A client of mine was hit with something that encrypted almost all the files on the data volume (drive D:) of their computer with .paradise as an extension. The C: drive was not affected I have had no luck searching for information.
I found a program named DP_Main.exe and two text files, all dated and timestamped around the time the encryption occurred. I have cleaned up the computer and restored almost all the encrypted data from backups, but it seems some of the backups were partially encrypted. There is a folder that has 15GB of data that I could not restore from the backups. I am hoping someone can figure out the encryption used and can create a decryptor.
The encryption process started running and seemed to abruptly end after about 4.5 hours. I think this to be true because only some of the backup drive was encrypted and there is no text file in any of the folders that says what happened or who to contact to get the files decrypted. I tried the ID Ransomware site, but since there is no text file about who to contact, it could not help me.
I have 2 zip files with 11 file samples from before and after the encryption, as well as the DP_Main.exe, which I can provide to help.
Thank you for your timely assistance.