Jump to content

Recommended Posts

*** ALL YOUR WORK AND PERSONAL FILES HAVE BEEN ENCRYPTED ***
 
To decrypt your files you need to buy the special software – «Nemesis decryptor»
You can find out the details / buy decryptor + key / ask questions by email: [email protected]
 

Your personal ID: 2213226798
 
this guy was always in .wallet and now he has this strange way (probable got a promotion!)
install.exe.id-2213226798_[[email protected]].l454t
 
I renamed the .l454t to .wallet no luck.
I renamed the .l454t to .onion no luck
I renamed the .l454t to .amnesia no luck
 
Avast decrypt - Failed
decrypt_Cry9 - Failed
decrypt_Cry128 - Failed
decrypt_Crypton -failed
decrypt_globe3 - Failed
decrypt_Amnesia - Failed
decrypt_Amnesia2 - Failed
 
36 bytes in difference
I also compared the original file with encrypted and I got a Hex but cant get code from It
any more clues?
 
 

 

 

notepad++.exe

notepad++.exe.id-2213226798_[[email protected]].l454t

Link to post
Share on other sites

Can you attach a copy of the ransom note?

The file name looks like Dharam(.wallet) but the excerpt from the ransom note suggests that it is most likely Cry.  With a 36-byte difference, it could be Cry36.  Cry36 is not decryptable.

Link to post
Share on other sites
8 hours ago, Kevin Zoll said:

The ransom note is being flagged as Dharma (.wallet).  Try Kaspersky's RakhniDecryptor tool.

Download: http://media.kaspersky.com/utilities/VirusUtilities/EN/rakhnidecryptor.zip

How-To Guide: https://www.nomoreransom.org/uploads/RakhniDecryptor_how-to_guide.pdf

The ransom note flags Dharma (.wallet) because of the email in it, I tried Kaspersky's RakhniDecryptor tool. I get a Unsupported encrypted file type

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...