I was affected from a Ramsomware that creates files extension:
Your PC ran into a critical problem and all files have been encrypted with .missing extension.
Including all partitions from all drives. Its impossible to decrypt your files by yourself or with
thierd parties softwares and doing such a thing could damage all files forever.
The only safe method to recover your data is contacting the email below and purchasing for the right decrypter software.
ID code: .MISSING_xxxxxxxxx
Contact the email with your ID code and 1-2 files for free decryption to make sure the data is still safe and undamaged.
If you dont receive an answer within 12 h, email again from another email service.
The faster you purchase the software the sooner you get back on track.լ㐐
id-ransomware Says its Apocalypse (new variant)
We paid the Ransome they sent a program called. "Windows Reparation Smard Decrypter.exe"
But this required another key that we had to pay for.
Did a little checking on the Tool the Ransomware guy supplies "Windows Reparation Smard Decrypter.exe" with IDR it looks for the following files .encrypted .crypted_file and .missing. As far as I can see it the first file is apocalypse the second is Kangaroo ransomware and the last one is the new one.
On the terminal server the main attacker was ip 188.8.131.52 kept on logging in and disconnecting every hour or so during the time of the encryption. There where a few others 184.108.40.206, 220.127.116.11 and 18.104.22.168 but they only logged in once or twice.
Checked the %AppData% and %LocalAppData% folders for each user profile, in addition to the %ProgramData% folder to see if there are any files in those folders? Any executable files (.exe, .cmd, .bat, .com, .scr, .pif, etc) or script files (.vb, .vbs, .js, etc). there where none.
Ran FRST Sent to emsisoft.com they found nothing.
Also did a virustotal and reverse.it check
Still no luck in working it out.
The company I work for will be paying the second Ransome as there is no backup for the customer.