Sarah W

Hi Snappy, To add to what JeremyNicoll said; if files from Microsoft word were encrypted, download it again on a clean system and then use that to find the original to the encrypted file, and drag them onto the decryptor. The readme.txt that come with most programs are all the same through different versions of the programs, for example with Notepadd++, WinRAR, chrome. If you know you have a program like that, try to download the same version from the internet. Regards, Sarah

Hi kasper551, Do you still have the file that caused the infection, if so please upload it here. Regards, Sarah

Hi Andy2017, Going off the information you provided, you were infected with PCLock. Unfortunately, PCLock ransomware is not decryptable. Your best bet is to wait for a solution that may happen at some point if you don't want to pay (I suggest not, if possible). bruticus0's suggestion of Easus Data Recovery is a good one, but I do not know how effective it will be. A good backup procedure is very important and well worth the investment. As a note, Emsisoft Anti-Malware would have prevented your system from being compromised and encrypted in the first place. If you're interested, why n

Hi all, Unfortunately, PCLock ransomware is not decryptable. Your best bet is to wait for a solution that may happen at some point if you don't want to pay (I suggest not, if possible). You can also try file recovery programs like Easus Data Recovery Wizard and Recuva too, however, I do not know how effective it will be. A good backup procedure is very important and well worth the investment. As a note, Emsisoft Anti-Malware would have prevented your system from being compromised and encrypted in the first place. If you're interested, why not do yourself and your files a favour and c

Hi handtrix, Nemucod doesn't come via RDP usually, however, they may have downloaded more malware which caused this issue. If you want to deal with the password, this article has a few steps you can try. bruticus0 is correct in that you can use any files or programs you downloaded which were encrypted as the file pair. Regards, Sarah

Hi Yazzen, Unfortunately, PCLock ransomware is not decryptable. Your best bet is to wait for a solution that may happen at some point if you don't want to pay (I suggest not, if possible). A good backup procedure is very important and well worth the investment. As a note, Emsisoft Anti-Malware would have prevented your system from being compromised and encrypted in the first place. If you're interested, why not do yourself and your files a favour and check our product out, and consider buying it. Regards, Sarah

Hi elin, Unfortunately, Mole ransomware is not decryptable. Your best bet is to wait for a solution that may happen at some point if you don't want to pay (I suggest not, if possible). A good backup procedure is very important and well worth the investment. As a note, Emsisoft Anti-Malware would have prevented your system from being compromised and encrypted in the first place. If you're interested, why not do yourself and your files a favour and check our product out, and consider buying it. Regards, Sarah

Hi altonova, Sorry about the delay Unfortunately, Cryakl ransomware is not decryptable. Your best bet is to wait for a solution that may happen at some point if you don't want to pay (I suggest not, if possible). A good backup procedure is very important and well worth the investment. You will also need to secure RDP with a strong password, if you continue to use it, as this is how the criminals enter the system. Sarah

Hi all, They are hacking in via insecure RDP configuration. Make sure if you continue to use RDP that you set a strong password. We are looking into it and hopefully will have something for you in terms of decryption, though it may take a while since the member who does the decryption is ill. Regards, Sarah

Hi handtrix, I see you downloaded decrypt_Nemucod.exe, you will need to drag an encrypted and unencrypted version of the the same file onto the decrypter and then you can decrypt all your files. Regards, Sarah

Hi Edwin, You can format your computer and then copy over the encrypted files to the new system. We are currently still working on the solution. Regards, Sarah

Hi Ransomwarevictim, Yes, they are hacking in via insecure RDP configuration. Make sure if you continue to use RDP that you set a strong password. We are looking into it and hopefully will have something for you in terms of decryption, though it may take a while since the member who does the decryption is ill. Regards, Sarah

Hi MCR, Glad we could help A good backup procedure is very important and well worth the investment. As a note, Emsisoft Anti-Malware would have prevented your system from being compromised and encrypted in the first place. If you're interested, why not do yourself and your files a favour and check our product out, and consider buying it. Regards, Sarah

Hi all, Yes, they are hacking in via insecure RDP configuration. Make sure if you continue to use RDP that you set a strong password. We are looking into it and hopefully will have something for you in terms of decryption, though it may take a while since the member who does the decryption is ill. Regards, Sarah

Hi Davepens, it's just a file sharing site. I have also uploaded to dropbox. Regards, Sarah

Hi mytouch, Unfortunately, WannaCry ransomware is not decryptable. Your best bet is to wait for a solution that may happen at some point if you don't want to pay (I suggest not, if possible). A good backup procedure is very important and well worth the investment. As a note, Emsisoft Anti-Malware would have prevented your system from being compromised and encrypted in the first place. If you're interested, why not do yourself and your files a favour and check our product out, and consider buying it. Regards, Sarah

Hi Dean, We're still looking into the new ransomware currently, please be patient. Regards, Sarah

Hi Dean, Do you have a copy of the ransom note or happen to open a document called Scott-Resume.doc? I do not believe this is Nemucod, as the whole file is encrypted, but instead a new ransomware which we are looking into. Regards, Sarah

Hi Dean, Did a screen like this appear?: If so, then it's a new variant and we are currently still looking to it. Hopefully, we will have more information for you soon, which we will post here. Regards, Sarah

Hi Maximum, It'll be announced at least on BleepingComputer on their news, but we should also post a reply here. Regards, Sarah

Hi Jarin81, You need to download the decrypter from here, and you will need to drag and drop DSC06719.JPG.MERRY and DSC06719.JPG files onto the decrypter. It will find 4 keys, you need to go into Options tab and select the 3rd option (-2:1:2_n_A_B_r_b_D_) in the Key Selection. Then you can switch to the Decrypter tab and click Decrypt. Regards, Sarah

Hi Alex, Unfortunately, that's the issue with dealing with criminals, some will not be honest and give the files back. A good backup procedure is very important and well worth the investment. You will also need to secure RDP with a strong password, if you continue to use it, as this is how the criminals enter the system. Regards, Sarah

Hi xgent, Sorry I couldn't provide better news. Regards, Sarah

Hi Morty, I'm glad we could help, let me know if there were any issues with some files not decrypting properly. A good backup procedure is very important and well worth the investment. As a note, Emsisoft Anti-Malware would have prevented your system from being compromised and encrypted in the first place. So if you appreciate our support, why not do yourself and your files a favour and check our product out, and consider buying it. Regards, Sarah

Hi Theamoebson, Well, the keys may be recovered or leaked later on, but you may be waiting a long time. The encryption is secure though, unfortunately. Regards, Sarah