Hi guys and girls,
I am wondering if you can assist me with a server that has become encrypted. All of the files have had .cheetah added at the end and [id=XXXXXXXX] appended.
I have tried a couple of online ID sites. One of them detects it as BigBobRoss but your and Avast's decrypting tool do not work with either a before and after file or the ransom note. The EEK Kit and a site which checks against multiple vendors detects it as Gen:Variant.Ransom.Stop.2 and a couple of other types.
I have saved the following which are available at the link below as I couldn't work out how to attach them as per your guide.:
1. A zipped before and after file
2. The EEK and FRST logs zipped
3. A copy of the encryption message text file
4. The file that the EEK kit detected as infected zipped
5. A screen shot from the multi-site detection
6. A screen shot of the MAC address information
Thanks in advance for your time.