infected by ransomware

Hello,

I have been infected by some ransonware i don`t know.

In the attached file is the readme file with the instructions to decrypt the files. Anyone knows the ransomware and how to decrypt it?

It seems a xorist one, but the tool by kaspersky doesn`t work.

Any information will be welcomed.
README_9670338_05489.txt
Jose FloresAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JohnBusiness Consultant (Owner)Commented:
There is little to no chance you can recover the encrypted files, especially if the variant is somewhat new. You must restore from your backup

I have been infected by some ransomware I don`t know.

Normally (90% or more of the time) from an email from someone with a ___look at this link___ to the ransomware.
2

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
RaminTechnical AdvisorCommented:
How did you get that text file ?
0
MacleanSystem EngineerCommented:
Restore is indeed the way to go.
If you do not have a restore you need to scan and fully remove threat before restoring from shadow volume copy if this had been enabled.
But post restore you need to copy data to a disk, build new server and restore to avoid risk of lingering threats.
And the backed up data clearly needs to be clean.

You could still try a few decryption tools but I would never recommend keep on using same server.
Restore is the best way.
Post that chat with your AV Vendor (They might also be able to assist already) and improve security on systems. Turn on those local firewalls etc.

http://www.thewindowsclub.com/list-ransomware-decryptor-tools
0
KuppingerCole Reviews AlgoSec in Executive Report

Leading analyst firm, KuppingerCole reviews AlgoSec's Security Policy Management Solution, and the security challenges faced by companies today in their Executive View report.

btanExec ConsultantCommented:
It seems to be BLACKOUT Ransomware. This guide can be handy.
https://malwareless.com/blackout-ransomware-virus-remove/

To help in identifying the Ransomware variant infecting the machine, can try the idransomware https://id-ransomware.malwarehunterteam.com 
Finding free decryptor has minimal success  most of the time esp when the variant has no known flaws. Go back to your offline backup data instead and rebuild the machine if possible.
0
Jackie ManCommented:
You are correct. The ransomware looks similar but the decryption tool will not work.

Why?

Ransomware is an underground business now and there are tools and mailing lists for the attack which is sophisticated and they are all zero-day attacks as a variant of the original ransomware which is not recoverable even if there is a tool to decrypt the original ransomware.

If the data is important, take out the hard drive and install a new one to rebuild the OS and load back the applications and your data from the latest backup. Of course, you need to install an antivirus software which can handle ransomware. We are using SOPHOS Intercept X now.

Just shelf the hard drive for more than 12 months and attach the same as a USB drive and try different decryption tools from time to time.
0
Naveen SharmaCommented:
If you have a backup then use it.

There might be some hope, here is a list of free Ransomware Decryption Tools to unlock files:
http://www.thewindowsclub.com/list-ransomware-decryptor-tools

Detecting and preventing the spread of ransomware:
https://www.lepide.com/it-security/detect-ransomware-spread.html

Few more informative articles you can check:

What can you do if you’ve become the victim of a ransomware attack?
https://www.lepide.com/blog/what-can-you-do-if-youve-become-the-victim-of-a-ransomware-attack/

Ways to Protect yourself from Ransomware Attack
http://expert-advice.org/security/ways-to-protect-yourself-from-ransomware-attack/
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Encryption

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.