Did you upload samples here?
Are there any obvious file extensions appended to or with your encrypted data files? If so, what is the extension and is it the same for each encrypted file or is it different?
Did the cyber-criminals provide an email address to send payment to? If so, what is the email address?
Without a ransom note it may be difficult to determine what infection you are dealing with. The best way to identify the different ransomwares is the ransom note (including it's name), samples of the encrypted files, the malware file itself, any obvious extensions appended to the encrypted files, samples of the encrypted files and information related to any email addresses used by the cyber-criminals to request payment.
Our crypto malware experts most likely will need a sample of the malware file itself to analyze before anyone can ascertain if the encrypted files can even be decrypted.
All files retain their native extensions.
As I stated opening this thread, no message.
I just got infected by i guess the same ransomware. it crypted all my files but did not change the extention of it. i did not get any Note anywhere.
when i try to open a photo, video or documents excel words i always get the message format or extention incorrect. however the extentions are exactly the same as before.
Malwarebyte found the ransomware and puted it in Quarantaine. the exe was wposys.exe. ( i dont know why that happen when they dont even ask for a Ransom hic
i did upload a txt encrypted https://www.bleepingcomputer.com/submit-malware.php?channel=168 now im just hoping for a decrypter ...
I found the same executable. Here is the really BLEEPED up bit about this, the PC on which this infection happened has been unmanned for more than a week. It had been running a historical market data analysis. I can't comprehend how that application got on this machine.
Additioinally, I have found 5 files that none of the malware/antivirus scans have picked up. They are in a directory off of AppData\Local\AQworks and each of the files ends in a ".3" and contain a mixture of Chinese & Korean characters and wingding font. Each file is 158kb in size.
The only software that I had running outside of the data analysis was TeamViewer. No web browser was open nor an e-mail client.
The windows security service/defender was stopped, the task manager disabled and now none of the "native" windows 10 apps will run.
Scratching my head and pissed off as hell.
Edited by Hank_T, 29 April 2017 - 08:44 AM.