Jump to content


  • Posts

  • Joined

  • Last visited


1 Neutral

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Thanks Amigo-A, we are doing everything we can to lock down our servers and tighten up our securities, and we do have more files to submit but we are making good progress and are as grateful as could be to you and the team you work with, and will adhere to the best practices possible moving forward, thats for sure! Thanks again!!
  2. Hello and thanks again for the help with the decryption of the server last night; it went well and we are extremely grateful for the hard work; we were able to restore all but two additional servers and I am hoping you don't mind helping with those as well if you are inclined; this came from the same executable as earlier (ssvchost.exe), and here is a link to the encrypted and non encrypted file pair as well as the ransom note if you don't mind helping us further, and all of our thanks here for certain! https://drive.google.com/file/d/1W9KbbwoNqE9gPcvUeMBNKsh_53vNY06r/view?usp=sharing
  3. Thank you again, to all of you for the help you have provided so far; I will endeavor also to help fight this everywhere I see it and can be considered a resource to you if there is anything that I can do in my normal day to provide information about the threats I see out here. I have used Emsisoft and in particular the EEK for years, and I am as impressed with the people who are involved with Emsisoft as I am the product line. A very sincere thanks, win lose or draw.
  4. Thank you Amigo-A, here is the ransom note as well Decrypt Instructions.txt
  5. Thanks again Demonslay335! https://drive.google.com/file/d/127Od0JjBwrV2C1P70HeKnfkcDgW_33nr/view?usp=sharing I believe this should work for you but if not let me know and I will try again too.
  6. Shall i upload to virustotal again? Sorry once I know this routine I will be of more use, and will help fight this with you whenever I can.
  7. Thanks so much! I am though having a hard time uploading the files here, is there a better place for me to upload the encrypted and non encrypted file? We appreciate your efforts more than you could know today.
  8. Thanks again Demonslay335, I posted the viral file in VirusTotal and here is the link: https://www.virustotal.com/gui/file/d31742a33f52f5d3326a828f73c666d605c07b2070f5a863fce7d97a4b1cfee2/detection Thank you!
  9. Great we are working on that now, thank you Demonslay335
  10. What too would be the best way to upload the viral file to you? Thanks again
  11. Thank you all very much for the response; I uploaded the ransom note and encrypted file as well as the contact email for the bad actor as well to https://www.emsisoft.com/ransomware-decryption-tools/ I can also try and get a copy of the executable file (it was named ssvchost.exe if that is helpful) and send it to you if that would help. Thanks again!
  12. Thank you very much for the quick response; I uploaded the files, but it was unable to determine the type of ransomware unfortunately. I was a hopeful that it was a close variant perhaps to other recent ransomware infections that originated form that domain (cock.li) but that was hopeful more than technically sound on my part. I did also check nomoreransoms.com but dont see a possible decryptor, and this is so recently released I am not sure if one has yet been written... Thank you!! Chris
  13. Hello, I work for an MSP and several of our clients have been struck by ransomware, and it appears to be a new variant that uses .encryptedS and .encryptedL for files extensions, and the ransomware writer or 9hacker) is using AllZData.cockli as his contact address; has anyone seen this variant yet, and also does anyone know of a decryptor? It seems to be of the Dharma ilk if that is helpful, and thank you! We really could use some help out here today, we operate a lot of non profits and this is a hard day for them. Thank you all!!
  • Create New...