Jump to content

Demonslay335

Emsisoft Employee
  • Posts

    131
  • Joined

  • Last visited

  • Days Won

    10

Everything posted by Demonslay335

  1. If I get the new decrypter to work on other victim's files, I'll be able to release it and you can try it for yourself. Still working out some bugs. Any chance that system had RDP open? We think that is the vector of infection for this variant.
  2. @bflmpesseveze @itatecomputers @Icetech I'm currently working on an update to the decrypter to support .theva. I've about got it ready for release. Could you share a pair of encrypted files with their originals so I can test? Worst-case, an encrypted PNG will do. The malware copies itself to %APPDATA%, try checking for a randomly named .exe in there. Most samples I have are around 270KB. Having a sample of it would be good as well if you can find it.
  3. Have you uploaded a ransom note and encrypted file to ID Ransomware? It will be able to identify what ransomware you are dealing with. Probably the latest Dharma unfortunately. Cry128 typically has ".onion.to._" as shown in the blog.
  4. @miguel pantotja Fabian Wosar has released a decrypter for Cry128, the newest variant of this Nemesis/CryptON garbage. http://blog.emsisoft.com/2017/05/01/remove-cry128-ransomware-with-emsisofts-free-decrypter/ Please give it a try with an encrypted file and it's original.
  5. Fabian Wosar has released a decrypter for Cry128, the newest variant of this Nemesis/CryptON garbage. http://blog.emsisoft.com/2017/05/01/remove-cry128-ransomware-with-emsisofts-free-decrypter/
  6. Fabian Wosar has released a decrypter for Cry128, the newest variant of this Nemesis/CryptON garbage. http://blog.emsisoft.com/2017/05/01/remove-cry128-ransomware-with-emsisofts-free-decrypter/
×
×
  • Create New...