Jump to content

Help With .LOL! RansomWare Decryption of Files


Recommended Posts

Hello Everyone!

 

We recently were attacked with a new ransomware virus on our domain.

 

Many of our files were renamed to "filename.LOL!".

 

For example:

icon.png

was renamed to:

icon.png.LOL!

 

We were able to remove the threat and were forced to restore many backups as the majority of our files were encrypted.

 

However, we did not have a backup for some of our files, so are stuck trying to figure out a means to decrypt these remaining files.

 

Can you assist us with decrypting our remaining files?

 

I have attached the logs, and the "how to get data.txt" file that was placed in every directory that was encrypted by the virus.

 

I also attached an actual encrypted file, along with the original version of the file for your testing/comparison.

 

Please note: the files and scans were all done on my test vm (not the server that was infected) as we did not want to re-enable any threats on the domain.

 

However, the .zip file does contain actual files gathered from this initially infected server.

Addition.txt

FRST.txt

Good&Bad File examples.zip

how to get data.txt

scan_160421-162818.txt

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...