So far cannot identify ransomware

Recommended Posts

Caught this before it wiped out the entire server but it still encrypted many files. All have a random extension like efg, hif, def, ccc, iii, etc etc Every file name is like this:

[email protected] [email protected]@@@@CE12-B743.randomname-ABCEGHJKLMNPPQSTUVWYYZBCDEFGHI.KLM

There are README.txt files in every folder that just say this:

for decrypt files write you country to [email protected]

Any idea which encryptor this might be? Any help greatly appreciated, thank you!

[email protected] [email protected]


Share this post

Link to post
Share on other sites

I did try that MalwareHunter site and it displayed nothing whatsoever. I'm no idiot but no matter which option I did (sample encrypted file, address, etc) it displayed nothing. 

Share this post

Link to post
Share on other sites

Like I said in the original post, it got nothing critical and I am just going to wipe the server in question. Thank the powers that be that I logged on when I did. I am an outside IT contractor that just started doing some work for these people and just happened to log in when I did and see what was happening.

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.