Jump to content

Recommended Posts

  • Root Admin

Hello @Champagon

I'm not familiar with it based on the notice alone. Do you know the file extensions used in the encryption? There are decrypters for a few of the older ones. The newer attacks though don't have one. Without backups of the user's data there currently would be no way to get the data back. You could store the data off to the side in hopes that eventually someone would release a decrypter. If you're familiar with the FRST program you could have them run that and send you back the logs and go from there. Some people clean up and move on, personally, if you can't get the data back I'd save the drive, replace with a new one and reinstall Windows and invest in a good backup strategy going forward.

Backup Software

I'll check if someone else is familiar with this one based on the note alone though and let you know.


Link to post
Share on other sites

On 10/7/2016 at 1:49 PM, AdvancedSetup said:

Well, that didn't take long. One of our Researchers says that appears to be from the Nemucod Trojan.

Please see the following post on how to get the user's data back.

Decryptor Released for the Nemucod Trojan's .CRYPTED Ransomware



Excellent!  Thank you so much for all the help :) I told them that they were basically done for, but I will see what I can do.  Much appreciated. 

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.