As a note, Emsisoft Anti-Malware would have prevented your system from being compromised and encrypted in the first place. So if you appreciate our support, why not do yourself and your files a favour and check our product out, and consider buying it at a discounted price. Regards, Sarah
  11. Hi all, We are currently still looking into seeing whether the ransomware is decryptable or not. We will let you know if we find out whether it is or not. There may be a cryptocoin miner on the system (a program which uses your CPU to mine a cryptocurrency for the criminal, in this case), so if you want to check whether the system is clean then you can use our product; Emsisoft Anti-Malware. If you like our product and it is of help then please consider buying it, the price is discounted and we protect against ransomware such as this one. Some other advice is that investing in a
  12. Hi all, We are currently still looking into seeing whether the ransomware is decryptable or not. We will let you know if we find out whether it is or not. There may be a cryptocoin miner on the system (a program which uses your CPU to mine a cryptocurrency for the criminal, in this case), so if you want to check whether the system is clean then you can use our product; Emsisoft Anti-Malware. If you like our product and it is of help then please consider buying it, the price is discounted and we protect against ransomware such as this one. Some other advice is that investing in a
  13. Hi all, We are currently still looking into seeing whether the ransomware is decryptable or not. We will let you know if we find out whether it is or not. There may be a cryptocoin miner on the system (a program which uses your CPU to mine a cryptocurrency for the criminal, in this case), so if you want to check whether the system is clean then you can use our product; Emsisoft Anti-Malware. If you like our product and it is of help then please consider buying it; the price is discounted and we protect against ransomware such as this one. Some other advice is that investing in a
  14. Hi oden52dof, We are currently still looking into seeing whether the ransomware is decryptable or not. We will let you know if we find out whether it is or not. There may be a cryptocoin miner on the system (a program which uses your CPU to mine a cryptocurrency for the criminal, in this case), so if you want to check whether the system is clean then you can use our product; Emsisoft Anti-Malware. If you like our product and it is of help then please consider buying it, the price is discounted and we protect against ransomware such as this one. Some other advice is that investin
  15. Hi Jimmy, We are currently still looking into seeing whether the ransomware is decryptable or not. We will let you know if we find out whether it is or not. I saw that mentioned you disabled RDP, mind checking whether it's still disabled as we believe that is how the criminals enter the system? Do you have all updates? There may be a coin miner on the system (-a cryptonight -o stratum+tcp://xmr.crypto-pool.fr:443 -u 48Nk7Q5oB5gEVLabrgo3KhLbaTSDKvZNHBECoHyZcxWNDMgfDnHA8Ue2Skp7A6z2ZGG93wmLxxrKa1j4QR7kmi866AP1G8t -p x), so if you want to check whether the system is clean then you c
  16. That's a cryptocoin miner. The criminals running this campaign drop these miners, which take up system resources and power in order to mine these coins for them, so it's not something you want on your system. Emsisoft Anti-Malware should be able to detect such threats, and if our product is of help then please consider buying it (the price is discounted and we protect against ransomware such as this one). Some other advice is that investing in a good backup procedure is very important and well worth it. I would suggest having two or more backups, at least one disconnected. You will also n
  17. Hi Vidal and WilliamScriven, Crypt0l0cker is unfortunately not decryptable. You can either backup your files and wait for a solution, or pay the criminals (we do not recommend this) currently. A good backup procedure is very important and well worth the investment, especially make sure not to keep the backup attached to the system unless you are backing up (it is best to have two different backups). As a note, Emsisoft Anti-Malware would have prevented your system from being compromised and encrypted in the first place. So if you appreciate our support, why not do yourself and your
  18. Hi Russel, This ransomware looks new. Do you have any ransom note, or the malware file? Regards, Sarah
  19. Hi COnsu1, We are currently looking into this ransomware as looks like there is a variant we don't have covered yet in our decrypter. I will let you know when we do. A good backup procedure is very important and well worth the investment. You will also need to secure RDP with a strong password if you continue to use it, as this is how the criminals enter the system. Regards, Sarah
  20. Hi vinoddvinsin, Cerber is unfortunately not decryptable. You can either backup your files and wait for a solution, or pay the criminals (we do not recommend this) currently. A good backup procedure is very important and well worth the investment. As a note, Emsisoft Anti-Malware would have prevented your system from being compromised and encrypted in the first place. So if you appreciate our support, why not do yourself and your files a favour and check our product out, and consider buying it. Regards, Sarah
  21. Hi eltom, You aren't dealing with a variant of the Cry ransomware, but instead a variant of Dharma. Dharma is unfortunately not decryptable. You can either backup your files and wait for a solution, or pay the criminals (we do not recommend this) currently. A good backup procedure is very important and well worth the investment. You will also need to secure RDP with a strong password if you continue to use it, as this is how the criminals enter the system. Regards, Sarah
  22. Hi bflmpesseveze, We just found a sample of this ransomware, so if the current decrypter doesn't work then we will hopefully cover this variant soon. Regards, Sarah
  23. Hi kasper, Sorry about the delay, took a little while to add what we needed, but please download the newest version of the decrypter . You will need to go to options and insert Fabian's mother sucked my dick in public. as the salt (needs to be exactly this), and [email protected] as the email. Then click calculate for the ID. After that, you can return to the Decrypter tab and then click decrypt. Regards, Sarah
  24. All version of Cryakl currently. You can also try file recovery programs like Easus Data Recovery Wizard and Recuva too, however, I do not know how effective it will be. Regards, Sarah
  25. Hi mytouch, Sorry I couldn't provide better news. You may have some luck with file recovery programs like Easus Data Recovery Wizard and Recuva too, however, I do not know how effective it will be. Regards, Sarah
×
×
  • Create New...