The attackers 'support' sent me a decryptor.exe file to run after paying the ransom. it unlocked about 20 files and then said decryption complete. Subsequent runs showed no files being unlocked, and an immediate decryption complete. They sent me a couple more decryptor.exe files before finally giving up and ghosting me.
I've tried running the decryptor from different pcs(with access to the same network drive), as admin, and from different folders, all with the same result. Is there a chance the decryption key can be extracted from decryptor.exe and manually used on the files? Any other avenues?
My Recover-files-726.html file looks like this, and encrypted files end in a .726 extension. I also tried trend micro's decryptor while choose the globe imposter setting, assuming that was correct.
Your files are Encrypted!For data recovery needs decryptor.If you want to buy a decryptor, click the button
Yes, I want to buy
Free decryption as guarantee.
Before paying you can send us 1 file for free decryption.
To send a message or file use this link.
( If you send a file for free decryption, also send file RECOVER-FILES.HTML )
And finally, if you can not contact, follow these two steps:
1. Install the TOP Browser from this link:
Then open this link in the TOP browser: support