mattysyr, on 19 Sept 2013 - 2:58 PM, said:Did you move the data? Unmap network drives? Change permissions?
dangoo, on 19 Sept 2013 - 2:23 PM, said:
We paid the ransom 12-14 hours ago and left the application run over the night. In the morning we found that the private key was downloaded and the decryption started.
But is NOT decrypting. The message is:
"Failed to decrypt a previously encrypted file "Z\...\aaa.xls Perhaps the file maybe damaged or used by another process."
And this happens for ALL FILES.
The files are located on a mapped share. I restarted the file server, I checked if there are process accessing the files and there is not.
Make sure you can browse to the data from the PC, if you cant, the decrypter cant either...
No, I did not moved the data. I didn't touched the maps or permissions. And yes the data can be browsed.
The disks on the file server are in a mirror raid. I done a sector by sector clone of a disk and than reintroduced the original disk back in the server. I realized from the beginning that is not well to change something in the configuration, data, etc. I done everything on another computer, with file server turned off. After restart everything was normal, no raid replication ore other things.
(I done the clone to check if un-delete helps, but it's not.)
Now the application is running. If I hit "Cancel" it skips to the next file, but with the same error.
I don't know if is good to try to restart the PC. If something from this PC blocks the files? The question is, will the decryption restart?
Edited by dangoo, 19 September 2013 - 07:49 AM.