Недавнее содержимое от Madowax

Yep, it is just for completeness.

The above attachment is simply the tool without keys file, of course without the keys it is unable to decrypt anything, I have no keys file as you already know.

This is the Tor Browser Decryptor Tool from 15th of December. It was possible to download it back then. Maybe it could be useful to you.

VirusTotal Link: 248e7d2463bbfee6e3141b7e55fa87d73eba50a7daa25bed40a03ee82e93d7db

VirusTotal Link: 248e7d2463bbfee6e3141b7e55fa87d73eba50a7daa25bed40a03ee82e93d7db

I will change the passwords for safety, it is quite strange however since the admin password is very complex and 16 chars long, never used for anything else. Thanks again

I will attach files from this second PC for your reference. Maybe they can help you help others. The suspect_exe_2.zip contains C:\Intel\svhost.exe from the server (password is virus) .

It was in the list of restricted file in frst.log of the infected computer and the contents mentioned file encryption. I guess it is normal, never opened it. thanks for your help and for your time. Best regards Он был в списке запрещенных файлов в frst.log зараженного компьютера, и в его...

I have found this file on a computer which might have started the infection. NTUSER.pol I found this file on a computer that could have started the infection. NTUSER.pol

I will reinstall on different hard drives and keep these ones for future decryption, it might be useful for you to know that the ransomware ignores some system folders to keep the machine running. Я переустановлю на разные жесткие диски и сохраню эти для будущей расшифровки. Возможно, вам будет...

Good afternoon, on the evening of December the 13th our server was attacked by Trigona Ransomware, sadly the ISCSI backup partition was mounted, backups are performed during the night, so the whole backup partition has also been encrypted. I'm going to attach few encrypted documents, the ransom...