• Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About lordgarthsliver

  • Rank
    New Member
  1. Yes around then, not completely sure. The machine was on for a few days, possibly weeks. It was running a fNC Server (Tiger I think), which is how I think they got in. I just happened by and noticed the Amnesia screen splash. From what I can discern I believe it is a scarab variant that deletes itself after doing it's work. The drives with all their encrypted files have been saved off to an external drive. I plan on rebuilding it at this point, maybe as a Linux machine instead. We have been using as a Resilio Sync server (perhaps another hole) a streaming video/audio server and a couple other small business related things. There are probably about a month or so worth of data that has been lost at this point. I have posted on Bleeping Computer.com as well and do not feel optimistic about recovery. Nonetheless if a decrypt solution presents itself we'll try it. I'm still pissed at whoever did this.
  2. Im not hopeful decryption-wise at this point. Where do I look for the program. Im afraid it has been cleaned off, perhaps in a quarantine folder
  3. It seems most likely from what I have researched so far. Bleeping Computer Forum people seem to think the same. If you guys want me too upload more files/data let me know. This really pisses me off, so any help I can be
  4. By the way the encrypted files I uploaded should be .jpg files.
  5. Arthur thank you for your response. It looks like a version of TigerVNC server was running. Ports have been shutdown on router and firewall. Attached is a sample file and one of the many Recover files.TXT. This a small network here, 3-4 machines. The only machine affected us the one that had a VNCServer running on it. Will work on implementing VPN. In the meantime there are files we need to try and recover. The security measures are all being audited after this incident [email protected] HOW TO RECOVER ENCRYPTED FILES.TXT [email protected]om
  6. It says amnesia on the screen backround. But the encrypted files have a [email protected] extension. The ID ransomwear site ID's it as amnesia and AVCrypt. I noticed my AVG protection was down at the time of the attack. I tried Your Amnesia and Amnesia2 decrypters without anysuccess. I have purchased and loaded Emisoft anti malware and have a copy of Hitman and AVG virus scanning running. There are some files I really need to get off this computer. Is there any help? LordG