elhajoco Posted September 29, 2017 Report Share Posted September 29, 2017 I am assisting a customer that was infected with the .nuclear ransomware. The files were appended with .[[email protected]]-id-DC145418.nuclear. They submitted a file that was decrypted. They paid the ransom and were provided a decrypter named btcw.exe. They file ran, however, the decrypter just renamed the files and did not decrypt them. When the file runs at the beginning it actually says "Your decrypt key is: ..." and lists the decrypt key. The hackers are still communicating to an extent regarding the issue. However, my question is, can the decrypt key listed in the decrypter program be used in an form or fashion to manually decrypt the files? Link to comment Share on other sites More sharing options...
GT500 Posted September 29, 2017 Report Share Posted September 29, 2017 It may be BTCWare. I recommend checking with ID Ransomware to be certain:https://id-ransomware.malwarehunterteam.com/ You can copy and paste the address of the results into a post for me to review as well. Link to comment Share on other sites More sharing options...
elhajoco Posted September 30, 2017 Author Report Share Posted September 30, 2017 It may not be as bad as I thought. Here is the result: https://id-ransomware.malwarehunterteam.com/identify.php?case=8f70302a061f5daf258b38ac6387bd057c7a1060 Link to comment Share on other sites More sharing options...
mgiammarco Posted October 3, 2017 Report Share Posted October 3, 2017 A customer of mine got the same [email protected] nuclear variant. I have the server on. What can I do? Can you help me? Btwcware bruteforce failed. Link to comment Share on other sites More sharing options...
Fagent Posted October 4, 2017 Report Share Posted October 4, 2017 We have been hit by the same ransomware which has appended [[email protected]]-id-9E099745.nuclear to all of our files and no ransom note was left. I have visited the above link and this was the result https://id-ransomware.malwarehunterteam.com/identify.php?case=1a9b74e7a11b4e4a8590170e1d865be118526f2d Is there a way we could decrypt our files? Link to comment Share on other sites More sharing options...
GT500 Posted October 4, 2017 Report Share Posted October 4, 2017 Note that there's no publicly available decryption tool for this variant of BTCWare. If anyone needs more information, then please send me a private message. Link to comment Share on other sites More sharing options...
Recommended Posts