Become a fighter against malware and join the forum at SensorsTech!  The SensorsTech’s forum is the place where you can solve your PC issues and educate yourself about malware. You are welcome to discuss various security topics with our professional team and other users like you! To unlock all features of the forums, you have to create an account. Otherwise, you can only browse the topics without taking part in the discussions. To leave a comment or ask your questions, read our Registration Agreement and create your free account here.

*

pmouat

  • *
  • 1
  • +1/-0
      • View Profile
Extractor Ransomware
« on: February 06, 2018, 04:21:27 pm »
Hi last week someone managed to break in via a weak RDP password and encrypt all of my files using from what I understand is the "Extractor Ransomware"

I managed to interrupt them "mid" hack so I have his/her toolkit with the executables that they used to encrypt my files

Is there any tools out there that can help to decrypt my data

Or if I uploaded these files somewhere would it help

*

Execute

  • *****
  • 257
  • +44/-0
  • Your friendly neighbourhood IT guy
      • View Profile
Re: Extractor Ransomware
« Reply #1 on: February 14, 2018, 10:24:10 am »
Hello pmouat!

You can upload those tools to https://www.hybrid-analysis.com/ and/or https://beta.virusbay.io/ for example.

This ransomware was first discovered around the month of May, 2017 (Reference: https://sensorstechforum.com/extractor-ransomware-remove-restore-xxx-files/), but what you got might be a new variant or even tools used to spread/ develop other ransomware viruses. So it would be useful for researchers who come up with decryptors and for updating databases of security software as a prevention against such toolkits.

Kind Regards,
Execute
« Last Edit: February 14, 2018, 10:27:17 am by Execute »