Jump to content

Recommended Posts

The sample bytes is a good way to identify Cry36, so this is almost certain Cry36.

In the case of ransomware like this, which uses secure encryption and generates new public/private keys for every computer it infects, usually there is no way to decrypt the files without getting the private key from the criminals who made the ransomware. You can try a tool such as ShadowExplorer, however ransomware like this usually deletes Volume Shadow Copies, so ShadowExplorer will usually find nothing. Even if the Volume Shadow Copies were not deleted, the odds of finding backup copies of files in them is pretty slim, since Windows would normally only leave backup copies of files in the Volume Shadow Copies if you were using Microsoft's own backup software for data backups (although sometimes the System Restore will save copies of files in the Volume Shadow Copies).

In cases where the Volume Shadow Copies are deleted, then note that ransomware doesn't generally delete them securely, so it might be possible to use a file undelete utility to undelete the old Volume Shadow Copies, and then use ShadowExplorer to recover files, however this isn't necessarily straightforward to do (the computer will need to be running from a bootable disk to have write access to the "System Volume Information" folder, or the hard drive will need to be connected to another computer), and even if you can recover the old Volume Shadow Copies, as mentioned above the odds of there being backup copies of important files in them are low to begin with. Note that you may need to find a local computer technician who can assist you with this if you do want to try it.

Here's a link to a list of file recovery tools at Wikipedia:

Link to post
Share on other sites

I can't tell you any ways that you can get the decryption key from the criminals other than paying them, and I can't even guarantee that they will send you the key even if you pay their ransom. Obviously we can't recommend sending money to such criminals, however ultimately the decision about what to do is up to you.

Note that in general when a criminal who makes ransomware like this receives a payment, and are able to validate that you paid them, then they send a decryption tool that includes the private key to decrypt your files, so all you have to do is run the decryption tool and it will take care of everything for you. Note that the decryption tool they send you only works on one computer, and can't be used to help anyone else.

As for how to contact them, that is usually in a ransom note (with this version of Cry36 I would believe the ransom note is called "HOWTODECRYPTFILES").

Link to post
Share on other sites
  • 2 weeks later...
13 hours ago, youyouripaire said:

thank's but tell me if can i find a hacker in deep web when i contact them whith TorBrowser why it's up for me ?

I don't have contact information for anyone who can help with this particular ransomware. To my knowledge the only one who can help is the criminal who distributed the ransomware, as he's the only one who has the private keys needed to decrypt files, and the method to contact him is described in the ransom note.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...