Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

WannaCry, WNCry, WanaCrypt0r, Wana Decrypt0r Ransomware Help & Support Topic


  • Please log in to reply
247 replies to this topic

#241 jetternax

jetternax

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 10 November 2017 - 06:30 PM

How can i decrypt my files?



BC AdBot (Login to Remove)

 


m

#242 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,372 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:07 AM

Posted 10 November 2017 - 07:03 PM

If these tools do now work (the infected machine was rebooted or the OS was reinstalled), there is no other known way to decrypt files encrypted by WannaCry Ransomware without paying the ransom. If possible, your best option is to restore from backups or wait for a possible solution at a later time.
 

...the C2 for WannaCry is down, there's a very good chance you never get your files back from the attackers now. You can only try data recovery tools/file undeletion tools, but those are not certain to work.

xXToffeeXx~, Post #221
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#243 jetternax

jetternax

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 12 November 2017 - 12:45 PM

the C2 for WannaCry is down

 

but how u can know that?



#244 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,372 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:07 AM

Posted 12 November 2017 - 04:29 PM

the C2 for WannaCry is down

but how u can know that?


xXToffeeXx (who works with Fabian Wosar, the head of Emsisoft's malware lab), is one of our crypto-malware experts who researches, analyzes and investigates ransomware infections.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#245 FREEZ

FREEZ

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 03 January 2018 - 05:39 PM

Hi ,

 My home pc infected with wanacry/wanadecryptor ransomeware virus with extension WNCRY, WNCYR and OXR .

files infected with extensions > video files:WNCYR - image files:WNCRY - text files:OXR .

i already created a help thread here and posted some infected files in below thread but no luck yet .

https://www.bleepingcomputer.com/forums/t/665972/my-pc-infected-with-extensions-wncry-wncyr-oxr/

 

i tried to decrypt my files with wanakiwi but unfortunately my pc already rebooted several times and wanakiwi is not helping me anymore . i scanned my pc with malwarebytes but no success yet to remove virus . and i tried to restore my system but sadly no more restore point there .

now i have found this tool for removing virus , https://www.avg.com/en-ww/remove-win32-neshta

can i use it and will it not destroy my infected files , any idea please ? because my anti virus is continuously notify me about Neshta virus for removing but no success with malwarebytes .

 

and what tutorial is this ? "https://www.youtube.com/watch?v=zA_pDDA-Pv0"

would be nice if anyone check and confirm about it please .

 

Thank you


Edited by FREEZ, 03 January 2018 - 05:43 PM.


#246 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,372 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:07 AM

Posted 03 January 2018 - 06:15 PM

About Win32/Neshta
About Virus.Neshta

I provided these instructions 12 days ago for malware removal in your other topic

If you need individual assistance only with removing the malware infection, follow the instructions in the Malware Removal and Log Section Preparation Guide...all other questions or comments should be posted in the support topics. When you have done that, start a new topic and post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team. If HelpBot replies to your topic, please follow Step One and CLICK the link so it will report your topic to the team members.

Note: Disinfection will not help with decryption of any files affected by the ransomware.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#247 FREEZ

FREEZ

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 14 January 2018 - 12:52 PM

@quiteman7 , Thanks a lot for the instructions , and sorry for late reply .

actually in last few days i was removing viruses from my pc and i successfully removed , and i scanned pc with online antivirus "Eset Online antivirus" Malwarebytes and AVG Neshta Removal . but honestly Eset and Malwarebytes antivirus helped me a lot . now i need help to decrypt my files that are encrypted with extension WNCRY, WNCYR and OXR .

hope someone will find out a way to decrypt this kind of extensions . thanks for your support



#248 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,372 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:07 AM

Posted 14 January 2018 - 02:10 PM

There is a flaw in the ransomware in regards to how it deletes shadow volume copies. It requires a user to click Yes at the UAC prompt, and if they clicked No, then the shadow volumes will still be there and available to restore from.

Grinler, Post #212If these tools do now work (the infected machine was rebooted or the OS was reinstalled), there is no other known way to decrypt files encrypted by WannaCry Ransomware without paying the ransom. If possible, your best option is to restore from backups, try file recovery software or backup/save your encrypted data as is and wait for a possible solution at a later time.
 

...the C2 for WannaCry is down, there's a very good chance you never get your files back from the attackers now. You can only try data recovery tools/file undeletion tools, but those are not certain to work.

xXToffeeXx~, Post #221
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users