-
Content Count
226 -
Joined
-
Last visited
-
Days Won
10
Everything posted by Sarah W
-
Closed Computer has been encrypted
Sarah W replied to DesignerScott's topic in Help, my PC is infected!
Can you share some files which are not working and the file pair you are using to decrypt them? We will take a look and see if we can help. Regards, Sarah -
Hi willaien, We will look into the malware file you provided and update you when we have something. Regards, Sarah
-
Yes, please run it on the actual computer the infection happened on and the original copies (hopefully not moved) I suggest perhaps restricting what IPs can connect to RDP and making sure that the password is changed and not reused anywhere else, as they tend to brute force their way in. Considering it was done by RDP, good chance it may be deleted, but I suggest checking recycling bins and running a scanner/antivirus (can use our programs). Regards, Sarah
-
Buongiorno, Sfortunatamente crypt0l0cker non è decriptabile gratuitamente. Alcuni utenti hanno avuto fortuna pagando l'assistenza di Dr Web. Qui i termini e le condizioni di Dr. Web (11/25/15): assistenza gratuita nella decriptazione dei file criptati durante l'utilizzo di Dr.Web al momento dell'infezione. Come inviare una richiesta di supporto a Doctor Web. Invia una richiesta Cordialmente, Sarah
-
Hi there, Have you moved the files from the original location? You can try other file pairs, but if they do not work then we will need the malware file. Regards, Sarah
-
Hello there, Sorry about the delay in replying to you. What was the name of the ransom note, as this will help us figure out what version of Globe this is? Do you also happen to have the malware file? Regards, Sarah
-
Hi there, Please download this decrypter and drag and drop the SETUP.HTM and SETUP.HTM.crypt onto it. Let me know if you have any issues, and please specify what the error is. Regards, Sarah
-
.crypt files possibly encrypted twice?
Sarah W replied to Billy C's topic in Help, my files are encrypted!
Hi there, Can you please upload this (C:\Documents and Settings\Guest\Application Data\Neazgy\owub.exe) file to virustotal and post the link. It looks like you were infected with two different ransomwares, is this correct? Please download this decrypter and drag and drop the c21.exe and c21.exe.crypt onto it. Let me know if you have any issues. Regards, Sarah -
Locky is a ransomware family that first appeared in February last year. Locky uses AES to encrypt files. Encrypted files will have either ".locky", ".zepto", ".odin", ".shit", ".thor", ".aesir", ",zzzzz" or ".osiris" as an extension. The ransom note is named "_HELP_instructions.html", "_-INSTRUCTION.html", "OSIRIS-.html", "_Locky_recover_instructions.txt", "_WHAT_is.html" or "_HELP_instructions.bmp" and asks victims to contact via the tor links. Locky is currently not decryptable. More information can be found here. If you have any questions about this ransomware, you can post here.