I am a drafter in California. My computer was infected with the Cry9 *.onion encryption. I went on every forum...researching for days if anyone had any solutions...and was lead here and have seen other people have complained about a similar *.onion encryption. This forum helped me to reboot to safe mode so I could run an antimalware sweep. Thank you Emsisoft. I am just a regular person....computer drafter who's cad files had all been encrypted with the onion encryption. Thousands of drafting hours potentially lost. I am no computer programmer or IT expert. This forum was very informative at least helping me understand the nature and severity of this nasty encryption. Over the years I've dealt with different kids of malware.....Trojan Vundo with the biohazard icon on the desktop, that one virus that converted my files to hidden types, ect. Typically I could jump on a forum and within a couple hours research .....someone had a solution. This cry9 variant truly caused severe stress to my life, my coworkers, and our families.
I want to share how I was able to recover all my files ....all 222 GB of it. I hired a company called proven data recovery. It took about 4 days for them to decrypt the files. I was unsure at first since one data recovery company told me it was going to cost $20k to decrypt. I called a couple others......by chance found proven data recovery and their fee was much more reasonable. So for those who have files encrypted with the *.onion cry9, proven data recovery helped me. Maybe there is another way to deal directly with the terrorists but my company did not feel comfortable doing that and possibly giving money via bitcoin with no proven return our files would be decrypted.
This whole ordeal has taught me a couple things.....get a cloud backup and backup data at least every week to an external hardrive...... keep the operating software/updates up-to-date.