• Content Count

  • Joined

  • Last visited

Everything posted by maurp75

  1. Hi, I received this response from Kaspersky when I submitted the files for analysis: After analysis, the lab team found that the files were encrypted by a variant of Trojan-Ransom.Win32.Kangar, unfortunately this variant uses a secure encryption algorithm that makes it impossible to create a decryption tool. We understand and find it natural that he is dissatisfied with the fact that he has been the victim of a cyber crime. Some variants of ransomware have cryptographic keys and algorithms that make it possible to break the encryption of files. Unfortunately, in most cases the type of encryption used does not allow the development of reverse encryption, since the criminals did not intend to recover all files after the rescue, only part of them for the victim to pay or only intended to cause damage in the environment. Certain variant can create files of different extensions and also variants with different algorithms can create files with the same extension. In the case of the current infection, the malware analysis team has detected that the type of encryption used makes it impossible to decrypt.
  2. Hi , Thanks for your support. We ended up by paying the ransom as the only solution to recover some important files (for an unknown reason have not been backed up). We paid 0.1 BTC and they sent us a program called "Smart Descrypter.exe". Once you run it, it properly scans hard disks seeking for the encrypted files but when you try to decrypt, it asks for an Activation Code. Decrypter.rar?dl=0 Let me know if it helps in any sense. Regards, M Smart Decrypter.rar For your reference: encrypted sample files: Encrypted.rar resulting decrypted sample file (they did it as a free sample): Decrypted.rar
  3. Until this moment we are not aware of how the server was infected, according to Kaspersky analyst was by port 3389.
  4. Follows the file as a request. Thanks in advance for your help. danfe_20160419141404.pdf.missing
  5. Follow the result:
  6. Good afternoon, our server was affected by the ransomware that creates the .missing / .Contact_Data_Recovery.txt extensions. LI old articles but did not find anything that would help me, would they have any solution to this problem? The rescue email address [email protected] I thank the attention.