eCh0raix Ransomware - QNAPCrypt/Synology NAS (.encrypt) Support Topic

may i ask how you guys had the network drive show up for the decryption tools? I tried to map the drive and add as network address, both still cannot have RakhniDecryptor list them on the parameter option. sigh...

The decrypter probably has to run as administrator, which by default, does not share the same network drives as your actual user account.

Try the registry tweak in this article and reboot (under "More Information" at the bottom of the page).

https://support.microsoft.com/en-us/help/3035277/mapped-drives-are-not-available-from-an-elevated-prompt-when-uac-is-co

After the decryption, files without the .encrypt extension is created, but none of the files can be opened. The files seem to be corrupted.

Any people have alternative ways?

A real solution is coming soon.

Any people have alternative ways?

 
The company DrWeb too decrypts files a week ago privately (paid service).
I have marked it as decryptable. 
 
But I have only screenshots in the Russian interface of the program.
Here you can see that the selected file and the other two are decrypted.
 


Mod Edit by quietman7 to include the following:

Dr.Web policy regarding the recovery of ransomware-corrupted files

• How to submit a request to Dr.Web's support service
• Submit a request

Opening a support request with Dr.Web is free but if you're not a licensed user of a Dr.Web product already installed at the moment of infection, you will have to pay 150 € exc for their services (decrypter/personal decryption key) if they are able to calculate the decryption key. The fee includes a free two-year Dr.Web Security Space license for 1 computer as noted here. There is nothing to pay if Dr.Web cannot decrypt your files.

Edited by quietman7, 17 April 2023 - 02:39 PM.

HELP!! Hello, I found my NAS yeserday moring hacked with some Ransomware. There was no message or something like that. All files are encrypted by fileextension "encrypt" and the following ransome note in a text file:

***

Edited by quietman7, 21 July 2019 - 03:27 PM.

Edited by Amigo-A, 21 July 2019 - 03:17 PM.

thks... would have some more details? 1 way.... or the DrWeb services? and how long is the wiat for 3?

new to this, never had to deal with such an issue...

Post #152 edited to include the following information.

Dr.Web policy regarding the recovery of ransomware-corrupted files

• How to submit a request to Dr.Web's support service
• Submit a request

Opening a support request with Dr.Web is free but if you're not a licensed user of a Dr.Web product already installed at the moment of infection, you will have to pay 150 € exc for their services (decrypter/personal decryption key) if they are able to calculate the decryption key. The fee includes a free two-year Dr.Web Security Space license for 1 computer as noted here. There is nothing to pay if Dr.Web cannot decrypt your files.

Edited by Amigo-A, 21 July 2019 - 03:20 PM.

I ask quietman7 to leave the topic open, that the victims could find it and respond here.

 

HELP!! Hello, I found my NAS yeserday moring hacked with some Ransomware. There was no message or something like that. All files are encrypted by fileextension "encrypt" and the following ransome note in a text file:

 

***

All your data has been locked(crypted).

How to unclock(decrypt) instruction located in this TOR website: http://qkqkro6buaqoocv4.onion/order/16sYqXAncDDiijcuruZecCkdBDwDf4vSEC

Use TOR browser for access .onion websites.

https://duckduckgo.com/html?q=tor+browser+how+to

 

 

Do NOT remove this file and NOT remove last line in this file!

HSwJU+LOOQrjwlVsuAdV4VTQVKd8fY5GRoiQsXiNYsSAIDWQgmHegPaEAkjD2qUABxPkGmYQSyzH4sWEeoyGE3YgA2X/EV1VhMYyb8nCCLE/BER6sq4LRngtie4Nwlhq5KMqDGh6SgnoO1pNi+wnOOmUQ4A1wmeeVB6jdhIr4ts=

 

**

 

They want BTC 0.06.... Could not find any help seachring the net. Any ideas?

 

Thank you!

Gerd

 

â€

​My Synology DS218J is facing the same situation last Friday, from 0830-1345. Hope to find ways to decrypt. 

My NAS Synology also in same case . Hope to got the solution soon. 

Synology DX3615 DSM 6.1.5

**********

Edited by arthurchan, 22 July 2019 - 04:03 AM.

arthurchan

Write the name of the NAS device following the example of other users in the topic.

Hello,

My Synology DS214SE has been encrypted friday 19.07, about 11:00PM, same file .txt as shown above.

Stranger thing, only a directory I created has been crypted, the directories Drive, Music and others hasn't been impacted.

Maybe this ransomware use the "owner's creatd directory" to crypt datas ?

Another thing, not any of my 2 PCs are infected : I ran a full system scan with BitDefender on all HDD and nothing, so I don't understand how ransomware could reach the NAS ?

Edited by Christophe29, 22 July 2019 - 05:17 AM.

After the decryption, files without the .encrypt extension is created, but none of the files can be opened. The files seem to be corrupted.

Any people have alternative ways?

Could you share one of your file to let us test it.

​

 

After the decryption, files without the .encrypt extension is created, but none of the files can be opened. The files seem to be corrupted.

Any people have alternative ways?

 

Could you share one of your file to let us test it.

 

Thank you for your kindness. I have just sent you a private message. 

Hi guys,

unfortunately the same over here, also with a Synology NAS.