A client infected himself with ransomware. The file extension of the encrypted files is .qak819. I’m not finding anything useful from Google. Anybody else encountered before?
That might be just a random string that they used to store and identify the encrypted files for later decryption.
It’s the REvil ransomware. Same jerks that want 70 million. Thankfully we already have %95 restoration from cold storage backup. But this individual user is going to lose a folder in his root C: that wasn’t being backed up by File History. I had demonstrated how to include additional folders but he forgot.
Dam that sucks. Your the first I’ve read anywhere with being hit. What did they demand from you guys?
1 Like
It doesn’t have a price listed in the ransom note. I haven’t tried following their links.
1 Like
Yay backups
1 Like
https://www.nomoreransom.org/ can try and identify based on file sample and the ransom note, and if there is a decryptor they will point you to it. You can save the encrypted files if they don’t want to pay and check back at a later date for decryption tools.
1 Like