NEW RANSOMWARE ABRIL 2017 id_2011434953_2irbar3mjvbap6gt.onion.to

[miguel pantotja]

 

I have a ransomware that came by RPD to my PC and encrypted all the information. Please I need help with the removal tool. The extension is: id_2011434953_2irbar3mjvbap6gt.onion.to

thank you

_logo.jpg.id_2011434953_2irbar3mjvbap6gt.onion.to._

[Demonslay335]

@miguel pantotja

Fabian Wosar has released a decrypter for Cry128, the newest variant of this Nemesis/CryptON garbage.

http://blog.emsisoft.com/2017/05/01/remove-cry128-ransomware-with-emsisofts-free-decrypter/

Please give it a try with an encrypted file and it's original.

[semtex]

@Demonslay335

Files ".id_<id>_2irbar3mjvbap6gt.onion.to._" 

I can also confirm that version 1.0.0.54 does not find a key for these 36-byte different sized files.

Tried and failed with several pairs

Hopefully soon there will be a solution 

[Sarah W]

Hi all,

We are currently still looking into seeing whether the ransomware is decryptable or not. We will let you know if we find out whether it is or not.

There may be a cryptocoin miner on the system (a program which uses your CPU to mine a cryptocurrency for the criminal, in this case), so if you want to check whether the system is clean then you can use our product; Emsisoft Anti-Malware. If you like our product and it is of help then please consider buying it, the price is discounted and we protect against ransomware such as this one.

Some other advice is that investing in a good backup procedure is very important and well worth it. I would suggest having two or more backups, at least one disconnected. 

Regards,

Sarah

[ITwebs]

any update on this?

[Fabian Wosar]

Not yet, sorry.