Infection .[[email protected]].adobe

[JusT 0]

Hello,

Unfortunately our computer infected.

May i get help with it please?

Addition.txt

FRST.txt

[GT500 492]

I recommend uploading a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with:
https://id-ransomware.malwarehunterteam.com/

You can paste a link to the results into a reply if you would like for me to review them.

[JusT 0]

Hello, Thanks for reply,

 

here is the link

 

https://id-ransomware.malwarehunterteam.com/identify.php?case=11dd94b7d4f7163fd91c62ceab1e791d8bf8369b

[GT500 492]

That's almost certainly a variant of Dharma. Unfortunately there's no known way to decrypt files that have been encrypted by modern variants of Dharma without first obtaining the private key from the criminals who made/distributed the ransomware.

[JusT 0]

Should we wait for future possibility or pay them ?

[GT500 492]

We never recommend paying the ransom, as it only encourages these criminals to continue distributing their ransomware. That being said, the decision is ultimately up to you. As far as I know, whoever is behind Dharma/Crysis will usually send a working decryption tool, however if the tool they send doesn't work then they may not assist you in figuring out why.

Of course, Dharma has been around for a little while now in various forms, and I'm sure that various law enforcement agencies are working with computer security companies to gain access to the command and control servers used by Dharma/Crysis. In theory, it is only a matter of time before they find a weakness and gain access to the database of private keys, however there is no way to know for certain when that would happen. If you can wait, then it's best to make a backup of your encrypted files so that they can be recovered when someone releases a decryption tool.

[JusT 0]

Understood, Thank you for your time and answers.

[GT500 492]

You're welcome.