Qilin Ransomware Decryptor Required

I have moved this to the Malware Removal thread.
Let’s wait till @Malnutrition, our removal expert, can jump in.

In the mean time, have you disconnected the server from the network?
Give us the server specs.
Please tell me this is your own infection at home and not where you work.

Prepare yourself for two likely outcomes;
[ul]
[li]if your data is important enough, you may have to pay them but you’d be trusting the very pricks who infected you[/li][li]your data is gone and your old backups are your only salvation[/li][/ul]

You have just learned the hard way of the importance of valid, up to date backups.
I hate it for you, but I hope it’s a lesson you will take seriously in the future.

Qilin (also known as Agenda) is a sophisticated ransomware variant that uses strong encryption methods, and as of my knowledge, there is no publicly available free decryptor tool for this specific ransomware.

You will need to check with these sites, perhaps they can help.

Second is a Russian speaking site, so you will want to use translation software.





@Furtivex May have something to add here.

Even if your backups are old, they might contain some valuable data that could be better than nothing.

My solution to these sort of problems is to now nuke the PC from space (to quote an oldie but a goodie) then restore my data from my backups.
The nuke from space process is to guarantee nothing is still lingering around.
And of course this method relies on frequent backups, to multiple devices, stored at different locations.

Backups aren’t just for accidental deletion of a file, or a hard drive going pear-shape, or even the house burning down - they are an insurance policy for your digital data and as such are your be all and end all when it comes to data restoration.

Yes the horse has bolted in this case, but you can still shut the gate and prepare yourself for the next incident! (y)

I should also mention that we could remove the malware and you can create a backup of the machine after we do so , in hopes that later on a decryptor is created for this version of ransom ware .

Often times even paying the ransom is no guarantee that the criminals will even send a key once they have your money.

Thank you everyone for reply. The ransom amount is 100k+. I am in contact with a company named [COLOR=rgb(184, 49, 47)]Spam Link Removed.They gave me a demo but charging me 5000 dollars for recovery and asking payment in bitcoins. I am afraid about it. Can you guide me? Should I pay them or not?[/COLOR]

[COLOR=rgb(184, 49, 47)]
No. Do not.
Never pay any company in bitcoin or any other digital currency, unless you 100% know who they are.

That is the first sign they are illegitimate.[/color]

They seem professional to me and I have also seen some of their reviews as well. I have no other option available other than taking risk.

These dodgy people love Bitcoin due to it’s untraceability - so that’s a massive red flag straight away.
Reviews can be written by anyone, using any name - my Grandmother can do one for whatever I asked her to do.
And if I want to put forward a professional image, I’m going to spend the dollars and time and make a professional website, with lots of positive reviews, great photos, provide lots of computer-speak lingo but dumb it down for the average-joe.

What better scam then to create a new ransomware to sting people at the front end, then create a ‘fix’ on the backend to scam people who got stung initially but didn’t want to pay.

I had a client (many years ago) you did bathroom/kitchen renovations, who got stung by some ransomware back in the early days, he decided to pay the $500 Bitcoin only to then be told he’ll need to pay another $500. In total they made him cough up 3 times before he got his data back.

With this site you have been talking to, a couple of small red flags for me - their email address is a Gmail account and their preferred method of talking is WhatsApp.

At the end of the day, it’s your data and your money.
It would be a shame to compound your data loss with a financial loss as well.

Thanks for the guidance. I had all of these questions in my mind but I had to take the risk. The good thing is I have got my data back. It is my luck maybe… However, thanks to all of you who gave me your important time and helped me with suggestions. I’ll keep updating my backups onwards

Phew - that is good news indeed about your data. (y)

And please do keep your backups relevant, they will save your butt again someday.

After recovery, the first thing I did was a backup… I’ll keep your advices in my mind.

Will close this as Solved (a lucky one!).
All the best.

@Nicole James Links to the site and site name removed from this thread, I feel this is spam in disguise. If no then fine, glad you got your data back if that is indeed the case. This is not a free advertising site. (y)