SensorsTechForum - How to Technology and PC Security Forum

PC Security and Protection => Malware Removal Questions and Guides => Topic started by: pawsimoto on September 10, 2016, 08:03:35 pm

Title: Crysis variant XTBL johnycryptor@hackermail.com
Post by: pawsimoto on September 10, 2016, 08:03:35 pm
Anyone know of a decryption tool?
Client called in panic!  There backups are no good... 

We checked:
 1.-Shadowcopy  is gone.
 2.- recover deleted files
 3.-?

Customer never checked their backup logs....  Now they are stuck!
Title: Re: Crysis variant XTBL johnycryptor@hackermail.com
Post by: Execute on September 12, 2016, 11:20:47 am
Hello @pawsimoto,

first of all - do not panic - that ransomware is from a series of educational ransomware.
You can read more about it from the article about JohnyCryptor Ransomware (http://sensorstechforum.com/remove-johnycryptor-ransomware-restore-johnycryptoraol-com-files/).

A decryption tool is available and you can see instructions on using it
from the article Decrypt Files Encrypted by Shade .Xtbl Ransomware (http://sensorstechforum.com/decrypt-files-encrypted-shade-xtbl-ransomware/).

Best of luck and write back if you come across any issues, have questions or want to give feedback.

Kind Regards,
Execute