LeonardCaldwell Posted May 26, 2017 Report Share Posted May 26, 2017 Infected Server2008. File extensions end in ".BE87R". Ransom notes indicate "Nemesis decryptor". Email associated is "[email protected]" id-ransomware.malwarehunter.com reports that the files I submit are part of the Dharma .wallet family. Running the "avast_decryptor_crysis.exe" indeed shows that it sees the encrypted files as it processes them, but at the same time indicates no encrypted files found. Using the Cry128 decryptor, it doesn't recognize anything.. ### DECRYPT MY FILES ###.txt Link to comment Share on other sites More sharing options...
Sarah W Posted May 30, 2017 Report Share Posted May 30, 2017 Hi LeonardCaldwell, You're dealing with Cry36, you can see more of the discussion about it here. I suggest making sure RDP is secure and no weak passwords are being used, and also making sure all critical windows updates are installed. Regards, Sarah W 1 Link to comment Share on other sites More sharing options...
LeonardCaldwell Posted May 30, 2017 Author Report Share Posted May 30, 2017 Very much appreciate your help & response! Thank you to the entire 30-person (or so) team that puts their time & efforts into these situations... We usually do it to ourselves. I went through that post, and will do so again - I likely missed something. I'm hoping there is a decryptor that i missed first time around. Luckily, we had offsite backups, because the NAS was hit as well. I've already rebuilt the server and double-checked firewall for any changes, but I'd like to decrypt that NAS... THANK YOU Link to comment Share on other sites More sharing options...
Teutonia Posted June 6, 2017 Report Share Posted June 6, 2017 My pc was attacked by a BE87R and all my files were encrypted with this extension. Can somebody help me? These are some of the files I could recover from a backup. *** ALL YOUR WORK AND PERSONAL FILES HAVE BEEN ENCRYPTED *** To decrypt your files you need to buy the special software – «Nemesis decryptor» You can find out the details / buy decryptor + key / ask questions by email: [email protected] Your personal ID: XXXXXXXXX Using the Cry128, Cry9, decrypt_Amnesia,decrypt_Amnesia2 decryptor, it doesn't recognize anything. THANK YOU GRUPO linkedin.docx.id-3914712426_[[email protected]].be87r GRUPO linkedin.docx Ventas 1.0 CompEnLinea exceldiario (1).xlsx.id-3914712426_[[email protected]].be87r Ventas 1.0 CompEnLinea exceldiario (1).xlsx Ventas 2.0 exceldiario (1).xlsx Ventas 2.0 exceldiario (1).xlsx.id-3914712426_[[email protected]].be87r Link to comment Share on other sites More sharing options...
Amigo-A Posted June 9, 2017 Report Share Posted June 9, 2017 Hi. Can I get a ransom-note in live form? Here I somehow can't download her. Thank you. Link to comment Share on other sites More sharing options...
Recommended Posts