Last week Kafeine posted an analysis of a new ransomware called CryptXXX on the Proofpoint blog. Based on their analysis they determined that CryptXXX is affiliated with the developers of the Angler Exploit Kit as well as the Reveton screen locking ransomware family.

When a user is infected with CryptXXX, all of their data will be encrypted and have the .crypt extension appended to the filenames. The ransomware developers would then demand 500 USD or approximately 1.2 bitcoins to get the decryption key. To make matters worse, this ransomware will also attempt to steal your bitcoin wallet and harvest information and credentials related to your FTP client, instant messenger clients, emails, and browsers.
Thankfully, yesterday Kaspersky released a free decryptor for this ransomware.
Kaspersky releases a free decryptor for CryptXXX files
With the amount of ransomware being released and the torture they bring to people, it is a good day when someone releases a free decryptor for a ransomware program. Yesterday, Kaspersky was able to figure out a weakness in the CryptXXX ransomware and release a free decryptor that a victim can use to get their files back.
This new decryptor is called RannohDecryptor and will try to determine the decryption key in a encrypted file. If it is unable to do so, a victim will need to input into the program the same file in its encrypted and unencrypted format. Using this file pair, the decryptor can then determine the decryption key used by all of the encrypted files. As a heads up, you will most likely need to find a pair of files that are both encrypted and unencrypted. Also, the decryptor will only be able to decrypt files that are smaller than the files you derived the key from. Therefore, try to use a large file pair.
Since its not always easy to find a pair of files that are large enough to work for all of your encrypted files, one of our members Gaberr had a nice trick. Find your largest encrypted file and then use that with the free decryption that the CryptXXX devs offer. You will then have an encrypted and unencrypted pair that can be used with RannohDecryptor.
If that does not work for some reason, what I usually suggest people do when they need a pair of files (unencrypted + encrypted) is to use the sample pictures found in the C:\Users\Public\Pictures\Sample Pictures folder. These images are always encrypted by a ransomware and their unencrypted versions can easily be downloaded from another computer. To make it easier, I have created a repository of the Windows 7 sample pictures here: https://download.bleepingcomputer.com/public-sample-pictures/sample-pics.zip. If you find Windows 8 or Widows 10 use different files, let me know and I will upload a repository from those operating systems.
To start the decryption process, simply download and execute the above file. When you run the program and click on the Start button it will ask you to select a encrypted file. Once you select a file, it will try to determine the decryption key. It most likely will not be able to do so and will prompt you to select a pair of the same file that are encrypted and unencrypted.
Select an encrypted file from the C:\Users\Public\Pictures\Sample Pictures and it will then ask you to select an unencrypted version of the same file. Simply download the corresponding unencrypted image from here and select it. The decryptor should then be able to determine the decryption key and start decrypting your files.

When it has finished decrypting your files, you can close the decryption program and remove it from your computer. It is also suggested that you scan your computer with the antivirus or anti-malware program of your choice to remove any other leftovers.
Updates:
5/13/16 - I zipped up the Windows 7 pics into a single zip. The guide above was updated with this info. Kaspersky also released a new decryptor for the CryptXXX 2.0 version.
Files associated with CryptXXX:
de_crypt_readme.bmp
de_crypt_readme.txt
de_crypt_readme.html
%AppData%\[id].dat
%Temp%\{C3F31E62-344D-4056-BF01-BF77B94E0254}\api-ms-win-system-softpub-l1-1-0.dll
%Temp%\{D075E5D0-4442-4108-850E-3AD2874B270C} \api-ms-win-system-provsvc-l1-1-0.dll
%Temp%\{D4A2C643-5399-4F4F-B9BF-ECB1A25644A6}\api-ms-win-system-wer-l1-1-0.dll
%Temp%\{FD68402A-8F8F-4B3D-9808-174323767296}\api-ms-win-system-advpack-l1-1-0.dll
Comments
ScathEnfys - 3 years ago
"will also attempt to steal your bitcoin wallet" wonder why this hasn't happened already... good job Kaspersky for being quick on the uptake ^_^
JesseBropez - 3 years ago
Bedep may also be on the system, so run ESET's Bedep removal tool! This infection is able to execute because of outdated and vulnerable programs such as Flash, Silverlight, Java, and IE.
a1anne - 3 years ago
And I suppose that if on windows 8 I don't find any sample picture there is nothing to do ? ;(
Lawrence Abrams - 3 years ago
Unfortunately, you will need to find something on your own then.
a1anne - 3 years ago
I did find something I'm so happy thank you very much =) But do you know what is the maximal lenght of the files that can be decrypted ? I have a few video which couldn't be decrypted because it says it was too big. (sorry English isn't my mother language, I know i'm not using the good vocabulary it was written and I forgot the term ^^')
Lawrence Abrams - 3 years ago
From what I understand the decryptor will only decrypt files that are smaller than the pair that you used to generate the decryption key. So for really large files, you will need to generate the key with a pair of files bigger than the others you want to decrypt.
a1anne - 3 years ago
Ok I'll test this tomorrow since it's late here thank you for your answer !
a1anne - 3 years ago
And an another question since i'm at it, I forgot to select (or didn't know I could do so) the option to delete all crypt files after the scaning. If I do the scan again will it only delete all the crypted files or it will also duplicate the decrypted files. Since it took 6 hours the first time it may takes less longer to deleted them one by one in order to not have all the files in double ^^'
Lawrence Abrams - 3 years ago
Not sure on this one.
a1anne - 3 years ago
I tried it with the first files that were decrypted when it launch again and it doesn't duplicate the files, only delete the crypted ones it's perfect ;) Another question of this kind, do you know a way to delete all those ''read me'' files that the virus put in every folders of the computers ? Or do I have do delete them one by one ?
Normal25 - 3 years ago
Messag To : Mr.Grinler
Dear sir,
can you do one help for me ?
my all excel file is encrypted by RSA4096 Ransom ware :(
I read your article about [ Decrypted: Kaspersky releases free decryptor for CryptXXX Ransomware ]
I got 7 sample pictures from here: http://download.bleepingcomputer.com/public-sample-pictures/.
but I don't have encrypted file of sample pictures ,
because that Ransom ware encrypt my doc ,pdf , and excel files only .Jpg file is not encrypted , that's why I can't find encrypted file of sample pictures from my pc
if you have that encrypt file of sample pictures pls share it with me... :(
AQUAR - 3 years ago
I used a program called search everything.
It will list all these "read me" files and from there they can all be deleted in one go.
elyogui - 3 years ago
Even when there is no solution to end the process throws the error that some files could not be decrypted, the error is:
0x0bd8 Can not decrypt file: \\? \ C: \ Users \ user \ Music \ Music \ Music \ sample (2) .mp3.crypt, size too large
Several pending files, including important photos.
Thank you very much for your great help
tpapple - 3 years ago
can't decrypt above 40K files.
but thank you all the same.
virusdoc - 3 years ago
Thanks for this, you made me a hero! Client had 33,871 encrypted files, this decryptor decrypted 33,606 of them, for a success rate of 99.22%. We found a "before and after" file pair of a large .jpg file (12,212 KB), so that helps to account for the high success rate.
I've tested 10 of the most common file types after decryption, and all of them work exactly as they did before encryption. The only slight negative is that now all the recovered files show their Date modified as the date and time of the decryption. But selecting Properties and looking at the Details tab shows the actual creation date, if you ever need it.
I do have one question. The report produced is very helpful, but there doesn't seem to be any way to print, export, or even save it. With more than 67,000 lines in my report, it's not feasible to manually go through it looking for the files that could not be decrypted. Trying to use F3 to find those messages didn't work, either. Any hints on how to make the report more usable?
elyogui - 3 years ago
Good morning, in my case I had 2 computers that had the variant on a computer was achieved 99% and the second 60% was achieved, there will be an update of the tool apra to recover other files that marked the error "size too large", as there is still very important information. Thank you very much for your support
Lawrence Abrams - 3 years ago
Looks like the latest version can no longer be decrypted :(
fishroe - 3 years ago
Hi. I had transferred all the 'virus' files (in .crypt) to a new hard drive & reformat my PC.
Copy 1 crypt folder to my desktop. When I run the kaspersky decrypter, it does not work.
A window prompt the following: 'Original copy of the specific files is required for successful decryption. You need to specify a path to this original copy after pressing the button Continue' Or 'Encrypted file size does not equal to original'.
What should I do? Thanks in advance!
virusdoc - 3 years ago
In order for the decryption program to work, you need to give it the encrypted version and the unencrypted version of the same file. Pick the largest pair of files you can find, as that file size will be the maximum the program can decrypt. The client I was working with had an unencrypted photo that was 12.2 MB and the .crypt version of the same photo, so that's the pair we used. That gave us a 99.22% success rate in decrypting those files.
joechou0929 - 3 years ago
Hi: I have the paired files. However, every backup file I have is slightly smaller than the .cryp ones. Since that, I cant get the program to run. I follow the steps: 1st I select the .cryp file then I select the original one, am my right?
Thnaks in advanced.
a1anne - 3 years ago
Hi, when did you encounter that cryptoxxx virus ? Because : « Looks like the latest version can no longer be decrypted»
joechou0929 - 3 years ago
Hi:
It happened yesterday. After clicking yes to agree the svchost application to chang my pc....
a1anne - 3 years ago
So it's as I said, it seems like it's the latest version of CryptXXX so the decryptor doesn't work anymore. You should take a look at the forum to stay in toune for the futur of this case.
virusdoc - 3 years ago
In my case the encrypted and the unencrypted file were showing exactly the same file size. These files were encrypted last Wednesday, May 4, so it was not the latest variant of CryptXXX.
fishroe - 3 years ago
Got infected late April. All my files ends with the extension .crypt.
Only transferred the files over to a hard drive. Extremely clueless on how to get a pair encrypted version and the unencrypted version of the same file.
a1anne - 3 years ago
Could be anything as long as you have the original one in the same conditions as the your file was at the moment you got hit. As for me it was anime video that I had downloaded weeks ago that I just redownload on the net, and use the new file in a pair with the encrypted one. So if you have this kind of video, a picture that you had on your computer that you kept on a memory card, a game that you downloaded that hasn't had any upgrate since then, everything like that should be fine.
Again sorry English isn't my mother language, could have help you more if it was.
fishroe - 3 years ago
Thanks a1anne, virusdoc & Grinler for explaining to me patiently. Finally manage to find a pair! Now in process, fingers cross!
Thank you everybody if I miss anyone out.
Lawrence Abrams - 3 years ago
If its a newew infection of CryptXXX, then the decryption wont work anymore. If its an older version, you can use the free decryption to decrypt the largest file you have. You will then have a unencrypted/encrypted pair to work with. Thanks to Gabor for the trick!.
insec - 3 years ago
I'm infected with ".crypt", when run this tool and click on scan, it's asking to select the encrypted file, after selected again it's asking the "Original copy of the specified file is required for successful decryption. you need to specify the path to this original copy after pressing the button continue".
Can i have any suggestion/recommendation on this.
Normal25 - 3 years ago
hi ,
i don't have encrypted .jpg file , i have only .crypt excel file , how can i decrypt this file
pls help me..... :(
fishroe - 3 years ago
Found a huge file and managed to recover 99% of my files, while some are still damage (I delete the extension .crypt & file is in error now despite putting the extension back).
I have a pair of 314MB file (mp3) that works. Anyone needs a copy to kick start?
https://www.dropbox.com/s/g23uims0y7hzbl2/Pair.zip?dl=0
Normal25 - 3 years ago
Dear fishroe , I try with your Pair file , decrypt process is working but I can't open that decrypt file , can you share 700kb encrypt file and decrypt file , pls..... :(
fishroe - 3 years ago
Any file copies on your thumbdrive or on another PC that might be able to pair (can be an instruction PDF file or DOC from a program / game which you can find when u install a progam)?
I tried 20 pairs before I found 1-3 that will work, from PDF to jpg then mp3. To cause further damage to your files while decrypting, put the affected files in a new drive & wait for new help. I tried to decrypt by copying affected folder to desktop to test first, and prevent further damage. If it does not work, at least I still have the affected files in the 'first encrypt form'.
Couple of my MS office documents were not able to recover after I tried using different 'cures'.
zhyl810 - 3 years ago
Actually I think it is useless to use other's pair. I have tried your pair as the sample, and try to decryption. After decryption, the file can not be open. I think there may be two reasons. First, Kaspersky ask you to give your unique sample may because the private keys for different victims are not the same. Second, maybe the newly affected files have been add several bytes of codes. Although the tool works, the algorithm can not give correct results.
Normal25 - 3 years ago
pls help me .... :(
if any one have excel encrypt file and decrypted file then pls share it with me
fishroe - 3 years ago
As most of my files were recovered, that was the only pair I save aside.
For smaller files, this article have the sample pictures attachment. That might be able to help.
Normal25 - 3 years ago
thank you very much fishroe...,
this article's sample pictures is original file only , there is no encrypted file
if you have that .crypt file pls share it.......
fishroe - 3 years ago
Is yr sample pictures in your library affected (in .crypt) too?
If not, try my paired files again, maybe put in same folder as yr affected files. As it is a huge file, the best pair I had for recovery. But don't know why it does not works for your small file.
Normal25 - 3 years ago
I don't have encrypted file of sample pictures ,
because that Ransom ware encrypt my doc ,pdf , and excel files only .Jpg file is not encrypted , that's why I can't find encrypted file of sample pictures from my pc.. :(
jojieF - 3 years ago
I'm in JPN. Sorry my english is not good.
I'm trying to find the pair of the files, but the org file and the encrypted file are not exactly same file size. I'm sure that is org copy file . but It's a little bit different file size.
So is there way to solve this problem?
Please help...
fishroe - 3 years ago
Do try my paired files https://www.dropbox.com/s/g23uims0y7hzbl2/Pair.zip?dl=0
Nessa_sery - 3 years ago
The paired files worked for me! I got all of my files back!! THANK YOU!!!
Normal25 - 3 years ago
that decrypted file is working ? I mean open?
Nessa_sery - 3 years ago
I had to restore my files to previous versions but so far only 100 out of like 2,000. The rest say there is no previous version =( If anyone knows how to fix that, please help!!
rans019 - 3 years ago
When did you get affected.
jojieF - 3 years ago
Dear fishroe,
I tried Paired files, then file was decrypted.
However file was not opened.
Is there another sample of Pair?
please help me.
fishroe - 3 years ago
There should be a pair of encrypted and decrypted file in the compress folder. Unzip and launch the Kaspersky program to start. Chose the .crypt file and continue with the working file. As my files were all recovered, this is the only pair I had left to share. Hope it helps.
If your ransomeware is of newer version, it will not work as mentioned in this topic. Mine was RSA4096 Teslacrypt
jojieF - 3 years ago
I took note when I afeected this problem. it was indicated RSA4096 on monitor.
Actually I used your Paired file , because all of my .scrpt files are different size around 200bite as original files.
When I used your Paired file , the Kaspersky program worked ,then decrypted the file.
but that file could not open.
I think , my ransomeware is new version , or the decrypt key is different.
zhyl810 - 3 years ago
I think use other's pair sample doesn't work. Otherwise, why doesn't Kaspersky embedded a pair of sample for us and urge us to give the samples? Maybe every ID has different private keys. So, if you use others sample, your data may be destroyed. Take care.
fishroe - 3 years ago
Never thought of that since this topic author also shared some sample pictures. Best is backup first and wait.
bullgom - 3 years ago
It doesn't work on new one...RZA4096
sonixpc - 3 years ago
Has anybody actually receive the decrypt key after paying the ransom?
bullgom - 3 years ago
I've tried to get in touch with these hackers, but I couldn't even login to their website, I think these hackers forgot to validate the ID numbers...
Besni - 3 years ago
Got infected on 12.5.2016 with this virus.
Tried tool rannohdecryptor .exe from Kaspersky, but with new virus RZA4096 I got message 'Encrypted file size does not equal to original', so for now tool is not working.
Hope Kaspersky will make cahnges to rannohdecryptor tool to work with new virus.
Besni - 3 years ago
Kaspersky just now released updated RannohDecryptor that is working with new RZA4096...
You can find it on next link: http://support.kaspersky.com/viruses/utility#rannohdecryptor
Normal25 - 3 years ago
Al-hamdulillah , my all files Decrypted now..
thank you Very Much.... Besni..
thank you Very Much.... Fishroe
thank you Very Much.... Grinler
thank you Very Much.... Kaspersky
FireFoxII - 3 years ago
Why doesn't work on DBF file and not decrypt MDB file ?
jojieF - 3 years ago
I tried RannohDecryptor of new version.
It was decrypted some files , .jpg .xls .pdf etc, , , .
However .ai file ( ADOBE Illustrator ) was not decrypted.
Do I have to wait the update from Kaspersky , or any other way?
FireFoxII - 3 years ago
Seems that some type of extension are not recognized by the tool...
Same for me with DBF extension file
uset - 3 years ago
Hi...
We try using RannohDecryptor, but always display error message
'Encrypted file size
does not equal to original', so
for now tool is not working, why and how to decrypt my files?
Best Regards
zhyl810 - 3 years ago
use the latest version, you can find it from the above discussion
adang - 3 years ago
@zhyl810 -
We try it but not successfully
jojieF - 3 years ago
I find how to descrypt .ai file.
first change name .ai to .pdf. then use Kaspersky tool of latest version.
It will decrypt this file.
After this the file change name again to .ai.
So it can open by illustlator software.
It is long process , but so far it is only way to descrypt .ai files .
I hope Kaspersky will update including .ai file.
lightningprinting - 3 years ago
Fishroe: Your dropbox address is not working. Have the files been taken down? I am having a similar problem with mismatched files with the Kaspersky method so any help you can provide would be great.
fishroe - 3 years ago
Hi. Someone highlighted that every decrypted key is different. My paired files may cause further damage to your files. If you like to try, I suggest you back up the affected files first then download my pair files to test. I had temporary taken down the link.
Hope it helps. New link as follows: (314mb mp3)
https://www.dropbox.com/s/ayuwyatohuigtoy/Pair.zip?dl=0
Steven_Shih - 3 years ago
It's fail to decrypt by Kasperskay Rannoh Decryptor 1.9.1.0..
The size of original file is differnet with the encrypt file, it seems it is a latest variant..
My computer was infected on May 17.
Steven_Shih - 3 years ago
My paired files are with different size.
The original file is slightly smaller than the .cryp ones. Since that, I cant get the program to run.
lightningprinting - 3 years ago
Mine was infected on May 16. Is there any news on an updated fix from Kaspersky?
defcon1186 - 3 years ago
Same here on some of our network users, Infected on May 18
munozbasols - 3 years ago
nOT WORKING FOR .MDB FILES....
moonitzz - 3 years ago
What If I have NO sample pictures? I don't know if I delete them in some point or something, bu there's no sample pictures in that folder, only other pictures encrypted. Also, my computer was infected may 18th and all of my files have the .CRYPT extension.
rans019 - 3 years ago
Hi everyone, please i got infected yesterday 19th May 2016 and i have been up all night. all my files are now having .crypt extension. i tried all the Rannoh decryptor releasedon the 13th but its not working. what can i do? please.
musicque - 3 years ago
It's not working.
error message is 'Encrypted file size does not equal to original'
I tried infected file and normal file.
how can i do?
spanzifull - 3 years ago
With 20 may 2016 version i am getting the following “the decryption of files encrypted by this variant of Trojan-Ransom.Win32.CryptXXX is not supported”
Anyone with any tips on this?
Steven_Shih - 3 years ago
Today, May 20th
Kaspersky launched its latest ver. of Rannoh Decryptor 1.9.1.1
But after trying this lastest ver., that is still not working on my crypted files...
Message was showed "The decryption of files encrypted by this variant of Trojan-Rarsom. Win32. CyptXXX is not supported.
LupeaMarian07 - 3 years ago
hello guys..I've got the virus two days ago, but my extension is .cerber...so no chance for me for the moment....
greenhills - 3 years ago
Hi, I just got infected on 18 May 2016 and cannot get any success using Rannoh Decryptor 1.9.1.1 either. Any ideas on whether / when Kaspersky will have an update that handles this new .crypt? thanks for any insight
mgh_motevakkel_khd - 3 years ago
Hi, I infected by tesla crypt 4.0, and after then infected by CryptXXX, I can decrypt some file with
"1) decrypt by RannohDecoder 2) decrypt by teslaDecoder"
but reminder of my files can not process by RannohDecoder (with the error of Processing Error),
please if you have a solution for decryption by Kaspersky Rannoh to decrypt fully a teslacrypt 4.0 encrypted file, say me...
rans019 - 3 years ago
Hello mgh_motevakkel_khd, when were you infected?
mgh_motevakkel_khd - 3 years ago
My laptop infected by teslacrypt 4.0 in "April 8, 2016"
and then infected by cryptXXX ransomware in "April 9, 2016",
I can recover the files that encrypt by on of them but since most of my files encrypted at first by teslacrypt 4.0 and then encrypted by cryptXXX the RannohDecoder can not recover many of the encrypted files (by Teslacrypt 4.0) with proccessing error,
brighthorizon - 3 years ago
Just got hit with CryptXXX v3. Kaspersky tool giving message: “the decryption of files encrypted by this variant of Trojan-Ransom.Win32.CryptXXX is not supported”
Any word on when v3 will be supported?
kradset - 3 years ago
same here with Crypt XXX with “the decryption of files encrypted by this variant of Trojan-Ransom.Win32.CryptXXX is not supported” ..
thanks
superikey - 3 years ago
Same here, got hit with new v3 variant, files renamed to .cryp1 now. none of the kaspersky tools or trend tools seem to work, and website that accepts the ransom payment has been sitting for 3 days "please wait" with my sample file, and half the time website is down.
superikey - 3 years ago
I thought everyone should know, we paid the ransom (reluctantly) and the tool works just fine and all our files are now encrypted.
selendogan - 3 years ago
my computer infected with cryptolocker at 20.05.2016. All of the files had an extension such 'crypt.' I transferred all data to an external driver and formatted the computer. I upload an example of file to your suggested website and they found 4 possible ransomware: cyptxxx3.0, cryptxxx, chimera,cryptxxx2.0 respectively. I dont know which one is the responsible type but I tried the recent trend mico solution on my doc file. Now i see the word image as decrypted but the office can not open the file and say 'there is a problem with the file content and office can not open the open xml file (original file name). They suggest to use 3rd party corrupted file recovery tool (such as the open source program JPEGSnoop*) but i dont know how to do. this is an only most important file for me. Others can wait the final solution. I tried the kaspersky solution too but it gives the message 'the decryption of files encrypted by this variant of Trojan-Ransom.Win32.CryptXXX is not supported' please help me
Gerard70 - 3 years ago
I was infected with CryptXXX v3. I have dumb question, but am going to ask it because I can't find any reference/answer to it anywhere. When you edit the !Recovery_personal-pin webpage (that is in every folder after infection) it shows a number in HEX that is 32 characters long. It is repeated over and over throughout, but you don't see any reference to it when viewing as an html page at all. Is this the public key or used for something else?
densinghyj - 3 years ago
Hi all, some of my files are showing .cryp1 extension. Can some one help me to recover my data's???. It was happened yesterday. If any one knows the solution kindly let me know
wulfye - 3 years ago
delete
wulfye - 3 years ago
I got hit yesterday june 6th with crypz everywhere , nothing works to decrypt . I'm pissed ... need help if theres a solution ....
zecat - 3 years ago
I had hope that it works on my computer .. but no :\
"11:48:40.0029 0x07a4 Trojan-Ransom.Win32.Rannoh decryptor tool 1.9.1.1 May 19 2016 21:24:08
11:48:40.0294 0x07a4 ============================================================
11:48:40.0294 0x07a4 Current date / time: 2016/06/13 11:48:40.0294
11:48:40.0294 0x07a4 SystemInfo:
11:48:40.0294 0x07a4
11:48:40.0294 0x07a4 OS Version: 6.1.7601 ServicePack: 1.0
11:48:40.0294 0x07a4 Product type: Workstation
11:48:40.0294 0x07a4 ComputerName: PAT-PC
11:48:40.0294 0x07a4 UserName: PAT
11:48:40.0294 0x07a4 Windows directory: C:\Windows
11:48:40.0294 0x07a4 System windows directory: C:\Windows
11:48:40.0294 0x07a4 Running under WOW64
11:48:40.0294 0x07a4 Processor architecture: Intel x64
11:48:40.0294 0x07a4 Number of processors: 4
11:48:40.0294 0x07a4 Page size: 0x1000
11:48:40.0294 0x07a4 Boot type: Safe boot with network
11:48:40.0294 0x07a4 ============================================================
11:48:40.0294 0x07a4 Initialize success
11:49:31.0696 0x0778 Can't initialize on pair
11:49:31.0696 0x0778 Can't init decryptor"
What can i do more ?
krakadzil - 3 years ago
"Encrypted file size does not equal to original" when we have a new version of tool?
Wanpaman - 3 years ago
"Encrypted file size does not equal to original" 25 June, Anyone having the same problem???
Wanpaman - 3 years ago
prm1971 - 3 years ago
HI. Don't understand this part of the instructions "
Find your largest encrypted file and then use that with the free decryption that the CryptXXX devs offer. You will then have an encrypted and unencrypted pair that can be used with RannohDecryptor. "
I only have encrypted files left. How do I get started? Many thanks in advance..
mcerdem - 2 years ago
good day to everyone, i have a nemucod case but i could not decrypt with Emsisoft Nemucod Decryptor, i have uploaded three files pair and one only encrypted file to below link, if anyone can help me i will be highly appreciated.
https://www.sendspace.com/file/o4zffr