I've been working all afternoon to determine what type(or types) of Ransomware has infected this server that I'm working with and now I'm hoping someone here can help me. I've uploaded a few of the encrypted files (extension .BTC.[firstname.lastname@example.org].wallet) and so far it's indicated that it's a Dharma encryption. I've downloaded a handful of different decryption tools, but none of them have been able to make heads or tails of the files. I've attached an example of the encrypted files, as well as what I believe is the original version of the file. If anyone has ever run into these or knows what I could do to decrypt these files, that would make my day. At the moment I'm stuck reimaging this machine and simply backing up this data in the event one day it can be decrypted.
Ransomware Encrypted File: https://www.sendspace.com/file/cxcv3h
Original File: https://www.sendspace.com/file/dhimlc
Edited by Caidaen, 20 April 2017 - 11:26 PM.