long time lurker first time unfortunate poster
One of our clients just got hit with this on Tuesday. brute force attack over rdp 3389, found a user that was "needed" by client to scan and had a weak password. backups were compromised as well because share was left accessible to domain users huge screwup but i digress.
email@example.com-CL 188.8.131.52.id-1614714137-578233478334310455516964.fname-%file that was encrypted name%.doubleoffset (added the file that was encrypted myself each file has the long name and the original file name before .doubleoffset
"ransome note" is readme.txt:
write you country to firstname.lastname@example.org
ID RANSOME shows:
This ransomeware may be decryptable under certain circumstances. Please refer to the appropriate guide for more information.
sample_extension: email-<email>.ver-CL <version>.id-<random>-<date>.fname-<filename>.<extension>.doubleoffset
CLick for more info about cyakl
which lead me to the ransome ware group here.
tried several kapersky decryptors non worked. tried emisoft xorist also no dice.
i guess wanting to know if anyone has seen this version yet or has any ideas. seems to be the consensus that its a wait and hope approach to a key becoming available.
thanks for any help or suggestions