Hi all guys,
I'm quite new to the ransomware world, but I'm facing a problem with a customer.
This type of ransomware has encrypted all the archives of my customer's company (archives back in 1995). Leaving the fact that previous Compsec society that has setup its security system in a very poor way, now he asked me to help him with this.
What we have found on his server are two files, one denoted 1NFORMAT1ONFOR.YOU containing:
Hello there. I can decrypt your files.
Email me: email@example.com
In case you don't get a reply, please email me here*:
firstname.lastname@example.org, email@example.com, firstname.lastname@example.org
* check your junk/spam folder first though :-)MM
These files have been encrypted (please, keep this .log): C:\Windows\7459374.log
Also we have found another file called ENCRYPT1ON.KEY123 containing a usual encryption key.
I've already tried to upload the ransom file and an infected file to id-ransomware, but nothing showed up.
I have to note that, differently from other ransomware, this particular type does not modify the encrypted file extensions, but once opened, files cannot be read. Another thing is that it has encrypted all the .xls .pdf .doc files but none of images with .jpg file (images are accessible as visualizable).
Sorry for my english, Is late night here in Italy!
have a good day and thank you for the attention!