One of our servers had a SAMBA share left open for reasons we are unclear of. Currently the VMs running on the machine are fine (seems to be in memory) but if they reboot the .vdi files are unusable. We do have backups but this would ofcourse result in alot of work reinstalling these servers.
I have tried the decrypt tool on some offline .vdi files but it will not work.
What happened to your files ?
All of your files were protected by a strong encryption with AES cbc-128 using NamPoHyu Virus.
What does this mean ?
This means that the structure and data within your files have been irrevocably changed,
you will not be able to work with them, read them or see them,
it is the same thing as losing them forever, but with our help, you can restore them.
The encryption key and ID are unique to your computer, so you are guaranteed to be able to return your files.
Your unique id: 6C95029F8EFD463899B724524B86F659
This is the ID on our files.