Jump to content


  • Posts

  • Joined

  • Last visited


0 Neutral

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. @rpotalara If you are trying to recover a MS SQL database that has been affected in most cases you can use some recovery tools to recover your database, as this 36byte variant only encrypts the first 10KB of your file and add an extra 36bytes to the end of your file, many MS SQL recovery tools will be able to pickup your data from the rest of your data file that is still valid. we used this tool and it recovered a filestore we had in a SQL server database. https://www.systoolsgroup.com/
  2. @JimmyJAPA just so you know paying didn't help us, they just moved the balance out of the Bitcoin wallet
  3. Just for reference this thing seems to only alter the first 10KB of information and the end 36bytes, which it adds on. The last 4bytes is always the same on that computer. So if you have a large database or file type with recovery tools, you can likely try to rebuild it.
  4. Hi, I have the same issue, here is a sample with a file Before and After. It seems to be triggered from a file called: QQSS77889900.EXE And created other exe like: L.EXE, A.EXE, A[1].exe, A[2].exe, G.exe, a[3].exe _DECRYPT_MY_FILES.txt Summary.xml Summary.xml.id_1756635677_2irbar3mjvbap6gt.onion.to._ I would also add do not try to pay for these to be de-crypted as it does not work.
  • Create New...