Dsherer 0 Posted December 5, 2017 Report Share Posted December 5, 2017 I have a client that got hit with ransomware with the extension .wtf ID Ransomware gives me this I have attached an encrypted fiile. The same file that isn't encrypted and the HOWTODECRYTPFILES.HTML I really need a decryptor for this as I was not able to restore all the data. Is there any chance of this happening? HOWTODECRYPTFILES.html Osha checklist.doc Osha checklist.doc.wtf Quote Link to post Share on other sites
OldTech65 0 Posted December 5, 2017 Report Share Posted December 5, 2017 I too have a client that was infected with the same ransomware. The file ext is .wtf. Unfortunately it appears to be a new type and there are no decryption keys available to date. The html file calls it Dangerous Ransomware. If there is a resolve to this threat please contact me. HOWTODECRYPTFILES.html Quote Link to post Share on other sites
GT500 860 Posted December 5, 2017 Report Share Posted December 5, 2017 It looks like a new variant of Cry36. I'll ask our malware analysts if they need any information about it. 1 Quote Link to post Share on other sites
Dsherer 0 Posted December 5, 2017 Author Report Share Posted December 5, 2017 Thank You GT500 Quote Link to post Share on other sites
GT500 860 Posted December 7, 2017 Report Share Posted December 7, 2017 I don't think they need any more information, however let's try getting a log from FRST just to make sure it doesn't show anything new. You can find instructions for downloading and running FRST at the following link:https://helpdesk.emsisoft.com/Knowledgebase/Article/View/274/55/running-a-scan-with-frst Quote Link to post Share on other sites
OldTech65 0 Posted December 22, 2017 Report Share Posted December 22, 2017 Unfortunately the client's computer was reformatted and a new install had to be preformed. I do have the data files stored elsewhere just in case you have a decryption key. Quote Link to post Share on other sites
GT500 860 Posted December 22, 2017 Report Share Posted December 22, 2017 As far as I am aware, the only way to obtain a decryption key for this particular ransomware is to get it from the criminals who made the ransomware. Quote Link to post Share on other sites
Jamus0 0 Posted December 26, 2017 Report Share Posted December 26, 2017 Any news on this. I have 2 server infected with this..... Quote Link to post Share on other sites
GT500 860 Posted December 27, 2017 Report Share Posted December 27, 2017 There hasn't been any news that I am aware of. If there are any new developments with this (or any other) ransomware, then BleepingComputer will almost certainly publish information about it, so I recommend keeping an eye on their news feed so that you see any new information as soon as it is available:https://www.bleepingcomputer.com/ Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.