Jump to content

Al-Namrood 2.0 infection

Recommended Posts

I have a client who got infected with the Al-Namrood 2.0 ransomware just before the Christmas holidays.  It had the whole break to encrypt everything on the network, including ALL BACKUPS, which were on a NAS also visible on the network.  At this point, my client basically has complete data loss and is looking at the company going under.

Thus, my client is considering paying the criminals, knowing full well that they would be contributing to this criminal enterprise, and also knowing that the chances are slim that paying will recover the data.  However, those odds are better than doing nothing, because nothing results in guaranteed business failure.  Thus, depending on the avenue pursued, the questions are:

  1. Has anyone ever paid and actually gotten their data decrypted?
  2. Is anyone working on breaking the Al-Namrood 2.0 ransomware?  How likely is a fix?  And how soon would said fix likely be complete?  Days?  Weeks?  Months?

Per forum directions, attached are the requested files.  I could not find the Al-Namrood 2.0 program on the server, but the program obviously had admin access to the server based on the affected files.

Addition_28-12-2016 14.14.51.txt

FRST_28-12-2016 14.14.52.txt


Link to post
Share on other sites
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...