BartW_Portland

Thanks Arthur. Heres the result from the id-ransomware.malwarehunterteam.com site: 1 Result Dharma (.cezar) This ransomware has no known way of decrypting data at this time. It is recommended to backup your encrypted files, and hope for a solution in the future. Identified by sample_extension: .id-<id>.[<email>].java sample_bytes: [0x5A00 - 0x5A40] 0x00000000020000000CFE7A410000000000000000000000002000000000000000 custom_rule: Original filename "index.html" after filemarker Click here for more information about Dharma (.cezar) +++++++++++++++++++++++++++++++++++++++++++++++++++++ Please advise. Thanks, Brent

Found ransom note on desktop. Most all files are encrypted and renamed with an 36FF1EC9.[[email protected]].java extension. Files on attached drive (attached to router via usb) are encrypted as well. Incident occurred on or around Feb 19th. Have run both the EEK and FRST. Resulting files are attached herein. Addition.txt FRST.txt scan_180324-134345.txt