Hello, I have checked logs from people who have successfully decrypted their data and I am uploading a transcript of it here:

''19:16:39.0224 0x19c0  Current state: 46407 / 1000000
19:18:01.0337 0x1394 Password recovered
19:18:01.0337 0x1394  ProcessDriveEnumEx: Drive C:\ type 3:0
19:18:02.0132 0x1394  Known suspicious file: \\?\C:\ProgramData\Microsoft\IlsCache\ilrcache.xml.id-7689250192_helpme@freespeechmail.org
19:18:02.0138 0x1394  Decryption success: \\?\C:\ProgramData\Microsoft\IlsCache\ilrcache.xml.id-7689250192_helpme@freespeechmail.org -> \\?\C:\ProgramData\Microsoft\IlsCache\ilrcache.xml
19:18:02.0138 0x1394  Known suspicious file: \\?\C:\ProgramData\Microsoft\IlsCache\imcrcache.xml.id-7689250192_helpme@freespeechmail.org
19:18:02.0144 0x1394  Decryption success: \\?\C:\ProgramData\Microsoft\IlsCache\imcrcache.xml.id-7689250192_helpme@freespeechmail.org -> \\?\C:\ProgramData\Microsoft\IlsCache\imcrcache.xml
19:18:02.0153 0x1394  Known suspicious file: \\?\C:\ProgramData\Norton\URLS-{NIS2250124-SHPD-FSD51083}-S-1-5-21-3949044420-4057191696-281986591-1000.txt.id-7689250192_helpme@freespeechmail.org
19:18:02.0159 0x1394  Decryption success: \\?\C:\ProgramData\Norton\URLS-{NIS2250124-SHPD-FSD51083}-S-1-5-21-3949044420-4057191696-281986591-1000.txt.id-7689250192_helpme@freespeechmail.org -> \\?\C:\ProgramData\Norton\URLS-{NIS2250124-SHPD-FSD51083}-S-1-5-21-3949044420-4057191696-281986591-1000.txt
19:18:02.0160 0x1394  Known suspicious file: \\?\C:\ProgramData\NortonInstaller\Logs\2015-07-13-03h20m37s.7z.id-7689250192_helpme@freespeechmail.org''

For this particular variant, it seems very likely that there is one password for a huge number of files, however there were some files which were unable to be decrypted. This is why I advise you to try to use kaspersky on smaller files and If at first you dont succeed to try with another file until you manage to find the password. Once you do that, you may be able to decrypt the other files as well. Thank you for the information, kazak, I will also keep researching about this.

Hello,

after too days, the code has not found... 

Nikos

Hi Nikos,

what file are you trying with?
I also tried first with small txt and jpg files, but without success.
The file which was successful in my case was a pdf file - recovered password after two days at 782637 step.

Hi Kazak,

i tried with a small .jpeg (attached in previous post)
Suggest to try with other type files or other size? (there are some .vob large files)

Regards
Nikos

Hi Nikos,
yes, use a PDF file bigger than 30KB

I succeeded only with pdf. Tried jpg and txt encrypted files prior

Kazak

Hi all,
a friend of mine was hit by this virus and since it started I was following this forum for an answer, but nothing worked..
can please someone help me with this?
these are some important docs and I can't give up so easy
I used Rakhni Decryptor and didn't worked, I also waited for an update maybe that would solve the problem, but still nothing.
Encrypted docs extension: .id-0537026012_helpme @ freespeechmail(.)org
hope someone can help, I really need to decrypt these docs. 

EDIT by Admin: Just modified the extension so it's not a clickable link (just in case).

Hello, there is no update. It is advisable to keep attempting with different files and hopefully if one of the other files you scanned for the password is discovered, the other files will start recovering as well.

However, if you have tried that there is also an option to recover your files, if you haven't formatted your hard drive. There are many data recovery programs out there. Here are some that we have tested so far:

File Recover Plus
Stellar Phoenix Data Recovery Pro
Pareto Logic Data Recovery Pro

N.B. There are all licensed but you can also find free ones if you search online. Google is your friend

Regards and good luck,
Never