I opened my work laptop today to find that all my documents and images on specific drives were encrypted, they remain with the same name and extension but with .4A5C4 at the end.
There was a ransom notes in almost every folder on those drives (G and H) in form of txt html and bmp with the name A301.... as explained by the ransom note, my public key.
A few google searches told me that this is a ransomware and most links directed me to tesla ransomware solutions and I followed the manual solutions as in rebooting into safe mode and deleting everything ransom related, thankfully it did not infect my documents inside the user folder or the sample pictures, I believe that the C folder was safe.
I deleted all ransom-related stuff from the drive and when it came to decrypting, tesla decryptors did not work, I found out that this is not tesla but another ransomware since tesla only uses specific file extensions not a random string, I found nobody with the same string in the extension.
When I used ransomware ID, it said that this was CryptXXX 3.0 but it said that was only due to the fact that the extension is a 5 letter hex, the file size is almost the same with an addition of a couple of KBs or something, like from 30 to 32KBs or 749 to 756KBs.
I don't have a ransom note, but it was almost identical to the samples people post, what happened to my files, RSA 4096 encryption, public key, 3 onion links.
I have some backups but they are over a year old, a lot has happened since then and I really need those files.
Finally I tried Rannoh decryptor from kaspersky, it says it can identify CryptXXX V3 but it says nothing when I compare 2 same files (encrypted and non) this is the report.