Jump to content

Cry9 - Invalid CRYPTON file pair


Recommended Posts

10 hours ago, ganymede said:

Never mind, apparently it works in Windows 7 at least. Didn't accept my .onion files as being compatible though. :/

It has nothing to do with the Windows version. Nemesis is a ransomware-as-a-service offer, that means everyone can subscribe to it and get their own ransomware. Kaspersky only liberated the required keys for some of the Nemesis partners. That means only campaigns associated with those partners can be decrypted.

Link to comment
Share on other sites

12 hours ago, Fabian Wosar said:

It has nothing to do with the Windows version. Nemesis is a ransomware-as-a-service offer, that means everyone can subscribe to it and get their own ransomware. Kaspersky only liberated the required keys for some of the Nemesis partners. That means only campaigns associated with those partners can be decrypted.

Ruben-e on bleeping Computer forum posted and had the same extension as I did (830s7). The decryptor worked for him but not me? Wouldn't the same extension be apart of the same campaign?

Link to comment
Share on other sites

14 hours ago, Smok3d said:

Ruben-e on bleeping Computer forum posted and had the same extension as I did (830s7). The decryptor worked for him but not me? Wouldn't the same extension be apart of the same campaign?

We seem to have the same problem. I tried the file that Kaspersky sent me and it did not work.

Link to comment
Share on other sites

  • 2 weeks later...
10 hours ago, Alessandro Domingues said:

Ola boa noite , hoje tive uma otima noticia , a Kaspersky atualizou seu software de decriptografia , e agora tive todos os meus arquivos desencriptados 

Compartilha esse link jovem \o/

Link to comment
Share on other sites

All my files  just have been encrypted, all my videos and photos of my family, my sons since they were born are gone. Looks like it was Cry36 which I believe no decryptor till now.

I have uploaded sample  of encrypted and original unencrypted file if this will help anyone to create the decryptor.

https://www.dropbox.com/s/u2uro2uxbndayja/cry36 encrypted files.zip?dl=0

 

Many thanks

Link to comment
Share on other sites

  • 3 weeks later...

yes, seems it is hard to decrypt this one, as at start i wanted to look for encryption because thys encryption virus crypting only 36bytes of file, so other parts of files is recoverable, and posted info how people can try recovering data if they have large files, but EMSI denied my post saying this is harmfull , and need to wait for emsisoft to make an decryptos :) , so we wait now :)) because i have no will to do it myself , while i get punch in a head trying to help.

Link to comment
Share on other sites

As mentioned before in various places: We classified Cry36 as not feasible to decrypt using the restrictions we try to operate within. Kaspersky was able to "liberate" some of the private keys, so you can try to contact them. But it is highly unlikely that there will be a new decrypter for Cry36 from us.

Link to comment
Share on other sites

  • 1 month later...

To my knowledge, there has been no news about a free cry36 decryption tool.

In the case of ransomware like this, which uses secure encryption and generates new public/private keys for every computer it infects, usually there is no way to decrypt the files without getting the private key from the criminals who made the ransomware. You can try a tool such as ShadowExplorer, however ransomware like this usually deletes Volume Shadow Copies, so ShadowExplorer will usually find nothing. Even if the Volume Shadow Copies were not deleted, the odds of finding backup copies of files in them is pretty slim, since Windows would normally only leave backup copies of files in the Volume Shadow Copies if you were using Microsoft's own backup software for data backups (although sometimes the System Restore will save copies of files in the Volume Shadow Copies).
http://www.shadowexplorer.com/

In cases where the Volume Shadow Copies are deleted, then note that ransomware doesn't generally delete them securely, so it might be possible to use a file undelete utility to undelete the old Volume Shadow Copies, and then use ShadowExplorer to recover files, however this isn't necessarily straightforward to do (the computer will need to be running from a bootable disk to have write access to the "System Volume Information" folder, or the hard drive will need to be connected to another computer), and even if you can recover the old Volume Shadow Copies, as mentioned above the odds of there being backup copies of important files in them are low to begin with. Note that you may need to find a local computer technician who can assist you with this if you do want to try it.

Here's a link to a list of file recovery tools at Wikipedia:
https://en.wikipedia.org/wiki/List_of_data_recovery_software#File_Recovery

  • Upvote 1
Link to comment
Share on other sites

  • 1 year later...
5 hours ago, anto19900 said:

Any news about cry36 ? how much would it cost (cry36 decrypter) ? 

I've already answered this via private message, however for anyone else who's curious there's still no known way to decrypt files encrypted by Cry36 without first obtaining the private key from the criminals who made/distributed the ransomware.

Link to comment
Share on other sites

  • 2 weeks later...
On 10/23/2018 at 4:07 AM, GT500 said:

I've already answered this via private message, however for anyone else who's curious there's still no known way to decrypt files encrypted by Cry36 without first obtaining the private key from the criminals who made/distributed the ransomware.

However, cry36 still exists, but cannot to contact the criminals even I wants to pay for it.

Link to comment
Share on other sites

3 hours ago, Nova said:

However, cry36 still exists, but cannot to contact the criminals even I wants to pay for it.

It's possible that at some point in the future someone will gain access to the database of private keys on the servers operated by the criminals who made/distributed Cry36, and be able to make a free decryption tool. Until then, it is recommended to keep a backup copy of encrypted files, that way you'll have them in a safe place if a free decrypter is released.

Link to comment
Share on other sites

  • 1 year later...
  • 3 months later...
On 1/10/2021 at 3:39 PM, a1fa said:

anyone still working on solution for cry36 or it's totally dead? :(

I doubt anyone has looked into it for at least a couple of years at this point. We know the kind of encryption it uses, and we know it isn't normally breakable.

  • Thanks 1
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...