@Chocolate Thank you I really loved it.
Ransomware "No-more-Ransom"
-
Hey Guys
A Client got attacked with a ransomware trojan. Sadly it encrypted backup files as well. The hacker doesn’t reply to our emails either…
The message in the “readme.txt” is as follows:
“Hello, dear friend!
All your files have been ENCRYPTED
Do you really want to restore your files?
Write to our email - help2decrypt@cock.li
and tell us your unique ID - ID-XKG5X9WS”Does anyone know of a good company that can decrypt those files potentially? It’s quite critical…
Thanks in advance!!
PS You can find a encrypted axample file under this link.
-
I think step 1 is to identify the ransomware strain. In this case it seems to be Rapid Ransomware (or some variant of it) based on the file extension and the note.
Does anyone know of a good company that can decrypt those files potentially? It’s quite critical…
I think you’re barking up the wrong tree. There seems to be a lot of information sharing within the community in the fight against ransomware, and if a decryption tool would exist, I think it would be freely available.
A quick Google search seems to suggest that there is no known weakness in the crypto of this particular ransomware.
Please note also that it is entirely possible using strong crypto to encrypt a file in a way that there is no feasible method to decrypt it using any known technology.
At this point I would channel my resources into other recovery methods.
Sorry for the bad news.
(Please do double check that there really isn’t any know weakness and that this really is Rapid Ransomware. https://www.nomoreransom.org/en/decryption-tools.html is a good resource, backed by some big anti-virus companies). -
I know that it’s Rapid Ransomware… There are definitely not obvious ways to decrypt… But you never know if maybe someone knows about something that isn’t mentioned in forums around the internet… I know that we’re in a bad position… Just trying my luck…
-
It’s quite obvious that there’s nothing to do with paying for the criminals and getting the key from them.
See https://www.bleepingcomputer.com/forums/t/667032/rapid-ransomware-rapid-paymeme-how-recovery-filestxt-support-topic/page-18 (and Demonslay335 is king of ransomware decryption.)
-
@Knaper-Yaden How do you know that Demonslay335 is solid at ransomware decryption? Not doubting, just curious to know…
-
@Hacker26 I know it by following the industry and how work, but you can also see it from the fact that he has earned a reward from the FBI for his work https://www.fbi.gov/contact-us/field-offices/springfield/news/press-releases/bloomington-man-receives-2017-fbi-directors-community-leadership-award-for-his-efforts-to-decrypt-ransomware-as-a-public-service
