Edit: The reference I got from ID-ransomware is<\/p>\n
SHA1: 46b9428f694ed7d56874995acca80e92f3817363<\/p>\n<\/p>\n
-------<\/p>\n<\/p>\n
Yesterday, I discovered that my NAS has been contaminated with ransomware. I knew nothing about ransomware so I did some studying and eventually tried to find a decrypter using two website:<\/p>\n<\/p>\n
- https:\/\/id-ransomware.malwarehunterteam.com<\/a><\/p>\n - https:\/\/www.emsisoft.com\/ransomware-decryption-tools<\/a><\/p>\n<\/p>\n Both websites were unable to determine the ransomware and both led me to this forum.<\/p>\n One thing about my ransomware is that, on the ransome note, it directs you to .onion websites using TOR browser, something I knew nothing of. Apparently, it is a special-use domain that makes it difficult to trace access. Sounds fishy and I havent even tried accessing the website.<\/p>\n My every limited knowledge about ransomware tells me that .onion websites is making it difficult to determine the ransomware. But I could be wrong altogether. It could just be a new ransomware. Again, I'm absolutely new to ransomware.<\/p>\n<\/p>\n Either way, I'd like some suggestion on how to resolve this and decrypt my files. Thankfully, I do have a remote backup of my NAS but that backup was about 4 months ago. So a lot of files has been changed since. If decryption is possible, then I would like to go that route.<\/p>\n<\/p>\n My files are decrypted with .encrypt extension<\/p>\n e.g. IMG_20180515.jpg is changed to IMG_20180515.jpg.encrypt<\/p>\n<\/p>\n Many thanks in advance.<\/p>\n<\/p>\n README_FOR_DECRYPT.txt 312bytes4 downloads<\/p>\n Edited by zgravity00, Yesterday, 11:01 PM.<\/p>\n <\/p>\n See the rest here: Edit: The reference I got from ID-ransomware is SHA1: 46b9428f694ed7d56874995acca80e92f3817363 ------- Yesterday, I discovered that my NAS has been contaminated with ransomware. Continue reading
\nRansomware that uses .onion websites - Ransomware Help & Tech Support - BleepingComputer<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"