Jump to content

Sarah W

Emsisoft Employee
  • Content Count

    226
  • Joined

  • Last visited

  • Days Won

    10

Everything posted by Sarah W

  1. Hi Snappy, To add to what JeremyNicoll said; if files from Microsoft word were encrypted, download it again on a clean system and then use that to find the original to the encrypted file, and drag them onto the decryptor. The readme.txt that come with most programs are all the same through different versions of the programs, for example with Notepadd++, WinRAR, chrome. If you know you have a program like that, try to download the same version from the internet. Regards, Sarah
  2. Hi kasper551, Do you still have the file that caused the infection, if so please upload it here. Regards, Sarah
  3. Hi Andy2017, Going off the information you provided, you were infected with PCLock. Unfortunately, PCLock ransomware is not decryptable. Your best bet is to wait for a solution that may happen at some point if you don't want to pay (I suggest not, if possible). bruticus0's suggestion of Easus Data Recovery is a good one, but I do not know how effective it will be. A good backup procedure is very important and well worth the investment. As a note, Emsisoft Anti-Malware would have prevented your system from being compromised and encrypted in the first place. If you're interested, why n
  4. Hi all, Unfortunately, PCLock ransomware is not decryptable. Your best bet is to wait for a solution that may happen at some point if you don't want to pay (I suggest not, if possible). You can also try file recovery programs like Easus Data Recovery Wizard and Recuva too, however, I do not know how effective it will be. A good backup procedure is very important and well worth the investment. As a note, Emsisoft Anti-Malware would have prevented your system from being compromised and encrypted in the first place. If you're interested, why not do yourself and your files a favour and c
  5. Hi handtrix, Nemucod doesn't come via RDP usually, however, they may have downloaded more malware which caused this issue. If you want to deal with the password, this article has a few steps you can try. bruticus0 is correct in that you can use any files or programs you downloaded which were encrypted as the file pair. Regards, Sarah
  6. Hi Yazzen, Unfortunately, PCLock ransomware is not decryptable. Your best bet is to wait for a solution that may happen at some point if you don't want to pay (I suggest not, if possible). A good backup procedure is very important and well worth the investment. As a note, Emsisoft Anti-Malware would have prevented your system from being compromised and encrypted in the first place. If you're interested, why not do yourself and your files a favour and check our product out, and consider buying it. Regards, Sarah
  7. Hi elin, Unfortunately, Mole ransomware is not decryptable. Your best bet is to wait for a solution that may happen at some point if you don't want to pay (I suggest not, if possible). A good backup procedure is very important and well worth the investment. As a note, Emsisoft Anti-Malware would have prevented your system from being compromised and encrypted in the first place. If you're interested, why not do yourself and your files a favour and check our product out, and consider buying it. Regards, Sarah
  8. Hi altonova, Sorry about the delay Unfortunately, Cryakl ransomware is not decryptable. Your best bet is to wait for a solution that may happen at some point if you don't want to pay (I suggest not, if possible). A good backup procedure is very important and well worth the investment. You will also need to secure RDP with a strong password, if you continue to use it, as this is how the criminals enter the system. Sarah
  9. Hi all, They are hacking in via insecure RDP configuration. Make sure if you continue to use RDP that you set a strong password. We are looking into it and hopefully will have something for you in terms of decryption, though it may take a while since the member who does the decryption is ill. Regards, Sarah
  10. Hi handtrix, I see you downloaded decrypt_Nemucod.exe, you will need to drag an encrypted and unencrypted version of the the same file onto the decrypter and then you can decrypt all your files. Regards, Sarah
  11. Hi Edwin, You can format your computer and then copy over the encrypted files to the new system. We are currently still working on the solution. Regards, Sarah
  12. Hi Ransomwarevictim, Yes, they are hacking in via insecure RDP configuration. Make sure if you continue to use RDP that you set a strong password. We are looking into it and hopefully will have something for you in terms of decryption, though it may take a while since the member who does the decryption is ill. Regards, Sarah
  13. Hi MCR, Glad we could help A good backup procedure is very important and well worth the investment. As a note, Emsisoft Anti-Malware would have prevented your system from being compromised and encrypted in the first place. If you're interested, why not do yourself and your files a favour and check our product out, and consider buying it. Regards, Sarah
  14. Hi all, Yes, they are hacking in via insecure RDP configuration. Make sure if you continue to use RDP that you set a strong password. We are looking into it and hopefully will have something for you in terms of decryption, though it may take a while since the member who does the decryption is ill. Regards, Sarah
  15. Hi Davepens, it's just a file sharing site. I have also uploaded to dropbox. Regards, Sarah
  16. Hi mytouch, Unfortunately, WannaCry ransomware is not decryptable. Your best bet is to wait for a solution that may happen at some point if you don't want to pay (I suggest not, if possible). A good backup procedure is very important and well worth the investment. As a note, Emsisoft Anti-Malware would have prevented your system from being compromised and encrypted in the first place. If you're interested, why not do yourself and your files a favour and check our product out, and consider buying it. Regards, Sarah
  17. Hi Dean, We're still looking into the new ransomware currently, please be patient. Regards, Sarah
  18. Hi Dean, Do you have a copy of the ransom note or happen to open a document called Scott-Resume.doc? I do not believe this is Nemucod, as the whole file is encrypted, but instead a new ransomware which we are looking into. Regards, Sarah
  19. Hi Dean, Did a screen like this appear?: If so, then it's a new variant and we are currently still looking to it. Hopefully, we will have more information for you soon, which we will post here. Regards, Sarah
  20. Hi Maximum, It'll be announced at least on BleepingComputer on their news, but we should also post a reply here. Regards, Sarah
  21. Hi Jarin81, You need to download the decrypter from here, and you will need to drag and drop DSC06719.JPG.MERRY and DSC06719.JPG files onto the decrypter. It will find 4 keys, you need to go into Options tab and select the 3rd option (-2:1:2_n_A_B_r_b_D_) in the Key Selection. Then you can switch to the Decrypter tab and click Decrypt. Regards, Sarah
  22. Hi Alex, Unfortunately, that's the issue with dealing with criminals, some will not be honest and give the files back. A good backup procedure is very important and well worth the investment. You will also need to secure RDP with a strong password, if you continue to use it, as this is how the criminals enter the system. Regards, Sarah
  23. Hi xgent, Sorry I couldn't provide better news. Regards, Sarah
  24. Hi Morty, I'm glad we could help, let me know if there were any issues with some files not decrypting properly. A good backup procedure is very important and well worth the investment. As a note, Emsisoft Anti-Malware would have prevented your system from being compromised and encrypted in the first place. So if you appreciate our support, why not do yourself and your files a favour and check our product out, and consider buying it. Regards, Sarah
  25. Hi Theamoebson, Well, the keys may be recovered or leaked later on, but you may be waiting a long time. The encryption is secure though, unfortunately. Regards, Sarah
×
×
  • Create New...