Become a fighter against malware and join the forum at SensorsTech!  The SensorsTech’s forum is the place where you can solve your PC issues and educate yourself about malware. You are welcome to discuss various security topics with our professional team and other users like you! To unlock all features of the forums, you have to create an account. Otherwise, you can only browse the topics without taking part in the discussions. To leave a comment or ask your questions, read our Registration Agreement and create your free account here.

*

Execute

  • *****
  • 265
  • +45/-0
  • Your friendly neighbourhood IT guy
      • View Profile
Decryptor for Polski / Flotera / Vortex Ransomware viruses
« on: April 17, 2018, 10:57:26 am »
CERT.PL – the Computer Emergency Response Team of Poland, have issued a statement about a decryption tool available for the Vortex / Flotera / Polski ransomware viruses.

With the help of Google Translate, you can see some of the information posted on the https://nomoreransom.cert.pl/vortex/

Quote
District Prosecutor's Office in Warsaw informs you that it conducts proceedings PO II Ds 129.2017 against Tomasz T. responsible, among others for encrypting computers using the Vortex / Flotera / Polski ransomware viruses.

The tool on this page will allow you to obtain a key that can recover encrypted files.

Please note that at this moment the tool does not have keys from all campaigns in which the software encrypting files was used in. As new security measures are added, new keys will be added, so please check files that you have not been able to recover regularly.

If you managed to decrypt the files using the key obtained on this site, we kindly ask you to submit a notification of suspected offense together with the prosecutor in the nearest place of residence for your Police unit with reference to the case file PO II Ds 129.2017 District Prosecutor's Office in Warsaw.

If you have an e-mail message that the perpetrator sent to you a malicious file, please save it on a CD/DVD (along with full headers and attachments) and hand it over to the police as an attachment to the interrogation protocol. It will not be necessary to submit for examination the computer on which the files were encrypted.

– District Prosecutor's Office in Warsaw

Go to the https://nomoreransom.cert.pl/vortex/ address, select or drag the encrypted file below to check if we have the key needed to decrypt it. The key recovery process can take about a minute. Only a small portion of the file will be sent.

Click and select the file or drag it into the empty field that is shown.
[EMPTY FIELD]
Currently selected file: (missing).

In case files are encrypted with one of the first versions of the Vortex ransomware, you can try using the tool created by Michael Gillespie from MalwareHunterTeam: VortexDecrypter-Michael_Gillespie.zip (338 KB).

If you managed to recover the key:

The recovered key can be used to decrypt files using the free AES Crypt program. The recovered key from one file should decrypt all encrypted files on your PC.

Contacts

If you have any questions, please contact CERT.pl at [email protected], alternatively you can post a question down here below.

Best Regards,
Execute