BennTech

Al-Namrood 2.0 infection

Recommended Posts

I have a client who got infected with the Al-Namrood 2.0 ransomware just before the Christmas holidays.  It had the whole break to encrypt everything on the network, including ALL BACKUPS, which were on a NAS also visible on the network.  At this point, my client basically has complete data loss and is looking at the company going under.

Thus, my client is considering paying the criminals, knowing full well that they would be contributing to this criminal enterprise, and also knowing that the chances are slim that paying will recover the data.  However, those odds are better than doing nothing, because nothing results in guaranteed business failure.  Thus, depending on the avenue pursued, the questions are:

  1. Has anyone ever paid and actually gotten their data decrypted?
  2. Is anyone working on breaking the Al-Namrood 2.0 ransomware?  How likely is a fix?  And how soon would said fix likely be complete?  Days?  Weeks?  Months?

Per forum directions, attached are the requested files.  I could not find the Al-Namrood 2.0 program on the server, but the program obviously had admin access to the server based on the affected files.

Addition_28-12-2016 14.14.51.txt

FRST_28-12-2016 14.14.52.txt

scan_161228-141432.txt

Share this post


Link to post
Share on other sites

Unfortunately, Al-Namrood 2.0 encrypted files cannot be decrypted without paying the ransom, and then there is a good probability that they will leave your client with encrypted files after paying the ransom.

Share this post


Link to post
Share on other sites

Thread Closed

Reason: Lack of Response

PM either Kevin, Elise, or Arthur to have this thread reopened.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread.
 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.