Our server was hit with a crypto virus that doesn't match the signature of any other ransomware that I can tell. I searched https://id-ransomware.malwarehunterteam.com/, AVG, EMSISOFT, and https://www.nomoreransom.org. We're trying to identify the virus to determine if any of our data was transferred offsite. We do not need to decrypt any of the files. Thanks for any help!
Ransome note filename: "readme.crypt.txt"
Ransome note contents:
What happened to your files ? All of your files were protected by a strong encryption with RSA-2048. More information about the encryption keys using RSA-2048 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem) What does this mean ? This means that the structure and data within your files have been irrevocably changed, you will not be able to work with them, read them or see them, it is the same thing as losing them forever, but with our help, you can restore them. CONTACT US BY EMAIL: firstname.lastname@example.org
Ransome note file was left in every folder that contains files that were encrypted.
Files in all folders on network shares that were accessible to user were encrypted.
Some files were not encrypted:.ini, windows shortcuts
All encrypted files were renamed, except for PDF files, by appending "!email@example.com___.vox900" to the filename, eg:
original filename: SSRSExportReport.exe.config
renamed encrypted filename: SSRSExportReport.firstname.lastname@example.org___.vox900
Has anyone seen ransomware that matches this signature, or can you recommend any tool or website that can help determine what kind of virus this is?
Thanks in advance!
Edited by NatHolder, 10 March 2017 - 07:22 PM.