We were recently hit with a ransom-ware virus that encrypted a significant number of files on our fileshare. We took the computer off the network and wiped it - which, in hindsight may have been premature because now we can't get the ransom note. McAfee did not detect the virus.
I tried using the ransomware detector linked at the top of the forum but received a notice that I'd been blocked - perhaps because of the + sign in the filename that was mentioned in another post... (CloudFlare Ray ID: 28bd7a3f0b3e1ff4). In any case, it placed text files into nearly all directories with this filename: +REcovER+qypua+ (both .png and .txt files)
The files all begin with this verbiage:
All of your files are encrypted with RSA-4096.
More information about the RSA algorythm can be found here: <<URL follows>>
Decrypting of your files is only possible with the private key and decrypt program, which is on our secret server.
To receive your private key follow one of the links:
I hesitate to include the links, etc. because I haven't had a chance to read all the rules of the site. Please let me know how to send the files themselves and I can upload them.
If anyone knows of tools that can decrypt the files or of a company that specializes in this, I would greatly appreciate it.