Fuad 0 Posted April 2, 2017 Share Posted April 2, 2017 I was attacked by .wallet ransomware. It encrypted lo of files. I haven't found out any dycryptor yet. I've tried by kaspersky, avast, eset etc lates dycryptor. But no result came. can some one decrypt attached file. SC.pdf.id-209EB95E.[obamausa7@aol.com].zip Link to post Share on other sites
Administrators Marcos 3,693 Posted April 2, 2017 Administrators Share Posted April 2, 2017 The files were encrypted by Filecoder.Crysis. Unfortunately, decryption is not possible. Crysis has been seen to be triggered by an attacker after getting to a computer via unsecured RDP: https://www.bleepingcomputer.com/news/security/number-of-rdp-brute-force-attacks-spreading-crysis-ransomware-doubles-in-6-months/. It's important to back up important data on regular basis, secure RDP (or disable it, if not needed) and practice safe computing. Also we recommend protecting ESET's settings with a password to prevent unauthorized users from disabling or uninstalling AV. Link to post Share on other sites
itman 978 Posted April 2, 2017 Share Posted April 2, 2017 To this, I will add the following bleepingcomputer.com posting: https://www.bleepingcomputer.com/forums/t/632389/dharma-ransomware-filenameemaildharmawalletzzzzz-support-topic/page-72 along with the following quote from it: If your server has been hit by a .wallet Cryptolocker, don't waste your time searching for a solution. You don't have it except this one: paying a ransom. Link to post Share on other sites
KAMIRAN Support 0 Posted May 18, 2017 Share Posted May 18, 2017 https://www.bleepingcomputer.com/news/security/wallet-ransomware-master-keys-released-on-bleepingcomputer-avast-releases-free-decryptor/ .Wallet Master key is released . We are waiting for ESET Crysis to be updatet with .wallet keys. Also AVAST decryptor is detected By ESET (a variant of Win32/Kryptik.RWE trojan - False Positive ) And it must be Corrected. our Customers want to know When ESET will update crysis decryptor ? Link to post Share on other sites
Administrators Marcos 3,693 Posted May 19, 2017 Administrators Share Posted May 19, 2017 18 hours ago, KAMIRAN Support said: Also AVAST decryptor is detected By ESET (a variant of Win32/Kryptik.RWE trojan - False Positive ) And it must be Corrected. It's already fixed. The detection was from 2011. Quote our Customers want to know When ESET will update crysis decryptor ? As per the announcement above, an updated version of the Crysis decoder is downloadable from https://download.eset.com/com/eset/tools/decryptors/crysis/latest/esetcrysisdecryptor.exe . Link to post Share on other sites
zdoty 0 Posted June 12, 2017 Share Posted June 12, 2017 I have tried running the Avast Crysis and Eset Crysis decryption tool. They have been able to decrypt most of the data. However there are still a few .wallet files that they are not able to touch. Unfortunately for me those few files are extremely important. The log file that the Eset tool is spitting out shows the following: INFO: Cleaning file [The file in question.] INFO: Can't get header for file. INFO: Can't get info from file. ERROR: Not cleaned. Is there anything I can do to get the files decrypted. Thanks. Link to post Share on other sites
Administrators Marcos 3,693 Posted June 13, 2017 Administrators Share Posted June 13, 2017 Check the content of the file. It could be that it was renamed but its content wasn't encrypted. Link to post Share on other sites
zdoty 0 Posted June 13, 2017 Share Posted June 13, 2017 I tried opening the file with notepad and it's completely empty. All the files are 0kb. Link to post Share on other sites
Recommended Posts