Link to home
Start Free TrialLog in
Avatar of Damian McSorley
Damian McSorley

asked on

DCRYPT Ransomware

Dear All,

Friend of mines company server got hijacked by embassy@scryptmail.com using  Disk-crypt after much negotiation we got the codes (reduced prices £4000 to £300) so the laptops have all been decrypted; The sever dell using raid 1 mirror Perc S300 controller hasn’t been straight forward; eventually worked out how I had to boot from a alternate SSD with driver an SMB server 2011 etc, I’ve now decrypted the drives even though the server boot BSODS (sort later) but does anyone know how to remove the demand at boot from the MBR please for the password.

Regards
D
Avatar of Kimputer
Kimputer

Please show us a screenshot (taken with your phone), and tell us EXACTLY when this happens (for example, "right after RAID BIOS", or "right after 3 beeps", or "right after windows login"). Or send it as a movie.
Avatar of Damian McSorley

ASKER

After the raid bios Dos configuration screen; you type the password in and it then boots to OS
Can you still show a screen of that?
I've no idea how to upload photographs from my iPhone, RAID 1 Mirror (2x1tb drives) SBE11 POST
 gets passed the usual tests then goes to boot from the MBR which has been hijacked by Decrypt at this point you enter the password and it boots but the system crashes, so I had to build an external drive with SBE 11 and the drivers for the Raid card (to decrypt the Data partitions) install disk decrypt and unencrypt the drive which went fine on reboot the system at boot of OS asks for the password but you don't need it now just hit enter and off it goes, it's this I wanted to get rid off, I then looked up a thousand sources and learned to remove it but but now it won't boot so i'm now in the process of trying to repair the MBR.
repair the MBR with a boot cd of Windows:
https://neosmart.net/wiki/fix-mbr/
Use the chapter "Fix the MBR in Windows 7" for SBE11
The RAID 1 2X 1TB  has 4 partitions recovery, data, exchange, OS I have done that and nothing,  active is on OS
i've used the 2008 R2 repair with Win 7 BCE trick i've spent 15 hours trying to get it to boot boot mgr etc bootrec /fixmbr rebuild, found an original boot manger etc does the PERC write something on to the HDD i spotted a FAT partition made it active it booted with some DELL bits and dos prompt.

I have separated the drives out, now the PERC is saying one drive fail etc etc i'm close to wiping and starting again and it will cause no end of problems wish I could stick up some photos to give you an idea. I rarely give up but it's got me licked, all data recovered etc so not too bad.
ASKER CERTIFIED SOLUTION
Avatar of Damian McSorley
Damian McSorley

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Paid in the end after much negotiation, Syrian Hackers