• Content Count

  • Joined

  • Last visited

  • Days Won


sanchomdv last won the day on July 6 2019

sanchomdv had the most liked content!

Community Reputation

1 Neutral

About sanchomdv

  • Rank
    New Member
  1. Hello, I find a good filepair of encrypted and unencrypted file. I submit it to my dropbox. Maybe it helps, thanks a lot!! Francisco Sancho Barceiona (Spain)
  2. Thanks a lot!! I dont have access to any executable .. I suspect that it was a remote access and no trace of commands in NAS filesystem or attacheds local network computers 😞 Really, i dont had certainty about the correction of the filepair i submitted. But your discovery of the base64 encoding of the filenames (really great!!) give a clue in order to attempt looking for a good filepair. If i obtain a good filepair i will submite here Thanks, you make a great job!! Francisco Sancho
  3. I suspect that it was an external attack against a WD MyCloud connected directly to internet exploiting a default password or a samba exploit The pcs on the local network are clean of any infection
  4. Hello, A WD my cloud NAS from one of my clients was attacked last month with a ransomware called Basilisque Locker. The Ransomware Note is called "HOW_TO_DECRYPT.txt" And the files attacked are his filename rename to a encrypted string with the extension: [email protected]_com A sample encrypted file (174Kb): A pair of encrypted- unencrypted files (edit: really dont pair 😞 ) In my investigations it seems a Megalocker variant but i can't decrypt files with the decrypt_MegaLocker.exe by emsisoft.. retouching the ransomware note (maybe its not a good practice) I obtain the message: "Unfortunately, we were unable to find a key to decrypt your files" Do you know something about this thread? some help? Thanks in advance Francisco Sancho From Barcelona (Spain)