Ransomware with .wtf extension

[Dsherer 0]

I have a client that got hit with ransomware with the extension .wtf 

ID Ransomware gives me this

Download Image

I have attached an encrypted fiile. The same file that isn't encrypted and the HOWTODECRYTPFILES.HTML I really need a decryptor for this as I was not able to restore all the data. Is there any chance of this happening?

HOWTODECRYPTFILES.html

Osha checklist.doc

Osha checklist.doc.wtf

[OldTech65 0]

I too have a client that was infected with the same ransomware. The file ext is .wtf. Unfortunately it appears to be a new type and there are no decryption keys available to date.

The html file calls it Dangerous Ransomware. If there is a resolve to this threat please contact me.

HOWTODECRYPTFILES.html

[GT500 839]

It looks like a new variant of Cry36. I'll ask our malware analysts if they need any information about it.

[Dsherer 0]

 Thank You GT500

 

[GT500 839]

I don't think they need any more information, however let's try getting a log from FRST just to make sure it doesn't show anything new. You can find instructions for downloading and running FRST at the following link:
https://helpdesk.emsisoft.com/Knowledgebase/Article/View/274/55/running-a-scan-with-frst

[OldTech65 0]

Unfortunately the client's computer was reformatted and a new install had to be preformed. I do have the data files stored elsewhere just in case you have a decryption key.

[GT500 839]

As far as I am aware, the only way to obtain a decryption key for this particular ransomware is to get it from the criminals who made the ransomware.

[Jamus0 0]

Any news on this.  I have 2 server infected with this.....

[GT500 839]

There hasn't been any news that I am aware of. If there are any new developments with this (or any other) ransomware, then BleepingComputer will almost certainly publish information about it, so I recommend keeping an eye on their news feed so that you see any new information as soon as it is available:
https://www.bleepingcomputer.com/