mansig

RDP attack AiraCropEncrypted!

Recommended Posts

Hello, the last night my server with Windows 2008 Server R2 Standard was infected with , AiraCropEncrypted!, the attack use ASP.ISS user, and now all files are encrypted... I have using the EmisoftDecrypter for Nmoreira but since this morning, more than 5 hours the application continue ....:

Starting decryption ...

Encrypted file: C:\DATOSS\Administracion\2013\2013 CONSUMOS 2013.XLS.__AiraCropEncrypted!
Decryption: Trying to reconstruct encryption key, this will take a bit ...

That is normal?? The utility is compatible with this server??
Thanks a lot!!!

 

Attach one file encrypted and How to decrypt your files.html........

Now the decrypter continue with "To get in touch you should use the Bitmessage system...." more than 10 hours..... :'( 

Pleaseee help!!!!!!!!!!!

Files.zip

FRST_19-12-2016 21.51.28.txt

scan_161219-213841.txt

Addition_19-12-2016 21.51.28.txt

Share this post


Link to post
Share on other sites

This is very likely a new variant of Nmoreira that our decryption tool is not able to decrypt.  The really bad news, if what I read earlier is accurate, the Nmoreira developers intend to stop further development and disable their key servers and their bitmsg account at the end of the year.

Share this post


Link to post
Share on other sites

:(

Ohh! very bad news! 

This morning the decrypter sais:

Encrypted file: C:\DATOS\Administracion\2013\2013 CONSUMOS 2013.XLS.__AiraCropEncrypted!
Decryption: Trying to reconstruct encryption key, this will take a bit ...
Could not guess key. Most likely the original file format is not supported.......

No solution?

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.