Ke Xu

Please help! Ransomware virus with .exe encrypted

Recommended Posts

Could anyone help us? we are facing Ransomware virus. And all our data files have been encrypted into .exe file. And there is a note to ask to send email to gmail. The note is in a file named "howtodecryptaesfiles.txt".

The message is below:

"

All your files encrypted.

To decrypt email id: 680601448 to [email protected]

"

The attachment the screen shot of some .exe files being encrypted.

Could someone guide us what to do? Is there any tool we can use to decrypt the files?

Many thanks!

sample.PNG
Download Image

Share this post


Link to post
Share on other sites

 

It is  recommended that you upload a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with:
https://id-ransomware.malwarehunterteam.com/

Then paste a link to the results into a reply so that one of our experts can review it for you.

Share this post


Link to post
Share on other sites

If you contact Emmanuel from ADC-Soft on the BleepingComputer forums, he may be able to help you with decryption. More information can be found at the following link:
https://www.bleepingcomputer.com/forums/t/618996/accdfisa-v20-ransomware-support-topic-filename-to-get-password-email-id-id-to-email-exerar/?p=4480280

He gives an e-mail address at that link, so you can contact him via e-mail if you want. Feel free to send him the link to the ID Ransomware analysis along with the information he needs to pass to Dr.Web for decryption.

Note that Dr.Web does not provide this decryption service for free to those who do not have a license for their business/corporate Anti-Virus software. My understanding is that they started doing this due to the fact that the volume of people asking for assistance decrypting files was far greater than they could handle.

Also note that (as far as I am aware) Emmanuel is a third-party reseller of Dr.Web products, and does not actually work for Dr.Web. I assume he is making money by offering to assist people with reaching out to Dr.Web for decryption services by selling them the license key that Dr.Web requires to be eligible for their decryption service, however it does sound like he is not asking for more money than the cost of the license key.

Share this post


Link to post
Share on other sites

Thank you so much, Emsisoft!

We've contacted Emmanuel and they are helping us on investigating whether it is feasible to decrypt.

BTW, is there any other vendor that has the capability of decrypting we may try to contact?

Share this post


Link to post
Share on other sites

I'm not aware of any. If there are others who know how to decrypt the files, then they're keeping it to themselves.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.