Do you know wich Ransomware is using this kind of 'extension'?

  • 1
  • Question
  • Updated 1 week ago
Ransomware Attack
Photo of Max Slo

Max Slo, Champion

  • 9,336 Points 5k badge 2x thumb

Posted 1 week ago

  • 1
Photo of erza

erza, Official Rep

  • 3,150 Points 3k badge 2x thumb
Dharma/Crysis
Photo of Max Slo

Max Slo, Champion

  • 9,336 Points 5k badge 2x thumb
Thank You Erza! 

A suggestion to clean files? 

This is a Windows Server. 
Photo of erza

erza, Official Rep

  • 3,150 Points 3k badge 2x thumb
Do you have any Trend Micro Enterprise Security product installed? I'm sure you can contact Technical Support. If not, I can only suggest Housecall.

https://success.trendmicro.com/solution/1038437-scanning-a-machine-for-viruses-and-malware-using-hou...

Let me ask around if they have any suggestion for Windows Server.

^erza
Photo of Max Slo

Max Slo, Champion

  • 9,336 Points 5k badge 2x thumb
Thank You so much Erza, 

nope, this is not my server, do not disturb too much. :)
Photo of iudex gundyr

iudex gundyr

  • 424 Points 250 badge 2x thumb
Trend Micro has some free tools to help you with this Ransomware. You may want to give it a try.

For cleanup, you can use HouseCall: https://www.trendmicro.com/en_us/forHome/products/housecall.html

For Prevention, as an additional layer of Protection you can use RansomBuster:
https://ransombuster.trendmicro.com/?utm_source=FST&utm_medium=TM_freeTool&utm_campaign=land...

Although Trend Micro has a decryptor tool for Dharma/Crysis, I believe this .combo variant is not covered by it. And should be the same for others as well due to it using private RSA keys.