• Внимание. Восстановление баз 1С7, 1C8 и Mssql после атаки шифровальщика, подробности и отзывы читайте в профильной теме.

    Внимание. Восстановление архивов RAR и ZIP, образов Acronis и виртуальных машин, баз почтовых программ после атаки шифровальщика, подробности и отзывы читайте в профильной теме.

Решена без расшифровки CryLock Helpme! Email phandaledr@onionmail.org

L

longcd45

Новый пользователь
Сообщения
4
Реакции
0
My data have lost by Crylock

Please help me!
 

Вложения

  • CryLock.rar
    1.8 MB · Просмотры: 2
Hello,

Please wait for a while. We are trying to define the type of ransome. It is different from the one we could easily decrypt.
 
While you wait please get us logs:

Dowload Farbar Recovery Scan Tool (or from the mirror) and save it to your Desktop. Rename file FRST64.exe to FRST64English.exe and run it.

Press Scan button and wait.
At the end of scan you'll get FRST.txt and Addition.txt in the same folder you start program from. Attach these logs to your next post.
 
can you check for me, please.
Thank!
 

Вложения

  • Addition.txt
    23.2 KB · Просмотры: 1
  • FRST.txt
    18.2 KB · Просмотры: 1
  • B6.rar
    558.9 KB · Просмотры: 1
If you can find this file
C:\Users\IEUser\Documents\B6\svchost.exe
Нажмите для раскрытия...
please pack it (or zip it) with password and send it me in privat message.

After that please do following:

  • Disable any antivirus until reboot.
  • Hilight following code (or just press "Copy" button in right corner):
    Код: 
    Start::
HKLM\...\Run: [svchost] => C:\Users\IEUser\Documents\B6\svchost.exe [669696 2022-10-26] () [File not signed] <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKLM\...\Policies\system: [legalnoticecaption] WARNING!!!
HKLM\...\Policies\system: [legalnoticetext] YOUR SYSTEM IS ON THE OUTER EDGES OF THE GALAXY. YOU HAVE BEEN HACKED, CONTACT US FOR ASSISTANCE.
HKU\S-1-5-21-3362513661-1936243222-2702562252-500\...\Run: [4238336F0BB9109014556D0C84BF5B81] => C:\Users\IEUser\Documents\B6\svchost.exe [669696 2022-10-26] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-3362513661-1936243222-2702562252-500\...\Run: [6E0E9B22BDC52B2BD8286071E6E4B56E] => c:\Users\Administrator\AppData\Local\Temp\1\how_to_decrypt.hta [12357 2022-11-22] () [File not signed] <==== ATTENTION
IFEO\utilman.exe: [Debugger] C:\Windows\system32\cmd.exe
2011-10-10 00:11 - 2011-10-10 00:11 - 000012303 _____ () C:\Program Files\how_to_decrypt.hta
2011-10-10 00:22 - 2011-10-10 00:22 - 000012303 _____ () C:\Program Files (x86)\how_to_decrypt.hta
2011-10-10 00:00 - 2011-10-10 00:00 - 000012303 _____ () C:\Program Files\Common Files\how_to_decrypt.hta
2011-10-10 00:11 - 2011-10-10 00:11 - 000012303 _____ () C:\Program Files (x86)\Common Files\how_to_decrypt.hta
2011-10-10 00:24 - 2011-10-10 00:24 - 000012303 _____ () C:\Users\Administrator\AppData\Roaming\how_to_decrypt.hta
2011-10-10 00:24 - 2011-10-10 00:24 - 000012303 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\how_to_decrypt.hta
2011-10-10 00:23 - 2011-10-10 00:23 - 000012303 _____ () C:\Users\Administrator\AppData\Local\how_to_decrypt.hta
FirewallRules: [{FCCC6065-B87E-4907-949F-CAA074E00D03}] => (Allow) LPort=1755
FirewallRules: [{A8C2C7CD-1E7E-42B6-8F7A-12869B26FE53}] => (Allow) LPort=41775
FirewallRules: [{AD9CB65D-2BCF-466C-A7C0-06CB8C6F3C14}] => (Allow) LPort=1750
End::
  • Copy highlighted code.
  • Run FRST64English as administrator.
  • Press Fix button and wait. Program will create Fixlog.txt. Attach it to your next post after system restart.
Reboot system manually.

Read details in this guide.
 
As I suggest before this is not CryLock, but it is WaspLocker.
Unfortunately there is no decryption for this.
 
I'm very sorry, but yes - there is no known other way to decrypt without privat key.
If you need to get back Data Bases, you can contact people from S.lab, see this topic:
safezone.cc

Восстановление баз данных 1С и Mssql данных после атаки шифратора

Уважаемые пользователи. Проект S.lab предоставляет платные услуги по восстановлению баз данных (1С7, 1C8 и MSSQL) после атаки шифровальщика. Стоимость услуги варьируется от 14т.р до 30т.р за одну базу в зависимости от сложности работ. Проверка и оплата: Оплата проводится по факту выполненных...
safezone.cc safezone.cc
 
Just clarification about the type of ransom - this is CryLock generic. And it is not decryptable, unfortunately.
 
Войдите или зарегистрируйтесь для ответа.
Назад
Сверху Снизу