Al Namrood 2.0

[Hokidex]

All my files.. i saw in the morning were all encrypted with iD# followed by [email protected]

They are asking for Ransom by bitcoin.

Please help.

[ShadowPuterDude]

Unfortunately, there is no known method to decrypt the files without paying the  ransom.

[Monkish]

Hi, we were hit with Al-Namrood 2.0 back in December... everything would have been fine had we had a proper backup structure... or even if the same guy who set up our backup structure hadn't run the falty decrypter we were sent after paying the ransom without taking a proper system-state backup first, then he reformatted the drives and reinstalled the OS and tried to convince us we needed a $10 000 disaster recovery system (Apparently this guy has been providing these services to people for over 15 years)...

Anyway, now we are stuck with a plethora of encrypted files. But, we do have good versions of some of the encrypted files (variety of file types) that we were able to recover from emails, so a colleague of mine and I have been working on cracking the encryption.

I was wondering if you guys would be interested in taking, no pun intended, a crack at it?

Cheers

[Sarah W]

Hi Monkish,

Currently Al Namrood is not decryptable, however, if you still have the malware file somewhere then we will be willing to take a look at it.

Regards,

Sarah

[Monkish]

Hi Sarah,

I do not have the executable, but I do have encrypted files and their unencrypted counterparts (i.e. reference points).

Monkish

[Sarah W]

Hi Monkish,

Unfortunately, a file pair cannot provide the information we need to look into whether we can help. We will see what we can do though, however, I am not sure if we can help currently.

Regards,

Sarah