Recommended Posts

*** ALL YOUR WORK AND PERSONAL FILES HAVE BEEN ENCRYPTED ***
 
To decrypt your files you need to buy the special software – «Nemesis decryptor»
You can find out the details / buy decryptor + key / ask questions by email: [email protected]
 

Your personal ID: 2213226798
 
this guy was always in .wallet and now he has this strange way (probable got a promotion!)
install.exe.id-2213226798_[[email protected]].l454t
 
I renamed the .l454t to .wallet no luck.
I renamed the .l454t to .onion no luck
I renamed the .l454t to .amnesia no luck
 
Avast decrypt - Failed
decrypt_Cry9 - Failed
decrypt_Cry128 - Failed
decrypt_Crypton -failed
decrypt_globe3 - Failed
decrypt_Amnesia - Failed
decrypt_Amnesia2 - Failed
 
36 bytes in difference
I also compared the original file with encrypted and I got a Hex but cant get code from It
any more clues?
 
 

 

 

notepad++.exe

notepad++.exe.id-2213226798_[[email protected]].l454t

Share this post


Link to post
Share on other sites

Can you attach a copy of the ransom note?

The file name looks like Dharam(.wallet) but the excerpt from the ransom note suggests that it is most likely Cry.  With a 36-byte difference, it could be Cry36.  Cry36 is not decryptable.

Share this post


Link to post
Share on other sites
12 hours ago, Kevin Zoll said:

Can you attach a copy of the ransom note?

The file name looks like Dharam(.wallet) but the excerpt from the ransom note suggests that it is most likely Cry.  With a 36-byte difference, it could be Cry36.  Cry36 is not decryptable.

 

### DECRYPT MY FILES ###.txt

Share this post


Link to post
Share on other sites
8 hours ago, Kevin Zoll said:

The ransom note is being flagged as Dharma (.wallet).  Try Kaspersky's RakhniDecryptor tool.

Download: http://media.kaspersky.com/utilities/VirusUtilities/EN/rakhnidecryptor.zip

How-To Guide: https://www.nomoreransom.org/uploads/RakhniDecryptor_how-to_guide.pdf

The ransom note flags Dharma (.wallet) because of the email in it, I tried Kaspersky's RakhniDecryptor tool. I get a Unsupported encrypted file type

Share this post


Link to post
Share on other sites

If none of the other decrypters are working then this is Cry36.  Unfortunately, Cry36 is not decryptable, at this time,  with paying the ransom.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.