TCO Jason

Recommended Posts

TCO Jason    0

TCO Jason
Posted

Hi Kevin,

Thank you for the quick reply.  It's been running for a few days now and hasn't been successful in decrypting any yet.  If this is unsuccessful, are there any other options?  

Thank you again for your help.

Share this post

Link to post
Share on other sites

Sarah W    26

Sarah W
Posted

Hi TCO Jason,

Wallet Dharma is unfortunately not decryptable. You can either backup your files and wait for a solution, or pay the criminals (we do not recommend this) currently.

RDP is how these criminals usually enter, so please secure it with a strong password.

Regards,

Sarah 

Share this post

Link to post
Share on other sites

Gusi    0

Gusi
Posted

Hi - infected with .Wallet and when running Rakhni Decryptor by Kaspersky , I get a "processing error" - any ideas? help will be greatly appreciate it...

 

20:47:49.0429 0x2438  Trojan-Ransom.Win32.Rakhni decryption tool 1.17.17.0 Mar  1 2017 23:11:54
20:47:51.0433 0x2438  ============================================================
20:47:51.0433 0x2438  Current date / time: 2017/03/30 20:47:51.0433
20:47:51.0433 0x2438  SystemInfo:
20:47:51.0434 0x2438 
20:47:51.0434 0x2438  OS Version: 6.1.7601 ServicePack: 1.0
20:47:51.0434 0x2438  Product type: Server
20:47:51.0434 0x2438  ComputerName: ARES
20:47:51.0434 0x2438  UserName: administrator
20:47:51.0434 0x2438  Windows directory: C:\Windows
20:47:51.0434 0x2438  System windows directory: C:\Windows
20:47:51.0434 0x2438  Running under WOW64
20:47:51.0434 0x2438  Processor architecture: Intel x64
20:47:51.0434 0x2438  Number of processors: 4
20:47:51.0434 0x2438  Page size: 0x1000
20:47:51.0434 0x2438  Boot type: Normal boot
20:47:51.0435 0x2438  ============================================================
20:47:51.0535 0x2438  Initialize success
20:48:19.0785 0x2410  Number of worker threads: 4
20:48:30.0253 0x2410  File path: C:\Users\administrator.TEA\Desktop\test2\License_SQLNCLI_ENU.txt.id-0C677459.[[email protected]].wallet
20:48:30.0284 0x2410  Password recovered
20:48:30.0285 0x2410  Known suspicious file: C:\Users\administrator.TEA\Desktop\test2\License_SQLNCLI_ENU.txt.id-0C677459.[[email protected]].wallet
20:48:32.0951 0x2410  DecryptIO (C:\Users\administrator.TEA\Desktop\test2\License_SQLNCLI_ENU.txt) error
 

----

 

20:48:37.0821 0x2410  Folder scan statistic (C:\Users\administrator.TEA\Desktop\test2):
20:48:37.0821 0x2410  Processed: 3
20:48:37.0821 0x2410  Found: 3
20:48:37.0821 0x2410  Decrypted: 0
20:48:37.0821 0x2410  ================================================================================
20:48:37.0821 0x2410  Scan finished
20:48:37.0821 0x2410 

Share this post

Link to post
Share on other sites

Sarah W    26

Sarah W
Posted

Hi Gusi,

Wallet Dharma is unfortunately not decryptable. You can either backup your files and wait for a solution, or pay the criminals (we do not recommend this) currently.

RDP is how these criminals usually enter, so please secure it with a strong password.

Regards,

Sarah 

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go To Topic Listing

  • Recently Browsing   0 members

    No registered users viewing this page.