Kaspersky
Question

Help with RannohDecrytor

  • 10 March 2021
  • 6 replies
  • 54 views

Hi

 

I am revisiting Rannoh Decryptor fo a hard disk belonging to my father that was encrypted some years ago.

I have sample encrypted files, unencrypted version and the  ransom note left by the trojan.

I get a message saying ‘cannot decrypt the file’  the report says the following;
 

 

14:23:38.0708 0x0a08  Trojan-Ransom.Win32.Rannoh decryptor tool 1.12.4.13 Nov 26 2018 13:31:11
14:23:38.0978 0x0a08  ============================================================
14:23:38.0978 0x0a08  Current date / time: 2021/03/10 14:23:38.0978
14:23:38.0978 0x0a08  SystemInfo:
14:23:38.0981 0x0a08  
14:23:38.0981 0x0a08  OS Version: 6.2.9200 ServicePack: 0.0
14:23:38.0981 0x0a08  Product type: Workstation
14:23:38.0981 0x0a08  ComputerName: XXXX
14:23:38.0982 0x0a08  UserName: XXXX
14:23:38.0982 0x0a08  Windows directory: C:\WINDOWS
14:23:38.0982 0x0a08  System windows directory: C:\WINDOWS
14:23:38.0982 0x0a08  Running under WOW64
14:23:38.0982 0x0a08  Processor architecture: Intel x64
14:23:38.0982 0x0a08  Number of processors: 4
14:23:38.0982 0x0a08  Page size: 0x1000
14:23:38.0982 0x0a08  Boot type: Normal boot
14:23:38.0982 0x0a08  ============================================================
14:23:40.0667 0x0a08  Initialize success
14:24:43.0282 0x4cec  CryptXXX: ransom notes path: C:\Users\****\Documents\DAD Advent PC\Encrypted files from old hard disk\!Recovery_5CAAA404BCDE.html
14:24:43.0282 0x4cec  CryptXXX: user ID: 5CAAA404BCDE
14:24:43.0490 0x4cec  CryptXXX: incorrect key size at offset 0x00000000: 0x6f727265
14:24:43.0490 0x4cec  CryptXXX: didn't receive any keys
14:24:50.0353 0x4cec  Can't init decryptor
 

Any suggestions would be greatly appreciated.

 

 

 


This topic has been closed for comments

6 replies

Userlevel 7
Badge +9

@ninjagullWeclome

Please check this :
https://noransom.kaspersky.com  (*)
https://support.kaspersky.com/us/14844
https://www.kaspersky.com/blog/no-no-ransom/13364
https://id-ransomware.malwarehunterteam.com
 
(*) “Ask for the tech support (only for Kaspersky’s paid products customers)”

OK, many thanks.  Thought I would ask just in case.

 

Best wishes

Dear Benny

 

Many thanks for your reply.  None of those links, help with the actual error I am getting.  The malwarehunterteam site seems down as when I try and upoad files it comes up wit 

This page isn’t working

id-ransomware.malwarehunterteam.com is currently unable to handle this request.

HTTP ERROR 500

 

Many thanks

 

Userlevel 7
Badge +9

@ninjagull Your are welcome.
If you have a paid product please  contact Kaspersky Technical Support 

Thank you.  I do not have a paid for product!  Is there a community forum where I can possibly get help from other users?

 

Many thanks 

Userlevel 7
Badge +9

@ninjagull I would like help you but i fear that this Community will not succeed to provide you a solution. Anyway  for privacy reasons we can’t request Logfiles.