Sign in to follow this  
steleal

ransomware crypted my files in *.cpt

Recommended Posts

I don't think this is CryptON, but rather another ransomware with a similar name:
https://id-ransomware.malwarehunterteam.com/identify.php?case=63c4b8a11e20f512e84f6fd1ab5175c510c66b58

I'll ask our malware analysts if they know anything more about it.

Feel free to attach a copy of the ransom message here, or upload it to ID Ransomware to see if the results turn out differently.

Share this post


Link to post
Share on other sites

Definitely appears to be Cripton.

We're interested in getting some more information about this particular ransomware. We can start by getting a log from FRST, and see if it shows anything related to the infection. You can find instructions for downloading and running FRST at the following link:
https://helpdesk.emsisoft.com/Knowledgebase/Article/View/274/55/running-a-scan-with-frst

Share this post


Link to post
Share on other sites

Excuse me for troubling you very much, but I had written these bad guys, they decrypted one file for me, I payd 200$ for decrypt software, received it and decrypted my files.

They had my server through RDP, it was weakly password for Administrator, and backup files was here, and these ones was crypted too. And ransomware deleted shadow copy too, and wiped deleted files.

Attached the  logs and the decrypt software.

 

FRST.txt

Addition.txt

DECRIPT.zip

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.