We use a Thecus 7710G NAS which was attacked and encrypted. The tool on the ID Ransomware site was not able to determine the type of ransomeware. Here is the case on the ID Ransomware site: SHA1: 7d1cff7dea5ee8f5a5016381e962766b52c59aef
The encrypted file have been given the extension: .locked
All the directories on the NAS contain a file with name: _READ_ME_FOR_DECRYPT.txt
Here is the text of the ransomware note:
Your documents,photos,databases,important files have been encrypted by RSA-4096 and AES-256!
If you modify any file, it may cause make you cannot decrypt!!!
You have to pay for decryption in bitcoin
Before paying you can send to us up to 2 files for free decryption
and it can also prove that we have ability to decrypt.
Please note that files must NOT contain valuable information
and their total size must be less than 2Mb
How to decrypt your files ?
To decrypt your files,please following the steps below
1,Pay 0.4 bitcoin to this address: 1HUqiacJ6F6yLwTeGwohEdgWVuehibEegq
Pay To : 1HUqiacJ6F6yLwTeGwohEdgWVuehibEegq
Amount : 0.4
2,After you have finished paying,Contact us and Send us your Decrypt-ID via email
3,Once we have confimed your deal,You can use the tool we sent to you to decrypt all your files.
How to obtain bitcoin ?
The easiest way to buy bitcoin is LocalBitcoins site.
You have to register, click Buy bitcoins and select the seller
by payment method and price
If you have any questions please do not hesitate to contact us
Contact Email : JeanRenoAParis@protonmail.com
Edited by quietman7, 27 November 2017 - 08:27 PM.