decrypting Ransome ware n1n1n1n1

ZuluGuru777
ZuluGuru777 used Ask the Experts™
on
Hi one of our new clients got hit with Ransomeware  type n1n1n1n1 varient. some of their data was not backed up and wasn't critical. this is now critical and we wonder is it possible to decrypt it, where or how would one go about doing this
Thanks again for your help
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Business Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018
Commented:
The chances of decrypting newer ransomware variants are very low. Ransomware is spread via email and users need to be trained not to open email from strangers. Then make sure good backups exist.

The general recommendation here is not to pay ransom. Some have, and have been successful. Others have paid and got nothing.
John TsioumprisSoftware & Systems Engineer

Commented:
Just go to the Kaspersky Anti ransomware and hope for the best...usually if you have some patience a decryptor tool that matches your ransomware will be released..
Scott CSenior Engineer
Commented:
Or you can just pay the ransom.  Most everybody on this site will tell you to NOT do that as it just encourages the criminals to continue.  However, it is up to YOU to determine if the data is valuable enough to pay the ransom in order to recover it.
Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

John TsioumprisSoftware & Systems Engineer
Commented:
The ugly thing with ransomware is that there is absolutely not guaranty that if you pay the ransom they will definitely give you the key.....so although its way too hard to accept you just lost everything the more people refuse to pay the ransom the less interest there would be to infect people with ransomware...The proposed solution is to replace the infected disk and  put a the infected disk in a drawer and periodically check if a decryptor has being released...
btanExec Consultant
Distinguished Expert 2018
Commented:
Suggest you use IDRansom (https://id-ransomware.malwarehunterteam.com/) to identify the exact family and see if decryptor tool is available.

I have also listed out a long list of decryptor in Annex in the EE article.
https://www.experts-exchange.com/articles/28059/TL-DR-Ransomware-Infected.html

As a whole chances are low if backup is not available. It is best effort and advice user not to pay ransom even if it is so critical and need to know that it may not even be warranty to work if paid ransom.
btanExec Consultant
Distinguished Expert 2018

Commented:
suggest the points be evenly shared
btanExec Consultant
Distinguished Expert 2018

Commented:
Answers are similarly shared

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial