BJammin

Member
  • Content Count

    2
  • Joined

  • Last visited

Community Reputation

0 Neutral

About BJammin

  • Rank
    New Member
  1. Since we paid the ransom to get the decryption tool, and the decryption tool worked for a brief moment, why would it suddenly stop working? I don't see any rhyme or reason to why it works then it doesn't. Now it doesn't work at all.
  2. I have 200,000 files that are encrypted ending with .sys via compromised RDP. The attackers were malicious and deleted a lot of files. It looks like it's a variant of the DLL Cryptomix ransomware: https://blog.watchpointdata.com/dll-cryptomix-exposes-ransomware-infection-method I reluctantly paid the ransom and they sent me a decryptor tool but it's not working. It worked on some files that were less than 2 GB then suddenly stopped working on everything. The criminals sent us a message demanding more ransom to decrypt anything over 2 GB. Since I have the decryptor tool they sent me and it worked for a little while on some files, is there any way to reverse engineer it to work with everything else? Ransom note: Hello! Attention! All Your data was encrypted! For specific informartion, please send us an email with Your ID number: [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] Please send Your email to our all email addresses! We will help You immediately! As faster You will contact us as cheaper will be the recovery price! IMPORTANT: DO NOT USE ANY PUBLIC SOFTWARE! IT MAY DAMAGE YOUR DATA FOREVER! DECRYPT-ID-XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX number - I removed the ID number just in case. Any feedback or ideas would be much appreciated, I'm lost on what to do next.