We have a customer that was hit with this as well. It is a bit misleading as to what it is. The filename "HELP_DECRYPT.txt" suggests CryptoWall 3.0, but the ".crypt" extension mirrors that of Scatter. It also seems like a cheap knock-off version. Our customer's was asking for only $100 ransom, but we still advised against it.
I've tried the Kaspersky tool and a few other ransomware crackers for fun, no luck. I don't know how to assess it further I'm afraid.
The ransom note reads:
All your main files were encrypted!
Personal documents , photos and videos were encrypted . Files such as: jpeg , doc , docx , avi , excel , and others will be unreadable .
Encryption was made using a unique public key RSA-2048 generated for this computer.
TO DECRYPT YOUR FILES YOU NEED TO BUY A SOFTWARE WITH YOUR UNIQUE PRIVATE KEY. PRICE IS $100
This Software with Key will allow You decrypt Your files and PROTECT YOUR SYSTEM FROM ANY VULNERABILITY!
Remember the main reasons that may cause deleting your private key FOREVER:
- You have only 72 hour to get your private key. Do not waste your time. After 72 hour period Your key will be deleted
- Any attemps to remove this encryption will be unsuccessful. You cannot do this without your key!!!
- Do not send any emails with threats and rudeness to us. Example of Email format is "Hello! I want to decrypt my files. My ID number is ......
I have attached a file for a free decryption. Waiting for my next instruction"
Please contact us by email, along with an identification number, which is shown in the picture and is specified in the file "HELP_DECRYPT.txt".
We can remove encryption from a single file for FREE. Just send it us and then You will receive a decrypted file. It will be your guarantee!
Contact Information :
I did a Google image search of the JPG version, and it found no matches, making me think this is rather new.
I have sample encrypted files if that helps the cause. We are looking for any droppers or suspicious files on the computer currently.