Jd_bouque Posted February 9, 2017 ID:1100351 Share Posted February 9, 2017 I have a computer that is infected with malware that has encrypted the files. Malwarebytes detected it as salazar_fix.exe but searching in google finds nothing on it and even searching this forum found nothing. Any idea about this? Link to post Share on other sites More sharing options...
Aura Posted February 9, 2017 ID:1100353 Share Posted February 9, 2017 Hi Jd_bouque Can you upload an encrypted file and a ransom note to ID-Ransomware, and copy/paste the results it returns below? https://id-ransomware.malwarehunterteam.com/ Link to post Share on other sites More sharing options...
Jd_bouque Posted February 9, 2017 Author ID:1100355 Share Posted February 9, 2017 Cryakl This ransomware may be decryptable under certain circumstances. Please refer to the appropriate guide for more information. Identified by ransomnote_email: salazar_slytherin10@yahoo.com sample_bytes: [0x183B7 - 0x183C5] 0x7B454E4352595054454E4445447D Click here for more information about Cryakl Link to post Share on other sites More sharing options...
Aura Posted February 9, 2017 ID:1100362 Share Posted February 9, 2017 The good news is that Kaspersky have a tool to decrypt files encrypted with Cryakl. The bad one is that it might not work in all situations. http://media.kaspersky.com/utilities/VirusUtilities/RU/rannohdecryptor.zip?_ga=1.69588624.1814211149.1453294100 What I suggest you to do is back-up a few files, then try to decrypt them with Kaspersky's RannohDecrypter. If it works, then decrypt the other files. If it doesn't and the files ends up corrupted, then you'll have the back ups (even if they are encrypted). Let me know how it goes. Also see: https://www.bleepingcomputer.com/forums/t/632234/cryakl-decryption-support/ Link to post Share on other sites More sharing options...
Jd_bouque Posted February 9, 2017 Author ID:1100372 Share Posted February 9, 2017 I'm trying the kaspersky scanner and it doesn't seem to be working but before I give up on it here is the log 10:50:52.0474 0x0da0 Initialize success 10:51:07.0142 0x1344 Can't get encrypted file path 10:51:07.0142 0x1344 Can't init decryptor 10:51:09.0371 0x0908 Deinitialize success As soon as I click scan it asks for an encrypted file. I select one that I have the original from a backup and then it asks for the original. I select that and the scanner just stops. Link to post Share on other sites More sharing options...
Aura Posted February 9, 2017 ID:1100380 Share Posted February 9, 2017 Can you copy/paste the name of an encrypted file (including the extension) here? Link to post Share on other sites More sharing options...
Jd_bouque Posted February 9, 2017 Author ID:1100397 Share Posted February 9, 2017 email-salazar_slytherin10@yahoo.com.ver-CL 1.3.1.0.id-@@@@@768B-7001.randomname-QSSUBBDEFGHIKKLNOOQRSTTVWXXZAB.CDE Link to post Share on other sites More sharing options...
Aura Posted February 9, 2017 ID:1100405 Share Posted February 9, 2017 Let me consult my colleagues which are experts in Ransomware and get back to you Link to post Share on other sites More sharing options...
Aura Posted February 9, 2017 ID:1100406 Share Posted February 9, 2017 Well that was quick. Unfortunately, Cryakl hasn't been decryptable for a while now, so it is normal in that case that Kaspersky's decrypter doesn't work. Link to post Share on other sites More sharing options...
Jd_bouque Posted February 9, 2017 Author ID:1100443 Share Posted February 9, 2017 thanks for trying Link to post Share on other sites More sharing options...
Aura Posted February 9, 2017 ID:1100452 Share Posted February 9, 2017 No problem Jd_bouque, you're welcome. What I suggest you to do is back up your encrypted files somewhere safe, just in case a free decryption solution gets releasted in the future. I would also monitor BleepingComputer's thread on Cryakl and their News Articles as if a decrypter for it is found, you can be sure that it'll be posted over there. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 21, 2017 Root Admin ID:1103251 Share Posted February 21, 2017 Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts