Jump to content

Recommended Posts

Hi ,

How are u i`m facing problem with ramsomware .arena extension all file infected by this kespersky has any tool to decrypt all of my file i also upload file on noransomware.com but they has no decrtptor of this i upload encryption file please let its check and reply me 

FILES ENCRYPTED.txt

Share this post


Link to post
On 9/20/2017 at 10:31 PM, jibran Latif said:

Can anybody help us to decrypt our files

On 9/20/2017 at 4:48 PM, troncomputers said:

Hi! I have same problem with .arena files. They want 0.8 BTC for 1 PC and 1.5 BTC for all encrypted PCs. Is there any chance to decrypt this too?

I added encrypted files in attachment.

encrypted.zip

 

Share this post


Link to post
2 hours ago, Tommes123 said:

file placed: NZYN12_payload_2017-09-11_15-21.exe

Display: info.hta

what's this? 

 

Share this post


Link to post

Hello friends.

Could you please answer the following questions:

1. Do you have any Kaspersky solution installed on infected PCs, if yes, which one?

2. If you you have any Kaspersky solution installed on infected PCs, was System Watcher enabled ath the moment of infection?

3. Do you have any remote admnistration tool such as TeamViewer, RAdmin, etc or Remote Desktop connection enabled on infected PCs?

Share this post


Link to post

P.S. There is no decryption tool for Arena ransomware at the moment. So it is critical for protection to keep all protection components permanently enabled. Especially System Watcher.

Share this post


Link to post
3 часа назад, jibran Latif сказал:

When it possible are u working on it 

Of course, our anti-malware research unit is constantly working on decryptor tools. But it is not always possible to decrypt encrypted data if you are already a victim of ransomware attack, and moreover I have no information about any terms. I can advise you to write to support@kaspersky.com and to periodically check https://www.nomoreransom.org and https://noransom.kaspersky.com.  But as I mentioned, in number of cases decryption is hardly possible.

What about questions I asked? If you are a victim of the atack, could you please also send the export of product's reports from infected PCs?

 

P.S.

Just a reminder, this is part of Kaspersky Anti-Ransomware tool's forum, NOT KES's forum. If you have questions related to Kaspersky Endpoint Security / Kaspersky Security Center, please ask at https://forum.kaspersky.com/index.php?/forum/5-protection-for-business/

 

Share this post


Link to post

I have sent email at support@kaspersky.com  and also attached the encrypted.txt file please help us all are wary only kaspersky can resolve our problems 

Share this post


Link to post
39 минут назад, jibran Latif сказал:

have sent email at support@kaspersky.com

Thank you! I'm not form Kaspersky Support team and work in tetslab and responsible for KART product's lifecycle after release. Could you please also PM me here with the same message?

Kaspersky Anti-Ransomware Tool provides real-time protection against ransomware, and cannot restore your data unless tool was working at the moment of infection. This is not a decryption tool (plase see pinned posts in KART's part of the forum).

If files are already encrypted by Arena or Aleta, and no security solution was installed/working at the moment of encryption, for now it is inmpossible to restore files as soon there is no decryption tool for this ransomware at the moment. The info I asked actually necessary to understand why that happend to your PCs/servers.

I would be gald to help, but there is a number of situations with ransomware when nobody can help. Now I can't determine if this one of such situation or no.

Share this post


Link to post

hi. I was able to isolate the infected file that gave access to the attacker. it was a torrent file that included free ebooks. I placed the file on a VMware windows 7 installation. within 10 minutes the attacker connected using rdp and within 15 minutes all files were encrypted. 

Share this post


Link to post

Yes you are right i also had forwarded port of rdp on my router so i was encrypted my data i request to kespershy to please resolve this

Share this post


Link to post
15 часов назад, Lolz84 сказал:

hi. I was able to isolate the infected file that gave access to the attacker. it was a torrent file that included free ebooks. I placed the file on a VMware windows 7 installation. within 10 minutes the attacker connected using rdp and within 15 minutes all files were encrypted. 

Please see PM.

Share this post


Link to post

Asymetric AES encryption:  Difficult to decrypt. It takes tons of computer power and tons of time, so much time and power, that the task may not be possible to complete. 

Prevention is your best bet.  Backups are your best bet to restore. 

Prevention: Do not open attachments in phishing emails. Change RDP passwords to strong passwords. Beware of fake utilities and fake program updates. Do not click on malicious Flash content.
Keep all applications and operating system up to date. 

Restore: from backups or Shadow volume copies and/or Previous Versions.
 

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.