On another thread a poster said I should post to a new thread with all info I posted there.
I ran the test at https://id-ransomware.malwarehunterteam.com/index.php
This ransomware has no known way of decrypting data at this time.
It is recommended to backup your encrypted files, and hope for a solution in the future.
- ransomnote_filename: !README.HTML
- sample_extension: .<5hex>
I right clicked a random file(not file used in test) and here is the properties. Don't have any idea if the file was a notebook page, works word processor page, or spreadsheet, etc..
Every encrypted file I checked also had 32 character, at dot, then 5 more like this one:
Properties of the file say Type file:
802ED File (.802ED)
Opens with: Windows Shell Common Dll
Here is a print scan of the test
Edited by charly1954, 18 July 2016 - 10:35 PM.