Jump to content

Recommended Posts

Posted (edited)

I have encrypted files with the ending [amagnus00@gmx.org].wallet, is this a new version of the Dharma encrypter? Neither the Eset decrypter nor the RakhniDecrypter helped.
Attached is a .lnk file from the infected computer.
Is there something I can do?
Thank you.

[amagnus00@gmx.com].wallet.zip

Edited by WNDKK
typo
  • Administrators
Posted

Unfortunately, files encrypted by Filecoder.Crysis cannot be decrypted. Did you have ESET installed and all protection features enabled? If so, what product version it was?

Posted

ESET was indeed installed and running. It was ESET File Security 6.0.12035.1

  • Administrators
Posted

Do you use the server for browsing the web or reading email? Couldn't it be that files got encrypted in shared folders from an infected workstation? Do you have Endpoint v6 installed on all workstations and LiveGrid is enabled also in EFSW?

Posted

Workstations are running macOS and the purpose of the server was running a Windows only program needed to be accessed by all employees via intern RDP. By company regulations, users aren't allowed to check emails or browse the web while connected to the server, but that probably is what happened anyhow.

  • Administrators
Posted

Not really. As you can see, Filecoder.Crysis is often run by an attacker who connects to a computer (often a server) via RDP:

https://www.bleepingcomputer.com/news/security/number-of-rdp-brute-force-attacks-spreading-crysis-ransomware-doubles-in-6-months/

Protecting ESET's settings with a password would prevent the attacker from disabling or uninstalling ESET, however, it's crucial to secure RDP in the first place.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...