mansig 0 Report post Posted December 19, 2016 Hello, the last night my server with Windows 2008 Server R2 Standard was infected with , AiraCropEncrypted!, the attack use ASP.ISS user, and now all files are encrypted... I have using the EmisoftDecrypter for Nmoreira but since this morning, more than 5 hours the application continue ....: Starting decryption ... Encrypted file: C:\DATOSS\Administracion\2013\2013 CONSUMOS 2013.XLS.__AiraCropEncrypted! Decryption: Trying to reconstruct encryption key, this will take a bit ... That is normal?? The utility is compatible with this server?? Thanks a lot!!! Attach one file encrypted and How to decrypt your files.html........ Now the decrypter continue with "To get in touch you should use the Bitmessage system...." more than 10 hours..... :'( Pleaseee help!!!!!!!!!!! Files.zip FRST_19-12-2016 21.51.28.txt scan_161219-213841.txt Addition_19-12-2016 21.51.28.txt Share this post Link to post Share on other sites
Kevin Zoll 309 Report post Posted December 20, 2016 This is very likely a new variant of Nmoreira that our decryption tool is not able to decrypt. The really bad news, if what I read earlier is accurate, the Nmoreira developers intend to stop further development and disable their key servers and their bitmsg account at the end of the year. Share this post Link to post Share on other sites
mansig 0 Report post Posted December 20, 2016 Ohh! very bad news! This morning the decrypter sais: Encrypted file: C:\DATOS\Administracion\2013\2013 CONSUMOS 2013.XLS.__AiraCropEncrypted! Decryption: Trying to reconstruct encryption key, this will take a bit ... Could not guess key. Most likely the original file format is not supported....... No solution? Share this post Link to post Share on other sites
Kevin Zoll 309 Report post Posted December 20, 2016 Sorry, there is no solution at this time. Share this post Link to post Share on other sites
