CDMX ransomware encrypting files with the “.CDMX” extension.

[Premasiri]

My computer fell victim to the CDMX ransomware attack, which encrypted all my files with the '.CDMX' extension. The attack is indicated by the display of a '_readme.txt' file containing the ransom note and instructions on how to contact the authors of this ransomware (Pls refer to the readme file content below). Unfortunately, all my files, including those on Google Drive, were affected by the virus. Please assist me in recovering my files.

 

ATTENTION!

Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-99MNqXMrdS
Price of private key and decrypt software is $1999.
Discount 50% available if you contact us first 72 hours, that's price for you is $999.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.

To get this software you need write on our e-mail:
*****@*****.tld

Reserve e-mail address to contact us:
*****@*****.tld

Your personal ID:
0841ASdwfYHR8yMtLGrB9rZjQhmbbqx2yb4l1OW4FLksVecc

 

[Berny]

@Premasiri  Welcome.

Please see  Ransomware Threats Protection and Removal

Also,  in a lot of cases  files can't be decrypted without the private key that is only known by the attacker

[Premasiri]

Thank you for your comments.

Kaspersky and many others have historically recovered such encrypted files using decryption tools. Therefore, I believe there is a solution to rectify these issues rather than resorting to deleting the files.
Attempting to retrieve the private key from the attacker will further complicate the issue.

 

[Premasiri]

The attack is indicated by the display of a '_readme.txt' file containing the ransom note and instructions on how to contact the authors of this ransomware (Pls refer to the readme file content below).

ATTENTION!

Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https : //we.tl/t-99MNqXMrdS
Price of private key and decrypt software is $1999.
Discount 50% available if you contact us first 72 hours, that's price for you is $999.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.

To get this software you need write on our e-mail:
*****@*****.tld

Reserve e-mail address to contact us:
*****@*****.tld

Your personal ID:
0841ASdwfYHR8yMtLGrB9rZjQhmbbqx2yb4l1OW4FLksVecc

[Premasiri]

The attack was experienced on 26 Dec. 2023. this seems to be a latest. virus in ransomware DJVU family as per web site info https : //www.pcrisk.com/removal-guides/28666-cdmx-ransomware .

Kaspersky has eveloped some tools for these kind of DJVU ransom but the available tool in the https://www.nomoreransom.org/en/decryption-tools.html doesn't capable of decrypting my files. Kindly help me to recover my files please.

[Berny]

@Premasiri

Please see this →  https://id-ransomware.malwarehunterteam.com/   ?

[Premasiri]

Dear Berny,

According to the provided link, the type of ransomware is STOP (Djvu). Decryption tools recommended for this kind of malware were effective around 2019. However, the decryption tool no longer works for this new variant, further, it is mentioned in the link https : //www.emsisoft.com/en/ransomware-decryption/stop-djvu

In addition, Decryption tool located in the Kaspersky official site under Djvu doesn't work for decrypting the latest STOP (Djvu).

kindly appreciate your constant support to find solutions to rectify my files.

 

B. R. 

[Berny]

@Premasiri You are welcome.

Please contact Kaspersky Technical Support :
https://support.kaspersky.com/b2c/ 

[Premasiri]

Dear Berny,

I sent an email to Kaspersky Technical Support.

kindly appreciate your constant support to find solutions to rectify my files.

 

B. R. 

[Alonso Cortes]

Hello,
I have the same problem, did I find a solution?

[Berny]

@Alonso Cortes Welcome.

Unfortunately this community can’t resolve your problem , please see above suggestions.

[Premasiri]

CDMX ransomware encrypting files with the “.CDMX” extension.

The issue I raised in my December 27, 2023 post remains unresolved, and I still need help decrypting my affected files. your support is sought pls. 

[Berny]

@Premasiri 

Unfortunately this community can’t resolve your problem.

I can’t recommend it enough :

• Protect your system with Kaspersky
• Keep offline backups from your personal files
• Keep a disk image on an offline external SSD drive