Greetings. Just came here, because i wanted to make a thread related to this, since i have yet to see this anywhere.
I have been recently, infected by a ransomware quite recently, that i simply found out now.
Looking around, i have seemed to have found out that it looked pretty similar to another one named PcLock, but not the same in someway. As you can see, the webpage/interface is slighty different (including some email addresses), and the only info i have found about it (which pretty similar to mine, thankfully) was out of a report analysis done around 6 hours ago: https://www.hybrid-analysis.com/sample/bda316616f19691c1cc65c3f3acc332f54cd2ab4c0eb0d670c0fc228640ff87c?environmentId=100
Like given above in the report (which should spare some details honestly), it dropped within %appdata%/microsoft/crypto as Sysras.exe, and has a list of encrypted files saved as en_files.txt, which is a slight difference (notice which) from regular pcLock. It also dropped some stuff like txt files on desktop like this: (which im unsure if it was a payload on the original pcLock)
As i've noticed, the emisoft decrypter did not work with it honestly & i am slighty skeptical over some of my files, but i am curious if this could always be verified throu in a way.
Does this mean my files are off for good, or is there still a way to help with this? I'd be rather curious to know anyhow. ;)
Edited by mthelod, 11 November 2016 - 07:13 AM.