Infected by ransomware gebdp3k7bolalnd4.onion._

[macros 1]

hello,

our user infected by ransomware and encrypt files to extention gebdp3k7bolalnd4.onion._
Eset already install in this computer and updated.

Quote

*** ALL YOUR WORK AND PERSONAL FILES HAVE BEEN ENCRYPTED ***

To decrypt your files you need to buy the special software. To recover data, follow the instructions!
You can find out the details/ask questions in the chat:
https://gebdp3k7bolalnd4.onion.to (not need Tor)
https://gebdp3k7bolalnd4.onion.cab (not need Tor)
https://gebdp3k7bolalnd4.onion.nu (not need Tor)

You ID:

If the resource is not available for a long time, install and use the Tor-browser:
1. Run your Internet-browser
2. Enter or copy the address https://www.torproject.org/download/download-easy.html in the address bar of your browser and press key ENTER
3. On the site will be offered to download the Tor-browser, download and install it. Run.
4. Connect with the button "Connect" (if you use the English version)
5. After connection, the usual Tor-browser window will open
6. Enter or copy the address hxxp://gebdp3k7bolalnd4.onion in the address bar of Tor-browser and press key ENTER
7. Wait for the site to load

If you have any problems installing or using, please visit the video tutorial https://www.youtube.com/watch?v=gOgh3ABju6Q

 

is Eset already detect this ransomware?

Eset have decrypt tools for this ransomware?

i try use https://decrypter.emsisoft.com/cry128 but failed.

plese help

thank you,

Edited May 6, 2017 by macros

[SetiajiTito 0]

I also experienced similar things.
All data changed to extension .id_1841168219_gebdp3k7bolalnd4.onion._

And the worst is unfortunately I do not have a backup file

Hopefully Emsisoft can immediately figure out how to decrypt.. 

[Marcos 4,716]

If you have a binary file that encrypted files, please submit it to samples[at]eset.com along with some examples of encrypted files (ideally Office documents).