Jump to content

Recommended Posts

I have encrypted files with the ending [amagnus00@gmx.org].wallet, is this a new version of the Dharma encrypter? Neither the Eset decrypter nor the RakhniDecrypter helped.
Attached is a .lnk file from the infected computer.
Is there something I can do?
Thank you.

[amagnus00@gmx.com].wallet.zip

Edited by WNDKK
typo
Link to post
Share on other sites
  • Administrators

Unfortunately, files encrypted by Filecoder.Crysis cannot be decrypted. Did you have ESET installed and all protection features enabled? If so, what product version it was?

Link to post
Share on other sites
  • Administrators

Do you use the server for browsing the web or reading email? Couldn't it be that files got encrypted in shared folders from an infected workstation? Do you have Endpoint v6 installed on all workstations and LiveGrid is enabled also in EFSW?

Link to post
Share on other sites

Workstations are running macOS and the purpose of the server was running a Windows only program needed to be accessed by all employees via intern RDP. By company regulations, users aren't allowed to check emails or browse the web while connected to the server, but that probably is what happened anyhow.

Link to post
Share on other sites
  • Administrators

Not really. As you can see, Filecoder.Crysis is often run by an attacker who connects to a computer (often a server) via RDP:

https://www.bleepingcomputer.com/news/security/number-of-rdp-brute-force-attacks-spreading-crysis-ransomware-doubles-in-6-months/

Protecting ESET's settings with a password would prevent the attacker from disabling or uninstalling ESET, however, it's crucial to secure RDP in the first place.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...