Caleb 0 Posted April 21, 2016 Report Share Posted April 21, 2016 Hello Everyone! We recently were attacked with a new ransomware virus on our domain. Many of our files were renamed to "filename.LOL!". For example: icon.png was renamed to: icon.png.LOL! We were able to remove the threat and were forced to restore many backups as the majority of our files were encrypted. However, we did not have a backup for some of our files, so are stuck trying to figure out a means to decrypt these remaining files. Can you assist us with decrypting our remaining files? I have attached the logs, and the "how to get data.txt" file that was placed in every directory that was encrypted by the virus. I also attached an actual encrypted file, along with the original version of the file for your testing/comparison. Please note: the files and scans were all done on my test vm (not the server that was infected) as we did not want to re-enable any threats on the domain. However, the .zip file does contain actual files gathered from this initially infected server. Addition.txt FRST.txt Good&Bad File examples.zip how to get data.txt scan_160421-162818.txt Link to post Share on other sites
Kevin Zoll 309 Posted April 22, 2016 Report Share Posted April 22, 2016 Hello Caleb, Unfortunately it uses a secure encryption algorithm. Which means it is not possible to decrypt LOL encyrpted files. Link to post Share on other sites
Recommended Posts