Hi all,
my PC at work got hit by Nemesis Cry36 (as identified by ID Ransomware) on August 3rd, 9pm. Most likely via RDP, as that PC had only had a weak password (dumb, I know).
All files were renamed around that time, except for files and folders on the desktop. Ransom notes .txt files were put in every folder and they also changed desktop background.
I have already read that Cry36 is unfortunately not decryptable at this time (or ever?).
However, I found some suspicious IPs (Moscow, San José, Amsterdam) in the RDP logs, one around the above mentioned time, the others on the days prior.
Can this be of any help at all? The encrypted files were now saved to a backup disk (hoping for a miracle some day).
Is there anything else that might be of interest on the PC? Otherwise I'll erase/format everything to be on the safe side before setting up a new system.
Keep up the good work, guys!
