Jump to content


  • Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About Pen

  • Rank

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Another update: version fails to return any keys for the same 3 file pairs. Thank you for your efforts.
  2. Hi Kevin, I did try those other two file pairs that generated only one or two keys, The decrypter ran, but the files produced were not readable in any cases. I tried serval file types. Thanks
  3. Update: I ran version against a few pairs of files. It does find keys and I was able to run, however the resulting files are not readable. First pair (drummond_large.png) found approximately 32 keys. I tried the first few and did not get any readable files The second pair (menuicons.png) generated 2 keys, but no readable files with either key The third pair (background.jpg) generated a single key, but also no readable files. background.jpg.MERRY
  4. Kevin, Thanks to you and your team for your efforts. Unfortunately, the updated decrypter did not work on the first file pair I tried and I'm fairly certain it was a valid pair. I will try others and let you know.
  5. We have shut down the machine that was the source of the infection. Will encrypted files on shares still be deleted at the deadline? If so, is there a process to look for.? Thank you.
  6. That is... unfortunate. I will keep looking. I do have encrypted/unencrypted versions of the same files if helpful.
  7. I have not yet found a workstation that has been infected, so haven't found a source email attachment. I suspect a server login via RDP using a vendor account with a weak password..Are there other file types I should look for? Thanks.
  8. As suggested, I am starting a new thread for the MERRY_I_LOVE_YOU_BRUCE variant of the Merry Christmas ransomware. I am attaching the .hta file, please let me know if there are other files I should submit. Thank you. MERRY_I_LOVE_YOU_BRUCE.HTA
  9. I have another variant: MERRY_I_LOVE_YOU_BRUCE.HTA that won't work with the decrypter. Any hope? What can I provide to help? Thanks.
  • Create New...