Hello all, thank goodness this forum exist! Many thanks to the creators, contributors and moderators.
A computer on my network was infected with ransomware and it proceeded to encrypt the files there and then moved to my public network locations on April 9th.
I'm struggling with the identification of this one. I've used a few identification sites but have had no luck, so I'm hoping someone here can recognize it.
The file extension is .WAITING, the emails provided to respond to are: email@example.com & firstname.lastname@example.org
The ransom note is as follows:
All your important files were encrypted on this PC.
All files with .WAITING extension are encrypted.
Encryption was produced using unique private key RSA-1024 generated for this computer.
To decrypt your files, you need to obtain private key + decrypt software.
To retrieve the private key and decrypt software, you need to contact us by email email@example.com send us an email your !!!INFO_RESTORE!!!.txt file and wait for further instructions.
For you to be sure, that we can decrypt your files - you can send us a 1-3 any not very big encrypted files and we will send you back it in a original form FREE.
Price for decryption $600 if you contact us first 72 hours.
I've tried many decrypters from TREND as well as Rakhni. At one point I changed the file extension on a test file from .WAITING to .LOCKED and ran RAKHNI on it. I was able to get the key however, it was unable to decrypt the file (as it was probably the wrong decrypter)
Appreciate anyone's advice, thanks for reading!