Abhijit

Cry9 - Invalid CRYPTON file pair

Recommended Posts

12 hours ago, Cesar1986 said:

We seem to have the same problem. I tried the file that Kaspersky sent me and it did not work.

Did you let Kaspersky know that the decryptor did not work? Are they going to help you more?

Share this post


Link to post
Share on other sites
Really even after paying the amount requested the criminals did not release the keys and decryption software from my files, had to pay dearly for trusting these people, I ended my conversations with them. But be warned do not pay redemptions.
 

Share this post


Link to post
Share on other sites
10 hours ago, Alessandro Domingues said:

Ola boa noite , hoje tive uma otima noticia , a Kaspersky atualizou seu software de decriptografia , e agora tive todos os meus arquivos desencriptados 

Compartilha esse link jovem \o/

Share this post


Link to post
Share on other sites

All my files  just have been encrypted, all my videos and photos of my family, my sons since they were born are gone. Looks like it was Cry36 which I believe no decryptor till now.

I have uploaded sample  of encrypted and original unencrypted file if this will help anyone to create the decryptor.

https://www.dropbox.com/s/u2uro2uxbndayja/cry36 encrypted files.zip?dl=0

 

Many thanks

Share this post


Link to post
Share on other sites

yes, seems it is hard to decrypt this one, as at start i wanted to look for encryption because thys encryption virus crypting only 36bytes of file, so other parts of files is recoverable, and posted info how people can try recovering data if they have large files, but EMSI denied my post saying this is harmfull , and need to wait for emsisoft to make an decryptos :) , so we wait now :)) because i have no will to do it myself , while i get punch in a head trying to help.

Share this post


Link to post
Share on other sites

yeah, my is exactly same encrypotion with same ending, when i logged in tor network on my id it said nemesis encryption id_2809157423_fgb45ft3pqamyji7.onion

Share this post


Link to post
Share on other sites

To my knowledge, there has been no news about a free cry36 decryption tool.

In the case of ransomware like this, which uses secure encryption and generates new public/private keys for every computer it infects, usually there is no way to decrypt the files without getting the private key from the criminals who made the ransomware. You can try a tool such as ShadowExplorer, however ransomware like this usually deletes Volume Shadow Copies, so ShadowExplorer will usually find nothing. Even if the Volume Shadow Copies were not deleted, the odds of finding backup copies of files in them is pretty slim, since Windows would normally only leave backup copies of files in the Volume Shadow Copies if you were using Microsoft's own backup software for data backups (although sometimes the System Restore will save copies of files in the Volume Shadow Copies).
http://www.shadowexplorer.com/

In cases where the Volume Shadow Copies are deleted, then note that ransomware doesn't generally delete them securely, so it might be possible to use a file undelete utility to undelete the old Volume Shadow Copies, and then use ShadowExplorer to recover files, however this isn't necessarily straightforward to do (the computer will need to be running from a bootable disk to have write access to the "System Volume Information" folder, or the hard drive will need to be connected to another computer), and even if you can recover the old Volume Shadow Copies, as mentioned above the odds of there being backup copies of important files in them are low to begin with. Note that you may need to find a local computer technician who can assist you with this if you do want to try it.

Here's a link to a list of file recovery tools at Wikipedia:
https://en.wikipedia.org/wiki/List_of_data_recovery_software#File_Recovery

  • Upvote 1

Share this post


Link to post
Share on other sites
5 hours ago, anto19900 said:

Any news about cry36 ? how much would it cost (cry36 decrypter) ? 

I've already answered this via private message, however for anyone else who's curious there's still no known way to decrypt files encrypted by Cry36 without first obtaining the private key from the criminals who made/distributed the ransomware.

Share this post


Link to post
Share on other sites
On 10/23/2018 at 4:07 AM, GT500 said:

I've already answered this via private message, however for anyone else who's curious there's still no known way to decrypt files encrypted by Cry36 without first obtaining the private key from the criminals who made/distributed the ransomware.

However, cry36 still exists, but cannot to contact the criminals even I wants to pay for it.

Share this post


Link to post
Share on other sites
3 hours ago, Nova said:

However, cry36 still exists, but cannot to contact the criminals even I wants to pay for it.

It's possible that at some point in the future someone will gain access to the database of private keys on the servers operated by the criminals who made/distributed Cry36, and be able to make a free decryption tool. Until then, it is recommended to keep a backup copy of encrypted files, that way you'll have them in a safe place if a free decrypter is released.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.