You are welcome to discuss various security topics with our professional team and other users like you!
Read our Registration Agreement and create your FREE account here!

*

pmouat

  • *
  • 1
  • +1/-0
      • View Profile
Extractor Ransomware
« on: February 06, 2018, 04:21:27 pm »
Hi last week someone managed to break in via a weak RDP password and encrypt all of my files using from what I understand is the "Extractor Ransomware"

I managed to interrupt them "mid" hack so I have his/her toolkit with the executables that they used to encrypt my files

Is there any tools out there that can help to decrypt my data

Or if I uploaded these files somewhere would it help

*

Execute

  • *****
  • 276
  • +46/-0
  • Your friendly neighbourhood IT guy
      • View Profile
Re: Extractor Ransomware
« Reply #1 on: February 14, 2018, 10:24:10 am »
Hello pmouat!

You can upload those tools to https://www.hybrid-analysis.com/ and/or https://beta.virusbay.io/ for example.

This ransomware was first discovered around the month of May, 2017 (Reference: https://sensorstechforum.com/extractor-ransomware-remove-restore-xxx-files/), but what you got might be a new variant or even tools used to spread/ develop other ransomware viruses. So it would be useful for researchers who come up with decryptors and for updating databases of security software as a prevention against such toolkits.

Kind Regards,
Execute
« Last Edit: February 14, 2018, 10:27:17 am by Execute »