Server hacked by Remote Access and crypted by a ''sort' of Amnesia ransomware with .please extension

[clapton82 0]

A ''sort' of Amnesia , because the 'mode' of attack , is typical of the Amnesia , same effects that are described here : https://www.cyber.nj.gov/threat-profiles/ransomware-variants/amnesia

and the same ransom note file HOW TO RECOVER ENCRYPTED FILES.TXT , but with a different text (as you can see by the attached file),and different extension (all files are crypted with the .please extension).

I tryed the Amnesia emsisoft decrypted, and it seems to work , attempting  a brutal attack mode, but when key space exhausted, arrive at 100% an alert says that there is no possibility to decrypt that file ( the files in input are the same, same size , the oly difference is that one of those is crypted as suggested by the program manual).

After a lot of reasearch on internet , im sure that is the Amnesia. It s only little bit different. There s someone that could help me please? Thank you!

HOW TO RECOVER ENCRYPTED FILES.TXT

[stapp 152]

It is  recommended to upload a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with:
https://id-ransomware.malwarehunterteam.com/

You can then paste a link to the results into a reply and an expert will review them.

[clapton82 0]

I already uploaded the ransom note and infected file and the result is Scarab.

https://id-ransomware.malwarehunterteam.com/identify.php?case=f731981637d0c487275fabf2a5b595db2aec71ba

 

But the modus operandi of this ransonware is more similar to Amnesia than the Scarab one

[GT500 854]

There's a version of Scarab that uses the .amnesia extension. It's not decryptable (at least not without somehow getting the private key from the criminals who made the ransomware).