a client got infected with ransomware. I have isolated the file itself (or the file which downloads the actual ransomware, not too sure).
The encrypted files are named after the following scheme: delz1.exe.id-6889E5E1.[firstname.lastname@example.org].arena
The ransomware dropped a file on the desktop named FILES ENCRYPTED.txt with the following text:
all your data has been locked us
You want to return?
write email email@example.com or firstname.lastname@example.org
I actually wrote to both email addresses, but no response so far...
The software had disabled shadow copys and left no further information (i.e. a desktop wallpaper or .htm file with instructions). It encrypted pretty much all data except for some .mdf and .ldf MSSQL database files (thank god!)
Is there any way to get the data back?
I uploaded the virus itself (filename _psi.exe) to virustotal with the following result: https://www.virustotal.com/de/file/539d663a0715894ae70812e095fbd5a5529efb0b5017a3ef18e5e64bc61c524e/analysis/
I tried some decrypter so far, but no luck Is there any way to get the data back?
Here is a upload of a some encrypted files: https://wetransfer.com/downloads/352622b7d98d4c8ed31c5b3a03d1b38620171106191532/d28caedcd434ab08bb3dcd9e2d05ac1920171106191532/9cc7bc
Here is the original virus: https://we.tl/sCFgY6YIzT
Thank you so far and kind regards,