carlicious

Member
  • Content Count

    1
  • Joined

  • Last visited

Community Reputation

0 Neutral

About carlicious

  • Rank
    New Member
  1. Hi all. A friend of mine got infected with the docm ransomware a while ago. In an attempt to help him out, I spent a few days reverse engineering it. I have a decent understanding of how it works now. Usually, when a decryptor is published for a particular kind of ransomware, it's because someone found a flaw in the design of the cryptography, and made a tool that exploits it in order to recover the files without knowing the actual key. Unfortunately, the authors of docm have not made errors bad enough so that this is possible. Thus, only they have the ability to recover your files. That said, some ransomware developers have published their private key in the past. It's a pretty rare thing to happen, so I wouldn't rely on it, but it happens sometimes. Sorry that I can't give you any better news. But at least now you can weigh it in when deciding on whether or not you should pay. By the way, the authors have been giving discounts to people: I found a conversation online between someone and the authors, negotiating about the price, and the person receives an offer for $400. You can see for yourself if you take the Restore-My-Files.txt found here, and submit it to their tor website.