The ransom notes are all over as a README.txt that just says "to decrypt files write to this mail firstname.lastname@example.org"
I ran the ransom and an encrypted file through the ID Ransom and it came up as Cryakl. I am wondering if anyone has any information on decrypting the files. Looking at the files through a hex editor, the file names are within the encryption. I have matching pairs of unencrypted and encrypted files if anyone needs them. I dont know where the source came from as they did a "clean windows install" while keeping existing files.
Screen of the ID Ransomware
Edited by alucardxp, 07 March 2017 - 02:26 PM.