hamdhoon 0 Report post Posted October 29 i have attached screen shots of desktop. this is the issue i am facing. please assist me to remove this randsomeware and retreive my files. Download Image Quote Share this post Link to post Share on other sites
GT500 594 Report post Posted October 30 The e-mail address was commonly used by Cry36. You can verify if that's the ransomware that encrypted your files using ID Ransomware:https://id-ransomware.malwarehunterteam.com You can paste a link to the results into a reply if you would like for me to review them. Quote Share this post Link to post Share on other sites
hamdhoon 0 Report post Posted October 30 Download Image Quote Share this post Link to post Share on other sites
hamdhoon 0 Report post Posted October 30 15 hours ago, GT500 said: The e-mail address was commonly used by Cry36. You can verify if that's the ransomware that encrypted your files using ID Ransomware:https://id-ransomware.malwarehunterteam.com You can paste a link to the results into a reply if you would like for me to review them. Download Image Quote Share this post Link to post Share on other sites
GT500 594 Report post Posted October 31 ID Ransomware's detection of Cry36 is pretty good, and considering the sample bytes and extension match exactly I'd say the detection was accurate. Note that ID Ransomware is also correct when it says that there is no known way to decrypt your files. Quote Share this post Link to post Share on other sites
Amigo-A 44 Report post Posted October 31 CryptON - this was the first name in the identification database 'ID Ransomware' before the appearance of Cry128, Cry9, Cry36. It was used to identify some variants from the X3M + Nemesis family. Later, were left in 'ID Ransomware' only Cry128, Cry9, Cry36, although the extortionists themselves several times reported on the real used names X3M, Nemesis, CryptON, about their tasks and goals. The affected users informed me of some successful decryption of individual Cry36 variants using the KL tool But many Cry36 variants have remained not be decrypted. Quote Share this post Link to post Share on other sites