Jump to content
Posted 05 May 2017 - 02:01 AM
Posted 05 May 2017 - 04:06 AM
I have document crypted and another encryted if somebody is interssed
Posted 05 May 2017 - 10:11 AM
We've analyzed this ransomware, and unfortunately it is not decryptable. We've dubbed it Maykolin based on the email.
It generates a unique AES key per file using the first 65 bytes of the file, encrypts the first 300 bytes using RSA-4096, then uses that AES key to encrypt the rest of the file. No way to recover the bytes that derive the key.
Technically if you have the original of a file, I can generate a key to decrypt the majority of the file, but the first 300 bytes would be still securely encrypted. Plus, it's a different AES key for every file, so I could only decrypt that one file - which you have the original of, so there's no point. There's no file format that has a consistent predictable 65 byte header, so no way to bruteforce even known file types.
If I have helped you and you wish to support my ransomware fighting, you may support me here.
Posted 24 May 2017 - 12:25 AM
Hallo! I have executable files of this encoder. Where I can send them to help with development of the decoder?
Posted 24 May 2017 - 05:27 AM
0 members, 0 guests, 0 anonymous users