I have gotten infected by ransomware on my SBS 2011 server. This server was my Backup Exec Media server. I have been trying to find a way to recover my files from tape backup but am having trouble. None of the online decryptors from Kaspersky or bitdefender etc have worked. Here are the things I know:
1. Files are decrypted with a .WALLET file extension. Full extension looks like this: <File>.<Extension>.[firstname.lastname@example.org]-id-32E0.wallet
2. I can rename files and delete the extension but still cannot open them.
3. It looks like the file that did the damage was called payday.hta and was placed in the %APPDATA% folder of the infected user account.
4. The ransom note is named ! How Decrypt Files.txt and has very little information:
All your files have been encrypted
Want resore your files? Write on e-mail - email@example.com
Please give me any help you can!