Hi, first of all thank you for all the information here and all the effort clearly behind it!
Now to the problem: My server was hit with a malware encrypting a lot of files. ID Ransomware identified is as Xorist and I tried the tool made by Emisoft with a couple of files (orig and encrypted) but even though the tool said it found a key, decryption was not successful.
The ransomnote 'HOW TO DECRYPT FILES.txt' says:
YOUR SYSTEM IS LOCKED AND ALL YOUR DATA HAS BEEN ENCRYPTED.
DON'T WORRY YOUR FILES AS SAFE.
TO RETURN ALL THE NORMALLY YOU MUST BUY THE DECRYPTOR PROGRAM.
PAYMENTS ARE ACCEPTED ONLY THROUGH THE BITCOIN NETWORK.
YOU CAN GET THEM VIA ATM MACHINE OR ONLINE
THE PRICE FOR DECRYPTOR SOFTWARE IS 1 BTC
BTC ADRESS : 13erqqbBFUaVLyLPwm3dUhApG4xAVQd5Ei
VERRY IMPORTANT !
DO NOT TRY TO SCAN WITH ANTIVIRUS YOU RISK LOSING YOUR DATA .
For more information : firstname.lastname@example.org (24/7)
Subject : SYSTEM-ID:20172018
The extensions of the encrypted files vary a bit, examples:
I have samples of an unencrypted file and its encrypted version which I can upload (the form says to wait for a sample to be requested).
Thanks a lot in advance!