Question

Decrypting decrypthelp@qq.com

Sep 10, 2018 9:07PM PDT

My computer was inflicted with this virus. I see every of the file has been encrypted and its name changed to something
email-decrypthelp@qq.com_.....

It is huge mess and I dont have much needed data on that (I store everything on NAS at home and gladly fuckers has not been able to touch it) but there is no HYPERV HDD file on which I stored 1-2 years of project involving linux kernel development. I'd rather recover it.

Quick google search shows some sites offering help and some offering wipe-a-new but I am not sure which one is reliable. Some site points that the perpetrators promise to help is a hoax. Another site says, remedy is not available yet. Currently disk is in cold storage.

Any solution available? Thanks!

Discussion is locked

Follow
Reply to: Decrypting decrypthelp@qq.com
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: Decrypting decrypthelp@qq.com
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
Answer
cont-d
Sep 10, 2018 9:11PM PDT
- Collapse -
While I would not need the duplicator
Sep 11, 2018 8:07AM PDT

Since there are many ways to duplicate a drive without, I think some folk would like that method.

As to the ransomware, be sure to ask in Bleepingcomputer.com as well.
My answer is we only lose what we don't backup. Most of what folk need to backup fits on the usual 1TB USB HDD which is fairly cheap today. Far cheaper than any data recovery house charge.

- Collapse -
Answer
Anything Important Here, We Backup At Least Monthly
Sep 11, 2018 12:21PM PDT

As such, whether it's ransomware or a failed hard drive, we simply use the System Image backup we made and any other current backed up files and reinstall everything. Our concern is the probability of other malware being on the computer if the user already "allowed" one type to install itself.

Hope this helps.

Grif

- Collapse -
Answer
Data Recovery Pro Maybe?
Sep 21, 2018 5:56AM PDT

This is a variant of CrySis/Dharma that is not a joke and unfortunately not decryptable.
I guess the best solution for you is to get rid of the ransomware, then try some of the file restoring tools you can find online.

ShadowExplorer perhaps could work too? At least try.

CNET Forums

Forum Info