Hi guys, I'm helping a victim of a ransomware attack.
All his data has been encrypted. Access was gained through an open 3389/RDP port.
Password has been found by brute force.
Everything, including backups, have been encrypted.
The extention of the files is:: FILENAME.id-1234567890_[firstname.lastname@example.org].i05fp ID has been replaced by 1234567890 for privacy reasons.
Encrypted files are 36 bits larger then the original ones!
I tried to upload the ransom note here, but was unsuccessfull.
Cracking the key of this 'bastard' would be great, but first of all, I like to know if this ransomware is already known to other people.
Together we might achieve more, also tracking the bastards down. Because they leave interesting trails!!
If you're a victim or want to help, pls reply to this post.