A client infected himself with ransomware. The file extension of the encrypted files is .qak819. I’m not finding anything useful from Google. Anybody else encountered before?
That might be just a random string that they used to store and identify the encrypted files for later decryption.
It’s the REvil ransomware. Same jerks that want 70 million. Thankfully we already have %95 restoration from cold storage backup. But this individual user is going to lose a folder in his root C: that wasn’t being backed up by File History. I had demonstrated how to include additional folders but he forgot.
Dam that sucks. Your the first I’ve read anywhere with being hit. What did they demand from you guys?
It doesn’t have a price listed in the ransom note. I haven’t tried following their links.
https://www.nomoreransom.org/ can try and identify based on file sample and the ransom note, and if there is a decryptor they will point you to it. You can save the encrypted files if they don’t want to pay and check back at a later date for decryption tools.