New Update It is possible to decrypt files encrypted with Trojan.Encoder.10465

[omidomi]

Doctor Web has developed an algorithm that successfully decrypts files encrypted by Trojan.Encoder.10465.

Trojan.Encoder.10465 poses a threat to Windows computers. The Trojan is written in Delphi. The encoder appends the extension .crptxxx to the infected files and also saves to the disk a text file named HOW_TO_DECRYPT.txt, which contains the following content:

Warning!!!
All your files are encrypted with AESalgorithm!
For decrypt use this instructions:
Download tor browser
Run tor and go to: http://vejtqvliimdv66dh.onion
Or you can use tor2web services
http://vejtqvliimdv66dh.onion.to
in log panel enter your id (CRPTksrjghkrkwkrjthkewVM)
follow next instructions
if server is down, try connect later
locker version 3.0.0

The id parameter can assume various values on different infected computers.

If you have fallen victim to this malicious program, follow the recommendations below:

• do not remove any files from your computer or reinstall the operating system. It is also not recommended to use the infected computer until you get detailed instructions from Doctor Web’s technical support;
• if you have run an anti-virus scan, do not try to cure or remove the threats that were detected—our technical support specialists may need them during their search for a decryption key;
• try to remember as much about the circumstances of the infection as possible: this can involve receiving dubious email messages, downloading programs from the Web, or visiting websites;
• if you have the email message containing the attachment that infected your computer after you opened it, do not remove it—our specialists may need it to identify which version of the Trojan is involved.

To decrypt files corrupted by Trojan.Encoder.10465, use this special service page on the Doctor Web site.

Once again, we would like to point out that our free decryption service is only available to users who have purchased commercial licenses for Dr.Web products. Doctor Web cannot guarantee that all of your files will be decrypted successfully. However, our specialists will do their best to recover the encrypted data.

 

[Arequire]

Once again, we would like to point out that our free decryption service is only available to users who have purchased commercial licenses for Dr.Web products.

When you've got organizations like No More Ransom and ID Ransomware giving consumers the ability to decrypt their files for free, forcing them to purchase a license for Dr.Web's products comes across as scummy to me.

 

[Danielx64]

When you've got organizations like No More Ransom and ID Ransomware giving consumers the ability to decrypt their files for free, forcing them to purchase a license for Dr.Web's products comes across as scummy to me.

This 100%

 

[Atlas147]

When you've got organizations like No More Ransom and ID Ransomware giving consumers the ability to decrypt their files for free, forcing them to purchase a license for Dr.Web's products comes across as scummy to me.

Have to agree that Dr Web seems to be in this for the money whereas other partners of No More Ransom like Kaspersky and more recently Avast provide the decryption for free in exchange for some publicity.

 

[Amelith Nargothrond]

What's the difference between paying the ransom or paying Dr. Web? Might be the amount of money, but otherwise, no way ethical. This is marketing at the lowest level, something like negotiating with a "black marketer". Very disappointing Dr. Web.