AL3918

CKWS.....I do not know how they decrypted. After I gave my credit card info to them, took a deep breath and hoped everything would turn out ok. I received an email from proven data that gave instructions on how to setup a remote connection for their technician. I could see the technician login remotely (screen turned black) and I could see the mouse pointer moving around going through my files. I didn't stare at the server the whole time....it was on a Friday and came into work on Monday and the pointer was still moving around...I don't know if one technician worked on my server or multiple......The technician had access to the ransom note so it is plausible they directly contacted them or they were able to decrypt on their own. I'm not sure. I don't like the idea of a hacker getting some kind of payment...but at the same time I had files....that represented thousands of hours of Autocad drafting that were unusable. It was not "worthless" to me since all my data was recovered and even though a handful of my clients got pissed off for the delay in our drafting production......if I couldn't get all my files back....most likely this could've closed down my company.

I am a drafter in California. My computer was infected with the Cry9 *.onion encryption. I went on every forum...researching for days if anyone had any solutions...and was lead here and have seen other people have complained about a similar *.onion encryption. This forum helped me to reboot to safe mode so I could run an antimalware sweep. Thank you Emsisoft. I am just a regular person....computer drafter who's cad files had all been encrypted with the onion encryption. Thousands of drafting hours potentially lost. I am no computer programmer or IT expert. This forum was very informative at least helping me understand the nature and severity of this nasty encryption. Over the years I've dealt with different kids of malware.....Trojan Vundo with the biohazard icon on the desktop, that one virus that converted my files to hidden types, ect. Typically I could jump on a forum and within a couple hours research .....someone had a solution. This cry9 variant truly caused severe stress to my life, my coworkers, and our families. I want to share how I was able to recover all my files ....all 222 GB of it. I hired a company called proven data recovery. It took about 4 days for them to decrypt the files. I was unsure at first since one data recovery company told me it was going to cost $20k to decrypt. I called a couple others......by chance found proven data recovery and their fee was much more reasonable. So for those who have files encrypted with the *.onion cry9, proven data recovery helped me. Maybe there is another way to deal directly with the terrorists but my company did not feel comfortable doing that and possibly giving money via bitcoin with no proven return our files would be decrypted. This whole ordeal has taught me a couple things.....get a cloud backup and backup data at least every week to an external hardrive...... keep the operating software/updates up-to-date.