I'm having the same unfortune here.
I have 2 extension types, and I know for sure that they're both different.
This ransomware deleted all of my disk's shadow copy's, all of my Windows restore points, and its even capable to encrypt the files in all $RECYCLE folders of all disks, so it leaves no way to get the files back.
I contacted the hacker by the email that he os she provided, manifesting my intention to pay.
He answerd me, and asked me to send him the unique ID (findable on .HTML or .TXT files) and some encrypted files so he can proof successfully decrypt.
In my reply to him, i've attached a file with [[email protected]
].HRM extension and another with the .GEFEST extension, and provided the .HTML file that he left on every fkng folder of every disk partition. Then he sent the [[email protected]
].HRM file decrypted and asked me to look for another info (or openable .txt) files left on my computer with some kind of keys in it. That means 2 different encription types as they need 2 different unique keys.
I'm not sharing publicly my files, nor my real identity or any personal info about me, just because (although I think I've kept my anonymity while talking to the hacker) he could probably trace me or something. I have my computer cleaned and offline, my files are backed up (THE ENCRYPTED ONES) and i'm getting a new network card.
I really hope (and patiently wait) for a quick solution to this new Ransomware.
And if there's anyone with encription knowlage reading this post, who think that it's possible to somehow catch the encription secrets with the 2 files I have (encrypted and decrypted version of the same file) please contact email address to avoid member being spammed.