Does a decoder exist in nature for victims of the Trojan-Ransom.Win32.Cryakl.av virus?

V

Vadim2015-02-03 12:09:06

Malware

Vadim, 2015-02-03 12:09:06

The company was in trouble. The virus ( Trojan-Ransom.Win32.Cryakl.av - according to Kaspersky) encrypted all documents and archives on the server. Now the files have the .cbf extension and inside the file - porridge.
The file names took the form: "original name" + "-{HEWOSVBMOYYXSSRQALKKUTSSCCQPAZYYHHWV-31.01.2015 [email protected]@051499304}[email protected]"
Some anti-virus company has already released a decryption utility for this trouble?

Reply

Answer the question

In order to leave comments, you need to log in

5 answer(s)

V

Valery Maroz, 2015-02-03
@vmaroz

Chances are low, but try:
1) Change your passwords to RDP!
2) (similar to forum.kaspersky.com/index.php?showtopic=314971)
Create a request to the Technical Support Service (not VirLab).
For corporate clients: https://companyaccount.kaspersky.com
Please provide the following information in the request:
- Approximately how many files are encrypted?
- What types of files have been encrypted?
- Source of the virus
- Approximate date of encryption
- Was the LC product installed on the infected machine?
- In the case of Kaspersky Endpoint Security 8/10: was the Activity Monitor component enabled?
3) Attach to the request
- GetSystemInfo 5 report - support.kaspersky.com/general/dumps/3632
- Virus body in the archive with password "infected" (without quotes). Many viruses delete themselves from the infected computer after infection. You can check recently deleted exe files. This can be done, for example, using the free Recuva application.
- You can also send a copy of the letter containing the ransomware.
- Examples of encrypted and original files (if you have backups).
- Encrypted files storage path (for example, My Documents folder)
All files should be attached in a single archive. If the file size exceeds 50Mb and you have a problem with storage, you can upload the archive to any file sharing service and send us a link.
4)The contents of the following folders are also required:
KES8 - "C:\ProgramData\Kaspersky Lab\KES8\SysWHist
KES10 -"C:\ProgramData\Kaspersky Lab\KES10\SysWHist

V

Vladimir Martyanov, 2015-02-03
@vilgeforce

There is a decoder, but not from some Red Company, about which they wrote above. In your case, however, the chances are not many.

G

glGizma, 2015-06-10
@glgizmawin32

Send me the file, I'll try to fix it! [email protected]

V

Vadim, 2015-06-10
@vadpost

Unfortunately, a couple of hours! back I cleaned the backups, where there were snapshots of the infected server.
What a coincidence! (
So your help is a bit late, but thanks anyway.

S

Sergey Bukhanov, 2020-02-03
@bukh79

Hello!
My son downloaded a cheat for the game from the resource ip -104.18.57.130 (San Francisco, California, United States) and away we go...
There were 4 disks totaling 2.5Tb all files are encrypted *.repp extension Kaspersky Lab determined how Trojan-Ransom was encrypted. Win32.Stop
At the moment, a cryptographically strong algorithm is used for encryption, so decrypting files, unfortunately, is not possible at the moment.
If anyone knows something I will be very grateful!