Sarah W

Hi DRUG, Please share the two files you used. Regards, Sarah

Hi Morty, Sorry about the delay, took a little while to add what we needed, but please download the newest version of the decrypter . You will need to go to options and insert Wosar is a pig dancing on the wardrobe. as the salt (needs to be exactly this), and [email protected] as the email. Then click calculate for the ID. After that, you can return to the Decrypter tab and then click decrypt. Regards, Sarah

Hi BenSan, Sorry about the delay, you can run the tool on another system but you would need to have the encrypted files on that system that you wanted to decrypt. We'll think about adding that option where you can save the key. RDP is how these criminals usually enter, so please secure it with a strong password. Regards, Sarah

Hi Theamoebson, BTCWare is unfortunately not decryptable. You can either backup your files and wait for a solution, or pay the criminals (we do not recommend this) currently. RDP is how these criminals usually enter, so please secure it with a strong password. Regards, Sarah

Hi xginx, Looks like the infection is gone now. Regards, Sarah

Hi xginx, How is the system running now? Can you access Avast and task manager? Please re-run FRST, put a check into the box next to Addition.txt and press the scan button. It will produce FRST.txt and Addition.txt logs located on the desktop. Please copy and paste the logs into your next reply. Regards, Sarah

Hi Davepens, You should see this: You need to click on Download This File. Then fill in the captcha. Regards, Sarah

Hi Massimo, Unfortunately, Hermes 2.0 ransomware is not decryptable. Your best bet is to wait for a solution that may happen at some point if you don't want to pay (I suggest not, if possible). A good backup procedure is very important and well worth the investment. As a note, Emsisoft Anti-Malware would have prevented your system from being compromised and encrypted in the first place. So if you appreciate our support, why not do yourself and your files a favour and check our product out, and consider buying it. Regards, Sarah

Hi xgent, Unfortunately, Sage ransomware is not decryptable. Your best bet is to wait for a solution that may happen at some point if you don't want to pay (I suggest not, if possible). A good backup procedure is very important and well worth the investment. As a note, Emsisoft Anti-Malware would have prevented your system from being compromised and encrypted in the first place. So if you appreciate our support, why not do yourself and your files a favour and check our product out, and consider buying it. Regards, Sarah

Hi Gusi, Wallet Dharma is unfortunately not decryptable. You can either backup your files and wait for a solution, or pay the criminals (we do not recommend this) currently. RDP is how these criminals usually enter, so please secure it with a strong password. Regards, Sarah

Hi josevm700, Hopefully we have a solution eventually. Regards, Sarah

Hi xginx, Sorry about that. Download from here, and follow the rest of the instructions. Regards, Sarah

Hi Davepens, Try and download it from here, follow the rest of the instructions after. Regards, Sarah

Hi Brenda Chandler, Sorry for the delay, I happened to miss your topic. To use the decrypter you will require an encrypted file of at least 4096 bytes in size as well as its unencrypted version. To start the decrypter select both the encrypted and unencrypted file and drag and drop them onto the decrypter executable. Regards, Sarah

Hi Daniel, I merged your post with the Locky topic. Locky is unfortunately not decryptable. You can either backup your files and wait for a solution, or pay the criminals (we do not recommend this) currently. As a note, Emsisoft Anti-Malware would have prevented your system from being compromised and encrypted in the first place. So if you appreciate our support, why not do yourself and your files a favour and check our product out, and consider buying it. Regards, Sarah

Hi vettalex, You are most welcome. Glad we could help! Usually, Globe comes in via RDP, so if you know that you have that enabled, please change the passwords to something more secure. If you appreciate our decrypter and want to support the work we do, I suggest checking our product out, and consider buying it. Regards, Sarah

Hi Morty, Perfect, that's what we are looking for. Give us a few days and we'll have something for you. Regards, Sarah

Hi vettalex, Please download and use this decrypter. To use the decrypter, you will require a file pair containing both an encrypted file and its non-encrypted original version. Select both the encrypted and unencrypted file and drag and drop both of them onto the decrypter file in your download directory. If file names are encrypted, please use the file size to determine the correct file. Regards, Sarah

Hi Panos and manelv, Al-Namrood 2 is unfortunately not decryptable. You can either backup your files and wait for a solution, or pay the criminals (we do not recommend this) currently. RDP is how these criminals usually enter, so please secure it with a strong password. Regards, Sarah

Hi xginx, We need to run a fix with FRST: Please download the attached fixlist.txt file and save it to the same location as FRST Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system fixlist.txt Run FRST.exe/FRST64.exe and press the Fix button just once and wait If for some reason the tool needs a restart, please make sure you let the

Hi josevm700, We did find a sample of this ransomware, but it seems to be secure. You can either pay the criminal (we do not recommend this) or wait for a possible solution. Regards, Sarah

Hi Davepens, Please download removecrypted.bat and run it. It should delete the crypted files. Regards, Sarah removecrypted.bat

Hi Sergio, Al-Namrood 2 is unfortunately not decryptable. You can either backup your files and wait for a solution, or pay the criminals (we do not recommend this) currently. RDP is how these criminals usually enter, so please secure it with a strong password. Regards, Sarah

Hi TCO Jason, Wallet Dharma is unfortunately not decryptable. You can either backup your files and wait for a solution, or pay the criminals (we do not recommend this) currently. RDP is how these criminals usually enter, so please secure it with a strong password. Regards, Sarah

Hi rooterz and xginx, PCLock is unfortunately not decryptable. You can either backup your files and wait for a solution, or pay the criminals (we do not recommend this) currently. xginx, if you think you're infected then please do this for me: Install and Run Emsisoft Emergency Kit (EEK): Double click EmergencyKitScanner.exe to install EEK When the installation of EEK is complete the Emergency Kit scanner will run. NOTE: Make sure to enable PUPs detection. Click "Yes" to Update Emsisoft Emergency Kit Under "Scan" click-on "Malware Scan". IMPOR