PhilJaume 0 Posted October 24, 2019 Report Share Posted October 24, 2019 Hi, since yesterday we've been infected by a ransomware with file extension *.encrypted. I've tried to find the name of this ransomware with the software ID Ransomeware" but it return that it is an unknow one. How could I do ? Any help will be more than appreciate. Rgds Quote Link to post Share on other sites
stapp 152 Posted October 24, 2019 Report Share Posted October 24, 2019 Please attach the original file of ransom note and several encrypted files to your message so that one of our experts can examine them. Quote Link to post Share on other sites
PhilJaume 0 Posted October 24, 2019 Author Report Share Posted October 24, 2019 Attached are some files. Hope you could help me. Thanks a lot Backup.Log.encrypted filtrea-logo-accepté.JPG.encrypted HOW_TO_RECOVER_DATA.html LOGO AFIMO SPECIAL.JPG.encrypted ReadmeSQLEXP2005.htm.encrypted Quote Link to post Share on other sites
Amigo-A 136 Posted October 24, 2019 Report Share Posted October 24, 2019 We know which ransomware it is, but the HOW_TO_RECOVER_DATA.html file is corrupt. You must first place it in a zip archive, and then attach it to a new message. After that, the identification will be accurate. Quote Link to post Share on other sites
PhilJaume 0 Posted October 24, 2019 Author Report Share Posted October 24, 2019 here they are thanks a lot HOW_TO_RECOVER_DATA.html HOW_TO_RECOVER_DATA.rar Quote Link to post Share on other sites
Amigo-A 136 Posted October 24, 2019 Report Share Posted October 24, 2019 This is MedusaLocker Ransomware Identification resulthttps://id-ransomware.malwarehunterteam.com/identify.php?case=397a7586fd127d516a33e02733b0d9e3f739f9c5 There are several similar ransomware that copy elements from others in order to confuse identification, scare victims and mislead researchers. In most cases, the service ID Ransomware accurately determines the encryptor that encrypted the files. First, they used a different note design, then they took what you see, from other ransomware. It is possible that they are even familiar and actively collaborate. Support and Help Topic >> Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.