Posted 10 November 2015 - 10:23 AM
Are there any file extensions appended to your files...such as .ecc, .ezz, .exx, .zzz, .xyz, .aaa, .abc, .ccc, .CTBL, .CTB2, .XTBL, .encrypted, .vault, .HA3, .toxcrypt or 6-7 length extension consisting of random characters?
Any files that are encrypted with the newer variant of TeslaCrypt will have the .exx, .xyz, .zzz, .aaa, .abc or .ccc extension appended to the end of the filename. The .aaa/.abc/.ccc variant drops files (ransom notes) with names like Recovery_File_*****.html, Recovery_File_*****.txt, restore_files_*****.html, restore_files_*****.txt, HOWTO_RESTORE_FILES_*****.txt, HOWTO_RESTORE_FILES_*****.html, HOWTO_RESTORE_FILES_*****.bmp (where ***** are random characters) and pretends to be CryptoWall 3.0.
Your screen shot of the ransom note above (howto_recover_file_*****.txt) is similare to the HOWTO_RESTORE_FILES_*****.txt created by a TeslaCrypt variant.
.Windows Insider MVP 2017-2018Microsoft MVP Reconnect 2016Microsoft MVP Consumer Security 2007-2015 Member of UNITE, Unified Network of Instructors and Trusted EliminatorsIf I have been helpful & you'd like to consider a donation, click