i am an german software engeneer. We had in November our Network infected by an Ransom ware wihich renamed and crypted all PDF, Office, Txt,
- Our It found the source with the malware and desinfected it.
- The malware crypted all files are accesable for the infected machine.
- The Server harddrives are restored via backup.
Now are some important files on accessable directories crypted andnot accessable.
Some facts about the malware found out:
- pandaunransom.exe, RannohDecryptor.exe and some other dycrytors does not work.
- Every file is renamed in [FILENAME].firstname.lastname@example.org_email2_key@moonlinet.com .
- I found out, that the ID is indvidial for the source malware i think. Some other posts in the inet has the some name but other id.
- Examining the files i found out, that the malware only encryping the first 60 Bytes. The rest of file is at it was.
- Recovery tools like recuva did not find anything.
- The real byte size of file changes with a difference of three bytes.
some example filename:
has someone expirences or some tip to get the files decrypted?
thanks and regards from germany
Attached files: One File in crypted and original.