[decryptoperator@qq.com] ransomware attack

posted in Viruses
Wednesday, November 27 2019, 09:33 AM
Mario Kasi
Mario Kasi
Please help me
I got such a problem. My production server was encrypted with ransomware [decryptoperator@qq.com].

I wrote to him in the mail [decryptoperator@qq.com]. He demanded $ 6,000 from me. I paid him this amount but after receiving the money he stopped responding to me. What should I do? There are a lot of important files of my company on the server. I lost all contacts. I tried to write to him from different emails but he does not answer me as soon as he finds out that I already paid him
Please help me. What needs to be done to return my files?
Responses (1)
  • Accepted Answer

    Tuesday, December 17 2019, 01:20 PM - #permalink
    Hello Mario Kasi,

    I understand your frustration, but there's not much that can be done. Your files have been compromised by a variant of Dharma - a high-end ransomware infection. Unluckily, restoring data from backup (if you have one created) is probably the only possible solution. You should, however, still try RakhniDecryptor developed by Kaspersky. It is capable of cracking encryptions performed by certain Dharma's variants. Nonetheless, the chances are very slim.

    File encryption performed by such high-end ransomware infections is impossible to crack. That is of course if the encryption has been performed flawlessly. The decryption requires a unique key generated individually for each victim. The problem is that cyber criminals often ignore victims once the payments are submitted. In fact, it is very likely that these persons do not even have the generated keys, as none of them are being saved. They simply trick victims into paying and give nothing in return. If he will respond you asking for an additional payment - DO NOT agree to pay. You'll just lose even more money and your data will remain encrypted.

    You can find more information regarding data cryptography in this article.
    The reply is currently minimized Show
Your Reply