I have gotten infected by ransomware on my SBS 2011 server. This server was my Backup Exec Media server. I have been trying to find a way to recover my files from tape backup but am having trouble. None of the online decryptors from Kaspersky or bitdefender etc have worked. Here are the things I know:
1. Files are decrypted with a .WALLET file extension. Full extension looks like this: <File>.<Extension>.[ncrypt@cock.li]-id-32E0.wallet
2. I can rename files and delete the extension but still cannot open them.
3. It looks like the file that did the damage was called payday.hta and was placed in the %APPDATA% folder of the infected user account.
4. The ransom note is named ! How Decrypt Files.txt and has very little information:
Hello!
All your files have been encrypted
Want resore your files? Write on e-mail - ncrypt@cock.li
Please give me any help you can!
Thank you.