rstockham23

Member
  • Content Count

    4
  • Joined

  • Last visited

Community Reputation

0 Neutral

About rstockham23

  • Rank
    New Member
  1. Thank you. Those are all very good suggestions. I sent you a private message follow up from my last post. I realized later that what I posted online here at first was just Process Hacker and some encryped exe files of theirs. I was actually able to break in to their encrypted exe files and access the actual file that spreads the encryption on the file system. Would that be of use to you? I've encrypted 2 offline laptops already just exploring it's functionality :-)
  2. I've been scouring event logs, files, etc on the servers that got hacked with Cry36. I was able to find some of their executables left behind that they used in the hacking. One of the servers Antimalware software detected them and it got shut down before the hacker could remove the files. The MS Antimalware software detected it as: Win32/CryptoLemPiz.A Not sure if any of this helps, but wanted to share. Attached are the files I found. Please let me know if there are other places I need to submit these files. Thank you. processhacker.zip
  3. Thank you for the response. Unfortunately I only have backups for some of the infected files which we will be restoring, but other files, I do not. Do you feel there is any chance of a tool being developed to decrypt this soon? I would be more than willing to help out in any way as far as submitting more files, etc.
  4. I have an entire server infected with Ransomware. None of the tools on your site seem to work with it. Checked the file online and it appears it may be Cry36. Attached is an encrypted file, non-encrypted version and the ransom file. Please help! Agenda November 27, 2017.docx Agenda November 27, 2017.docx.id_2556159886_[[email protected]].4se9s ### DECRYPT MY FILES ###.html