altonova

Help! [email protected] ransomware infection

Recommended Posts

Hello, my PC and server got infected by a ransomware.

> My work files are encrypted with "[email protected] [email protected]@@@@D0B9-DB2E.randomname-KLMOPQRSSTTUVVWXXYYYZAABCCCDEE.GHH.iik" and other random extension names.
I've searched forums and tried decryption utility from Kaspersky, Emsisoft, etc and still cannot decrypt the file. Some forums said it's a new Cryakl (?) strain and suggested that I do system restore and file restore applications.
Too bad, my PC don't have a system restore checkpoint (turned out it was turned off), and file restore applications cannot find the files.

> The encrypted file and the real file have a small different file size. I have two of the file samples, if needed.

> Along with the drakosha, my PC was also infected by Globe3 (all files encrypted had a file extension .7), and fortunately the files are already rescued with Emsisoft's decryption utility.

I've attached the scan files below.
Thank you very much.

Addition.txt

FRST.txt

scan_170425-152652.txt

Share this post


Link to post
Share on other sites

I believe in 72 hours if the thread is not active, it will be closed?
I'll just bump here, just in case.
I still haven't found a way to retrieve my file back.

Share this post


Link to post
Share on other sites

Hi altonova,

Sorry about the delay :)

Unfortunately, Cryakl ransomware is not decryptable. Your best bet is to wait for a solution that may happen at some point if you don't want to pay (I suggest not, if possible).

A good backup procedure is very important and well worth the investment. You will also need to secure RDP with a strong password, if you continue to use it, as this is how the criminals enter the system.

Sarah

Share this post


Link to post
Share on other sites

Thank you, Sarah.

Too bad, I wish there's a way to decrypt it somehow.
Are all Cryakl ransomware not decryptable right now or is it just this strain (drakosha...) that can't be decrypted?

Share this post


Link to post
Share on other sites

hi altonova

My server has been infected by this ransomware too! I don't what should i do. It is encrypted my files to : "[email protected] [email protected]@@@@40B1-24E5.randomname-BCEGKLNOPQSTUWXYZBCCEFHHJKLMOP.RSU.vwy.id-40B124E5.[[email protected]].wallet"

if find any way to decrypt please let me know: ***email address removed to avoid spamming

thanks in advance 

Share this post


Link to post
Share on other sites
7 hours ago, altonova said:

Thank you, Sarah.

Too bad, I wish there's a way to decrypt it somehow.
Are all Cryakl ransomware not decryptable right now or is it just this strain (drakosha...) that can't be decrypted?

 

All version of Cryakl currently.

You can also try file recovery programs like Easus Data Recovery Wizard and Recuva too, however, I do not know how effective it will be.

Regards,

Sarah

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.