Ke Xu

Please help! Ransomware virus with .exe encrypted

Recommended Posts

Could anyone help us? we are facing Ransomware virus. And all our data files have been encrypted into .exe file. And there is a note to ask to send email to gmail. The note is in a file named "howtodecryptaesfiles.txt".

The message is below:

"

All your files encrypted.

To decrypt email id: 680601448 to [email protected]

"

The attachment the screen shot of some .exe files being encrypted.

Could someone guide us what to do? Is there any tool we can use to decrypt the files?

Many thanks!

sample.PNG
Download Image

Share this post


Link to post
Share on other sites

If you contact Emmanuel from ADC-Soft on the BleepingComputer forums, he may be able to help you with decryption. More information can be found at the following link:
https://www.bleepingcomputer.com/forums/t/618996/accdfisa-v20-ransomware-support-topic-filename-to-get-password-email-id-id-to-email-exerar/?p=4480280

He gives an e-mail address at that link, so you can contact him via e-mail if you want. Feel free to send him the link to the ID Ransomware analysis along with the information he needs to pass to Dr.Web for decryption.

Note that Dr.Web does not provide this decryption service for free to those who do not have a license for their business/corporate Anti-Virus software. My understanding is that they started doing this due to the fact that the volume of people asking for assistance decrypting files was far greater than they could handle.

Also note that (as far as I am aware) Emmanuel is a third-party reseller of Dr.Web products, and does not actually work for Dr.Web. I assume he is making money by offering to assist people with reaching out to Dr.Web for decryption services by selling them the license key that Dr.Web requires to be eligible for their decryption service, however it does sound like he is not asking for more money than the cost of the license key.

Share this post


Link to post
Share on other sites

Thank you so much, Emsisoft!

We've contacted Emmanuel and they are helping us on investigating whether it is feasible to decrypt.

BTW, is there any other vendor that has the capability of decrypting we may try to contact?

Share this post


Link to post
Share on other sites

I'm not aware of any. If there are others who know how to decrypt the files, then they're keeping it to themselves.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.