Hi, I received this response from Kaspersky when I submitted the files for analysis: After analysis, the lab team found that the files were encrypted by a variant of Trojan-Ransom.Win32.Kangar, unfortunately this variant uses a secure encryption algorithm that makes it impossible to create a decryption tool. We understand and find it natural that he is dissatisfied with the fact that he has been the victim of a cyber crime. Some variants of ransomware have cryptographic keys and algorithms that make it possible to break the encryption of files. Unfortunately, in most cases the type of encryption used does not allow the development of reverse encryption, since the criminals did not intend to recover all files after the rescue, only part of them for the victim to pay or only intended to cause damage in the environment. Certain variant can create files of different extensions and also variants with different algorithms can create files with the same extension. In the case of the current infection, the malware analysis team has detected that the type of encryption used makes it impossible to decrypt.