bflmpesseveze

You can try Shadowexplorer to recover files from shadow copy. You don't need to have history files enabled. It won't work everytime but you can try it at least.

PDFs:https://uloz.to/!gOklqoTGuB9h/3m77099-rpt-zip JPGs: https://uloz.to/!p5Z3PHToomB7/3m3-0780-kasparova-zip

do you think it will scan all ports for the RDP service? Because our infected customer has open RDP but routed from different port, not the default one.

I can send you encrypted and decrypted files. Is JPG alright? I have few of them PDF also. PM or post it here? But with those exe files I'm sorry, bitdefender deletes it all.

Dear Sarah, thank you for your answer. I will wait then. Have a nice day.

Greetings, Our customer get some new ransomware and all data are encrypted and named "filename.[[email protected]].theva" and in every folder is #_README_#.inf file with some info from the ransomware creators. I did not find anything on google except two logs from some malicious scan logs. I can send encrypted and decrypted files. Also I attach logs but I think there will be no notice about any ransomware. Malwarebytes didnt find anything, nor bitdefender . The ransomware uninstalled ESET antivirus somehow. Edit: I found it should be some BTCware and now I am trying decrypting tool, will update soon. Sorry for my bad english Greets Martin V. Addition.txt FRST.txt scan_170509-103057.txt PB095682.JPG.[[email protected]].theva #_README_#.inf