Jump to content

Recommended Posts

Infected Server2008. File extensions end in ".BE87R". Ransom notes indicate "Nemesis decryptor". Email associated is "[email protected]"

id-ransomware.malwarehunter.com reports that the files I submit are part of the Dharma .wallet family. Running the "avast_decryptor_crysis.exe" indeed shows that it sees the encrypted files as it processes them, but at the same time indicates no encrypted files found.

Using the Cry128 decryptor, it doesn't recognize anything..

### DECRYPT MY FILES ###.txt

Link to post
Share on other sites

Hi LeonardCaldwell,

You're dealing with Cry36, you can see more of the discussion about it here.

I suggest making sure RDP is secure and no weak passwords are being used, and also making sure all critical windows updates are installed.


Sarah W

  • Upvote 1
Link to post
Share on other sites

Very much appreciate your help & response! Thank you to the entire 30-person (or so) team that puts their time & efforts into these situations... We usually do it to ourselves. I went through that post, and will do so again - I likely missed something. I'm hoping there is a decryptor that i missed first time around. Luckily, we had offsite backups, because the NAS was hit as well. I've already rebuilt the server and double-checked firewall for any changes, but I'd like to decrypt that NAS...


Link to post
Share on other sites


My pc was attacked by a BE87R and all my files were encrypted with this extension. Can somebody help me? These are some of the files I could recover from a backup.


To decrypt your files you need to buy the special software – «Nemesis decryptor»
You can find out the details / buy decryptor + key / ask questions by email: [email protected]

Your personal ID: XXXXXXXXX

Using the Cry128, Cry9, decrypt_Amnesia,decrypt_Amnesia2 decryptor, it doesn't recognize anything.



GRUPO linkedin.docx.id-3914712426_[[email protected]].be87r

GRUPO linkedin.docx

Ventas 1.0 CompEnLinea exceldiario (1).xlsx.id-3914712426_[[email protected]].be87r

Ventas 1.0 CompEnLinea exceldiario (1).xlsx

Ventas 2.0 exceldiario (1).xlsx

Ventas 2.0 exceldiario (1).xlsx.id-3914712426_[[email protected]com].be87r

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...