Jump to content


  • Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About Paully

  • Rank
    New Member
  1. have you tried their decryptor on their page?: https://decrypter.emsisoft.com/ there's a 'how to use' guide. don't format the machine yet!
  2. Try looking through these guys' decryption page: https://decrypter.emsisoft.com/ You may be able to identify yours there.
  3. First one on thier decryptor page: https://decrypter.emsisoft.com/ Hope you guys haven't formatted the infected machine yet (as I did!). If so, the files are gone. The virus makes a .db file on the infected workstation that contains the missing data and decryption keys of each file in ruins. If you've wiped the machine, that .db file is gone along with any hope of recovery.
  4. An additional question, and please pardon me if my nomenclature is off. Is NemucodAES known to worm (if i'm using that correctly)? The workstation that was hit, did damage a few dozen (60 or so) files on a shared network folder. The workstation has been formatted, reinstalled. We are still picking through and replacing affected network files. Should I be concerned that it could become active from the network machine? Or was active software removed when I formatted the workstation? Two weeks now since the attack, and there has been no sign of additional activity, but I tho
  5. Thank you for your input. Now I can confidently release my last sliver of hope and move on. I've learned much from this. I appreciate everyone here's contribution to battle. Best of luck, Paul
  6. So you believe that it is the new variant NemucodAES then? It all hinges on the diagnosis doesn't it.
  7. I see on the https://decrypter.emsisoft.com/ page the NemucodAES showed up today. This seems quite similar to what hit us. The visual formatting of the ransom note is identical, but there are a couple differences in the note content (e.g. the bitcoin amounts, the browser links, etc.). I've gone through the other ransom ware descriptions on that page and nothing matches exactly. The couple that don't rename affected files, seem to have very different looking ransom notes than ours. (Are major ransom note differences that conclusive?) Yeesh, I hope it's not NemucodAES as we already formatte
  8. Hello Gracious Emsisoft Folks, Virus hit a workstation Friday (Jan 07 '17) via email .zip attachment. It encrypted the workstation and several mapped-drive server files. At this point: Workstation has been formatted and received fresh installs of OS, etc., unfortunately before we knew to grab any file the virus may have left on the desktop. The virus did not rename the corrupted/encrypted files Several encrypted files on server have been archived in their current, unfortunate state and are ready for decryption attempts. Attached is a pic of ransomware note tha
  • Create New...