Ransonware *.DcRat encrypted files


J3trooper

New member
Local time
9:14 AM
Posts
1
OS
Windows 11
My computer has been infected with Ransonware. All my files have been encrypted with the file extension *.DcRat
I have reinstalled windows 11 but now need to decrypt my files
Has anyone any experience at decrypting these files?
 

My Computer

System One

  • OS
    Windows 11

My Computer

System One

  • OS
    Windows 11 Pro 23H2 (22631.3155)
    Computer type
    PC/Desktop
    CPU
    AMD Ryzen 5 5600X
    Motherboard
    Asus TUF Gaming B550-Plus
    Memory
    Kingston 16GB (2 x 8GB) DDR4 3200MHz
    Graphics Card(s)
    Gigabyte Radeon RX 580 AORUS 8GB GDDR5
    Monitor(s) Displays
    Samsung
    Screen Resolution
    1920X11080
    Hard Drives
    Samsung 970 EVO Plus NVMe M.2 500GB (OS)
    Samsung 980 NVMe 1TB (Games)
    Samsung 860 EVO 250GB
    Samsung 850 EVO 250GB (Music)
    PSU
    Super Flower / Leadex 750W 80Plus Titanium
    Cooling
    SilentiumPC Fortis 3 HE1425 v2
    Keyboard
    Logitech K520
    Mouse
    Logitech G700S
    Internet Speed
    50mbps/10mbps
    Browser
    Firefox, Chrome, Edge, Opera
    Antivirus
    Windows Defender
Did you ever take any backups.

Nobody should ever be allowed to use a computer where they have valuable data without first learning about and performing a backup of the OS and data files up at least once.

If you have a proper uncontaminated backup simply remove every external connection to computer, including internet, clean format the disk -- proper format i.e write X'00" (Hex Zero) ; to every physical sector on HDD, then create new File system (windows NTFS or whatever), and restore OS and data.

If you haven't -- then maybe a hard lesson - so next time you know what to do especially as there are so many decent FREE backup programs around. Most people here use Macrium but there are others.

Cheers
jimbo
 

My Computer

System One

  • OS
    Windows XP,7,10,11 Linux Arch Linux
    Computer type
    PC/Desktop
    CPU
    2 X Intel i7
Sorry to be the bearer of bad news, but once ransomware gets hold of your system, the files can not be decrypted. You have 2 choices; restore from a backup if you have one, or do a clean install of windows. Make sure ALL partitions on the drive are deleted and uninstall in unallocated space.
Be sure to change all your passwords immediately and monitor your financials. I would also contact any financial institution and advise them of it as that particular piece of malware is especially invasive. DO NOT PAY HACKERS ONE RED CENT.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 23H2 22631.4169
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 7080
    CPU
    i9-10900 10 core 20 threads
    Motherboard
    DELL 0J37VM
    Memory
    32 gb
    Graphics Card(s)
    none-Intel UHD Graphics 630
    Sound Card
    Integrated Realtek
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    1tb Solidigm m.2 nvme+256gb SKHynix m.2 nvme /External +512gb Samsung m.2 sata+1tb Kingston m2.nvme
    PSU
    500w
    Case
    MT
    Cooling
    Dell Premium
    Keyboard
    Logitech wired
    Mouse
    Logitech wireless
    Internet Speed
    so slow I'm too embarrassed to tell
    Browser
    Firefox
    Antivirus
    Defender+MWB Premium
  • Operating System
    Windows 10 Pro 22H2 19045.3930
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 9020
    CPU
    i7-4770
    Memory
    24 gb
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    256 gb Toshiba BG4 M.2 NVE SSB and 1 tb hdd
    PSU
    500w
    Case
    MT
    Cooling
    Dell factory
    Mouse
    Logitech wireless
    Keyboard
    Logitech wired
    Internet Speed
    still not telling
    Browser
    Firefox
    Antivirus
    Defender+MWB Premium
Do we need to start the conversation about the vital importance of backing up again?
@J3trooper sorry for your loss, it is almost certainly a loss
 

My Computer

System One

  • OS
    Windows 11 Pro Beta, 11 Dev, W11 Canary
    Computer type
    Laptop
    Manufacturer/Model
    Dell Alienware M15 Ryzen Edition R6
    CPU
    AMD Ryzen™ 9 5900HX
    Memory
    32GB
    Graphics Card(s)
    NVIDIA® GeForce RTX™ 3070 8GB GDDR6
    Hard Drives
    1 x Samsung 980 Pro 1TB
    1 x Samsung 970 Evo Plus 1TB
free decryption tools
Those tools are each designed for only ONE ransomware variant.
EDIT: And I have never known them to work.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 23H2 22631.4169
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 7080
    CPU
    i9-10900 10 core 20 threads
    Motherboard
    DELL 0J37VM
    Memory
    32 gb
    Graphics Card(s)
    none-Intel UHD Graphics 630
    Sound Card
    Integrated Realtek
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    1tb Solidigm m.2 nvme+256gb SKHynix m.2 nvme /External +512gb Samsung m.2 sata+1tb Kingston m2.nvme
    PSU
    500w
    Case
    MT
    Cooling
    Dell Premium
    Keyboard
    Logitech wired
    Mouse
    Logitech wireless
    Internet Speed
    so slow I'm too embarrassed to tell
    Browser
    Firefox
    Antivirus
    Defender+MWB Premium
  • Operating System
    Windows 10 Pro 22H2 19045.3930
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 9020
    CPU
    i7-4770
    Memory
    24 gb
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    256 gb Toshiba BG4 M.2 NVE SSB and 1 tb hdd
    PSU
    500w
    Case
    MT
    Cooling
    Dell factory
    Mouse
    Logitech wireless
    Keyboard
    Logitech wired
    Internet Speed
    still not telling
    Browser
    Firefox
    Antivirus
    Defender+MWB Premium
Do we need to start the conversation about the vital importance of backing up again?
It won't do any good. I have preached it to my customers for years and until one gets bitten and learns the hard way, they do not think it can happen to them.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 23H2 22631.4169
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 7080
    CPU
    i9-10900 10 core 20 threads
    Motherboard
    DELL 0J37VM
    Memory
    32 gb
    Graphics Card(s)
    none-Intel UHD Graphics 630
    Sound Card
    Integrated Realtek
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    1tb Solidigm m.2 nvme+256gb SKHynix m.2 nvme /External +512gb Samsung m.2 sata+1tb Kingston m2.nvme
    PSU
    500w
    Case
    MT
    Cooling
    Dell Premium
    Keyboard
    Logitech wired
    Mouse
    Logitech wireless
    Internet Speed
    so slow I'm too embarrassed to tell
    Browser
    Firefox
    Antivirus
    Defender+MWB Premium
  • Operating System
    Windows 10 Pro 22H2 19045.3930
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 9020
    CPU
    i7-4770
    Memory
    24 gb
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    256 gb Toshiba BG4 M.2 NVE SSB and 1 tb hdd
    PSU
    500w
    Case
    MT
    Cooling
    Dell factory
    Mouse
    Logitech wireless
    Keyboard
    Logitech wired
    Internet Speed
    still not telling
    Browser
    Firefox
    Antivirus
    Defender+MWB Premium
That tool was designed in 2019 for only ONE ransomware variant.

There are more than 50 tools for different ransomware. In addition, there is more on the Internet. Of course, it is unlikely that the files will be recovered. But it's not a big hassle to try. :)
 

My Computer

System One

  • OS
    Windows 11 Pro 23H2 (22631.3155)
    Computer type
    PC/Desktop
    CPU
    AMD Ryzen 5 5600X
    Motherboard
    Asus TUF Gaming B550-Plus
    Memory
    Kingston 16GB (2 x 8GB) DDR4 3200MHz
    Graphics Card(s)
    Gigabyte Radeon RX 580 AORUS 8GB GDDR5
    Monitor(s) Displays
    Samsung
    Screen Resolution
    1920X11080
    Hard Drives
    Samsung 970 EVO Plus NVMe M.2 500GB (OS)
    Samsung 980 NVMe 1TB (Games)
    Samsung 860 EVO 250GB
    Samsung 850 EVO 250GB (Music)
    PSU
    Super Flower / Leadex 750W 80Plus Titanium
    Cooling
    SilentiumPC Fortis 3 HE1425 v2
    Keyboard
    Logitech K520
    Mouse
    Logitech G700S
    Internet Speed
    50mbps/10mbps
    Browser
    Firefox, Chrome, Edge, Opera
    Antivirus
    Windows Defender
C'mon folks! @J3trooper is in a heck of a pickle! There's no need to be harsh with him (you know who you are).

@J3trooper: Hopefully you do have a backup of your computer.

Advice from @glasskuter & @Nobody seem to be the best you've gotten so far. And no, I can't help; I wish I could.
 

My Computers

System One System Two

  • OS
    Windows 11 23H2 22631.2861
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP Envy TE01-1xxx
    CPU
    Intel(R) Core(TM) i7-10700 CPU @ 2.90GHz 2.90 GHz
    Motherboard
    16.0GB Dual-Channel Unknown @ 1463MHz (21-21-21-47)
    Memory
    16384 MBytes
    Graphics Card(s)
    Intel UHD Graphics 630
    Sound Card
    Realtek High Definition Audio
    Monitor(s) Displays
    Monitor 1 - Acer 27" Monitor 2 - Acer 27"
    Screen Resolution
    1920 x 1080
    Hard Drives
    WDC PC SN530 SDBPNPZ-512G-1006 (SSD)
    Seagate ST1000DM003-1SB102
    Seagate BUP Slim SCSI Disk Device (SSD)
    PSU
    HP
    Case
    HP
    Cooling
    Standard
    Keyboard
    Logitech Wave K350
    Mouse
    Logitech M705
    Internet Speed
    500 mbps
    Browser
    Firefox
    Antivirus
    Windows Defender
    Other Info
    That's all Folks!
  • Operating System
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP
    CPU
    Intel Core i7 (10th gen) 10700
    Motherboard
    Intel
    Memory
    16 GB
    Graphics card(s)
    Intel UHD Graphics 630
    Sound Card
    Built-in
    Monitor(s) Displays
    Acer 27" & Samsung 24"
    Screen Resolution
    1920 x
    Hard Drives
    SSD (512 GB)
    HDD (1 TB)
    Seagate
    PSU
    Intel i7 10th Generation
    Case
    HP
    Cooling
    HP/Intel?
    Mouse
    Logitech M705
    Keyboard
    Logitech Wave K350
    Internet Speed
    50 mbps
    Browser
    Firefox 90.2
    Antivirus
    Windows Defender
    Other Info
    Headphone/Microphone Combo
    SuperSpeed USB Type-A (4 on front)
    HP 3-in-One Card Readr
    SuperSpeed USB Type-C
    DVD Writer
C'mon folks! @J3trooper is in a heck of a pickle! There's no need to be harsh with him (you know who you are).

@J3trooper: Hopefully you do have a backup of your computer.

Advice from @glasskuter & @Nobody seem to be the best you've gotten so far. And no, I can't help; I wish I could.
Unless OP has a back up (I'm guessing not or he probably wouldn't be posting) or by miracle those RSW programs work then he's f*$k@d, you can't really cover said 'f*$k@d' in cream and butter to make it sweeter I'm afraid
 
Last edited:

My Computer

System One

  • OS
    Windows 11 Pro Beta, 11 Dev, W11 Canary
    Computer type
    Laptop
    Manufacturer/Model
    Dell Alienware M15 Ryzen Edition R6
    CPU
    AMD Ryzen™ 9 5900HX
    Memory
    32GB
    Graphics Card(s)
    NVIDIA® GeForce RTX™ 3070 8GB GDDR6
    Hard Drives
    1 x Samsung 980 Pro 1TB
    1 x Samsung 970 Evo Plus 1TB
One of the reasons I bought the paid version of Macrium is that it makes backups that can only be accessed by itself - any attempt to write to the backup file generates an error. It uses a driver to protect itself. The cost of the full version licence for peace of mind against ransomware was well worth it.
 

My Computer

System One

  • OS
    Windows 11 Pro 24H2 (RP channel)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Gigabyte
    CPU
    AMD Ryzen 5900X 12-core
    Motherboard
    X570 Aorus Xtreme
    Memory
    64GB Corsair Platinum RGB 3600MHz CL16
    Graphics Card(s)
    MSI Suprim X 3080 Ti
    Sound Card
    Soundblaster AE-5 Plus
    Monitor(s) Displays
    ASUS TUF Gaming VG289Q
    Screen Resolution
    3840x2160
    Hard Drives
    Samsung 990 Pro 2TB
    Samsung 980 Pro 2TB
    Samsung 970 Evo Plus 1TB
    Samsung 870 Evo 4TB
    Samsung T7 Touch 1TB
    PSU
    Asus ROG Strix 1000W
    Case
    Corsair D750 Airflow
    Cooling
    Noctua NH-D15S
    Keyboard
    Razer Blackwidow V4
    Mouse
    Logitech G903 with PowerPlay charger
    Internet Speed
    900Mb/sec
    Browser
    Microsoft Edge
    Antivirus
    Windows Defender
Based upon the file name extension you are seeing, I wonder if this is what you have been infected with:


What's interesting about this is that the ransom is supposedly only $5.

Personally, I would like to say that I would never ever pay a single dime in ransom for data, especially since I have great backups (nudge, nudge, wink, wink), but I simply thought that you might want to know what your options are. If the data is important enough to you, maybe it's worth paying the $5 and considering this a cheap, forced lesson that could have potentially been a lot worse.
 

My Computers

System One System Two

  • OS
    Win11 Pro 24H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Kamrui Mini PC, Model CK10
    CPU
    Intel i5-12450H
    Memory
    32GB
    Graphics Card(s)
    No GPU - Built-in Intel Graphics
    Sound Card
    Integrated
    Monitor(s) Displays
    HP Envy 32
    Screen Resolution
    2560 x 1440
    Hard Drives
    1 x 2TB NVMe SSD
    1 x 4TB NVMe SSD
    1 x 4TB 2.5" SSD
    PSU
    120W "Brick"
    Keyboard
    Corsair K70 Mechanical Keyboard
    Mouse
    Logitech MX Master 3
    Internet Speed
    1Gb Up / 1 Gb Down
    Browser
    Edge
    Antivirus
    Windows Defender
  • Operating System
    Win11 Pro 23H2
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo ThinkBook 13x Gen 2
    CPU
    Intel i7-1255U
    Memory
    16 GB
    Graphics card(s)
    Intel Iris Xe Graphics
    Sound Card
    Realtek® ALC3306-CG codec
    Monitor(s) Displays
    13.3-inch IPS Display
    Screen Resolution
    WQXGA (2560 x 1600)
    Hard Drives
    2 TB 4 x 4 NVMe SSD
    PSU
    USB-C / Thunderbolt 4 Power / Charging
    Mouse
    Buttonless Glass Precision Touchpad
    Keyboard
    Backlit, spill resistant keyboard
    Internet Speed
    1Gb Up / 1Gb Down
    Browser
    Edge
    Antivirus
    Windows Defender
    Other Info
    WiFi 6e / Bluetooth 5.1 / Facial Recognition / Fingerprint Sensor / ToF (Time of Flight) Human Presence Sensor
Based upon the file name extension you are seeing, I wonder if this is what you have been infected with:


What's interesting about this is that the ransom is supposedly only $5.
I think you misread the article. It doesn't say anything about the ransom. It's the malicious software itself which is (supposedly) sold for just 5 bucks.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    HP
    CPU
    Intel(R) Core(TM) i5-1035G1
    Motherboard
    HP 86C9 56.33 AMI F.22
Maybe the OP would consider contacting bleepingcomputer.com for advice, they are well versed in ransomware variants and how to go about recovering files, if possible. They have, I think, a dedicated live chat and phone options to walk people through procedures and have a lot of industry connections that could be of help.
Until the OP knows whether or not the files are recoverable I suggest affected disks are disconnected and placed in a drawer until such time as a tool for reversing that particular variant becomes available, if at all.
Of course it all depends on how important and unique the OP's data is and the lengths they are prepared to go to for recovery.
 

My Computer

System One

  • OS
    Windows 11 Pro 22H2, build: 22621.521
    Computer type
    PC/Desktop
    Manufacturer/Model
    Scan 3XS Custom 1700
    CPU
    Intel i7-12700K 3.6GHz Base (5.0GHz Turbo)
    Motherboard
    Asus ProArt Creator B660 D4
    Memory
    64GB DDR 3600Mhz
    Graphics Card(s)
    Asus Tuff RTX 3080 10GB OC
    Sound Card
    Onboard Realtek
    Monitor(s) Displays
    Gigabyte G32QC 32inch 16:9 curved @2560 x 1440p 165Hz Freesync Premium Pro/ Dell SE2422H 24inch 16:9 1920 x 1080p 75Hz Freesync
    Screen Resolution
    2560 x 1440p & 1920 x 1080p
    Hard Drives
    WD SN570 1TB NVME (Boot), Samsung 870QVO 1TB (SSD), SanDisk 3D Ultra 500Gb (SSD) x2, Seagate 3Tb Expansion Desk (Ext HDD), 2x Toshiba 1Tb P300 (Ext HDD)
    PSU
    Corsair RM1000X Modular
    Case
    Corsair 4000D Airflow Desktop
    Cooling
    Corsair Hydro H150i RGB Pro XT 360mm Liquid Cooler, 3 x 120mm fans, 1x Exhaust
    Keyboard
    Microsoft Ergonomic
    Mouse
    Logitech G402
    Internet Speed
    800Mbs
    Browser
    Edge Chromium
    Antivirus
    Defender, Malwarebytes
@J3trooper I just reread your OP and noticed that I missed where you had already reinstalled Windows. Sorry about that. May I ask what method you used? Did you use a reset with the "keep my files" option, a reset with "remove everything" or a clean install using an iso? It matters. Even though you say you reinstalled, you also ask how to decrypt the files which leads me to believe you reset using "keep my files' option.
The only way to be 100% sure the malware is not still lurking around is to do a clean install using the iso.

Hackers have gotten very sophisticated and there may be triggers inserted into one, some, or all of the infected files if they are left on your system. Besides encrypting files, this particular variant is known to insert a keylogger which can track every keystroke you make. Do not take the chance.
I do not mean to be harsh, but for the safety of you and your family, I suggest you chalk this up as a learning experience, bite the bullet and accept your files are gone, and clean install from scratch (iso) if you haven't already.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 23H2 22631.4169
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 7080
    CPU
    i9-10900 10 core 20 threads
    Motherboard
    DELL 0J37VM
    Memory
    32 gb
    Graphics Card(s)
    none-Intel UHD Graphics 630
    Sound Card
    Integrated Realtek
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    1tb Solidigm m.2 nvme+256gb SKHynix m.2 nvme /External +512gb Samsung m.2 sata+1tb Kingston m2.nvme
    PSU
    500w
    Case
    MT
    Cooling
    Dell Premium
    Keyboard
    Logitech wired
    Mouse
    Logitech wireless
    Internet Speed
    so slow I'm too embarrassed to tell
    Browser
    Firefox
    Antivirus
    Defender+MWB Premium
  • Operating System
    Windows 10 Pro 22H2 19045.3930
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 9020
    CPU
    i7-4770
    Memory
    24 gb
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    256 gb Toshiba BG4 M.2 NVE SSB and 1 tb hdd
    PSU
    500w
    Case
    MT
    Cooling
    Dell factory
    Mouse
    Logitech wireless
    Keyboard
    Logitech wired
    Internet Speed
    still not telling
    Browser
    Firefox
    Antivirus
    Defender+MWB Premium
My computer has been infected with Ransonware. All my files have been encrypted with the file extension *.DcRat
I have reinstalled windows 11 but now need to decrypt my files
Has anyone any experience at decrypting these files?
I am in the EXACT same boat and my computer was attacked almost at the exact same time it seems as yours. I noticed it as it was happening though and quickly pulled the power plug from the back of the machine. Over 70k of my files now have the .DcRAT file extension. 😕 Strangely, there was not one ransome note left anywhere on my medicine... did you have one left on yours? Perhaps I interrupted the process before it was complete and that's why.

I do have some potentially positive news though! Despite what several of the apparently misinformed and unaware persons above have stated this ransomware can in fact be decrypted. There is basically only one person in the world though (aside from the idiot who attacked our machines of course) who can help us. He's just a nice guy with a special gift who helps people in his spare time. You need to contact him via the bleepingcomputer.com forum and/or visit the ID-Ransomware site and upload one of the encrypted files and it will identify the type of ransomware (DcRAT, which is apparently a variant of Lime ransomware, which is a variant of HiddenTear ransomware.) and it will direct you to this Twitter thread and basically tell you to DM/message Michael and take a number and wait patiently.

Here is the Bleeping Computer site forum topic discussing this particular malware where you can also try to contact Michael/you can see my message to him here as well: Lime-Rat (HiddenTear) Ransomware Support Topic - Page 3 - Ransomware Help & Tech Support

Another potentially but probably not very helpful resource unfortunately is this decryptor tool that Michael already made for HiddenTear ransomware and its spawned variants but I ran this for over 8 hours and it didn't work for me so I'm not sure that it will work for you either but give it a try!

That Dark Crystal DCRat malware thing that someone else above linked to is actually something different than what we are dealing with, though I thought the same thing myself at first. Actually, the source code and sketchy sales site for @$$hole "hackers" to buy the tools that were used to infect our computers are located here and here. I don't think there's any benefit to reaching out to any of the sketchy people at those websites and I don't think that downloading their software is a good idea either and would be pointless anyway because we still wouldn't have the specific encryption key that was generated when whatever terrible person took over our machines.

Hopefully this information is helpful for you. I've been waiting since Friday now for this Michael person to respond and it might be a while before he's able to help it seems unfortunately :-(.

Yes yes, make sure you always have a quality backup system in place, blah blah blah. ✅ Also everyone else above should become a little more educated before they chime in and say things that aren't quite the case here. There is possibly a chance that your files can be decrypted... fingers crossed! 🤞🏻
 
Last edited:

My Computer

System One

  • OS
    Windows 11
Im afraid unless you run with the back up everyday/every time you touch something on you're pc crew all the backup brigade are gonna do is tell you to backup and why you're stupid for not backing up and not to touch a PC unless you do this.
Around 15 years no back ups no fails. Don't be stupid and 99% of the time you shoulnd't need it. If you need it, Chances are you're touching crap you dont know about and need it to bail you out, User error is at the center of alot more than most people will be willing to admit, Because people don't like admitting they're wrong or made a mistake( Again learn before you touch, Thus not needing a get out of jail free card as often/if ever)
Useful to have of course but some people make it sound like theres a gun being held to you're head, It aint a bomb thats gonna explode.
They also can be decrypted, It is possible. Not Saying it will happen for you but its most certainly possible.
Good luck getting it sorted, I hope the Ultra secure backup people aren't too harsh :)
 

My Computer

System One

  • OS
    11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom
    CPU
    10700k@5.2
    Motherboard
    Gigabyte Gaming X Z490
    Memory
    Viper Steelseries 32gb@ 3600mhz
    Graphics Card(s)
    Gigabyte 2070 Super 8GB, +200 core + 600 memory
    Monitor(s) Displays
    ASUS 4k HDR, Two 1080p Benq and Samsung
    Screen Resolution
    3840x2160/2560x1440/1920x1080
    Hard Drives
    Adata XPG SX8200 PRO 1tb
    Samsung EVO 870 500GB
    PSU
    Corsair RX 650
    Case
    NZXT h510
    Cooling
    CM HYPER 212 RGB
    Keyboard
    Razer Ornata Chroma
    Mouse
    Steelseries Rival 710
misinformed and unaware persons
everyone else above should become a little more educated before they chime in and say things that aren't quite the case here.
Young grasshopper, Welcome to the forum. I must say you are very unfair in your assessment of the merit of the volunteers here. If I'm reading correctly, I believe one member, @DigitalGoat, did suggest BleepingComputer, to the OP. Speaking for myself, I did read about this particular piece of malware with all its variants and what it can do. I gave the best recommendation I could based on what I read, the user's particular case, and what I have witnessed with malware attacks myself. It is the same advice I give anyone who is in this particular circumstance. A sophisticated malware attack such as this involves more than just recovering the files as it is able to corrupt the OS and insert triggers that can and usually does affect the user later.
There is basically only one person in the world though (aside from the idiot who attacked our machines of course)
Mainstream users can not and will not seek out one lone person who can decrypt their files (who IMO is also a hacker if there is only one other than the person who inserted the malware in the first place). I'm sure his services are not free. Even if he does it out of the goodness of his heart, I would be leery of giving him access to my files. The whole idea of there being only 2 people who know how to unlock these files would be very suspicious to me. Have you ever heard of teamwork?
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 23H2 22631.4169
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 7080
    CPU
    i9-10900 10 core 20 threads
    Motherboard
    DELL 0J37VM
    Memory
    32 gb
    Graphics Card(s)
    none-Intel UHD Graphics 630
    Sound Card
    Integrated Realtek
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    1tb Solidigm m.2 nvme+256gb SKHynix m.2 nvme /External +512gb Samsung m.2 sata+1tb Kingston m2.nvme
    PSU
    500w
    Case
    MT
    Cooling
    Dell Premium
    Keyboard
    Logitech wired
    Mouse
    Logitech wireless
    Internet Speed
    so slow I'm too embarrassed to tell
    Browser
    Firefox
    Antivirus
    Defender+MWB Premium
  • Operating System
    Windows 10 Pro 22H2 19045.3930
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 9020
    CPU
    i7-4770
    Memory
    24 gb
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    256 gb Toshiba BG4 M.2 NVE SSB and 1 tb hdd
    PSU
    500w
    Case
    MT
    Cooling
    Dell factory
    Mouse
    Logitech wireless
    Keyboard
    Logitech wired
    Internet Speed
    still not telling
    Browser
    Firefox
    Antivirus
    Defender+MWB Premium
I am in the EXACT same boat and my computer was attacked almost at the exact same time it seems as yours. I noticed it as it was happening though and quickly pulled the power plug from the back of the machine. Over 70k of my files now have the .DcRAT file extension. 😕 Strangely, there was not one ransome note left anywhere on my medicine... did you have one left on yours? Perhaps I interrupted the process before it was complete and that's why.

I do have some potentially positive news though! Despite what several of the apparently misinformed and unaware persons above have stated this ransomware can in fact be decrypted. There is basically only one person in the world though (aside from the idiot who attacked our machines of course) who can help us. He's just a nice guy with a special gift who helps people in his spare time. You need to contact him via the bleepingcomputer.com forum and/or visit the ID-Ransomware site and upload one of the encrypted files and it will identify the type of ransomware (DcRAT, which is apparently a variant of Lime ransomware, which is a variant of HiddenTear ransomware.) and it will direct you to this Twitter thread and basically tell you to DM/message Michael and take a number and wait patiently.

Here is the Bleeping Computer site forum topic discussing this particular malware where you can also try to contact Michael/you can see my message to him here as well: Lime-Rat (HiddenTear) Ransomware Support Topic - Page 3 - Ransomware Help & Tech Support

Another potentially but probably not very helpful resource unfortunately is this decryptor tool that Michael already made for HiddenTear ransomware and its spawned variants but I ran this for over 8 hours and it didn't work for me so I'm not sure that it will work for you either but give it a try!

That Dark Crystal DCRat malware thing that someone else above linked to is actually something different than what we are dealing with, though I thought the same thing myself at first. Actually, the source code and sketchy sales site for @$$hole "hackers" to buy the tools that were used to infect our computers are located here and here. I don't think there's any benefit to reaching out to any of the sketchy people at those websites and I don't think that downloading their software is a good idea either and would be pointless anyway because we still wouldn't have the specific encryption key that was generated when whatever terrible person took over our machines.

Hopefully this information is helpful for you. I've been waiting since Friday now for this Michael person to respond and it might be a while before he's able to help it seems unfortunately :-(.

Yes yes, make sure you always have a quality backup system in place, blah blah blah. ✅ Also everyone else above should become a little more educated before they chime in and say things that aren't quite the case here. There is possibly a chance that your files can be decrypted... fingers crossed! 🤞🏻

A: You didn’t read everyone’s comment, so don’t say everyone. B: Yes, decrypting may be possible, but usually it is not possible.
 

My Computer

System One

  • OS
    Windows 11 Pro 23H2 (22631.3155)
    Computer type
    PC/Desktop
    CPU
    AMD Ryzen 5 5600X
    Motherboard
    Asus TUF Gaming B550-Plus
    Memory
    Kingston 16GB (2 x 8GB) DDR4 3200MHz
    Graphics Card(s)
    Gigabyte Radeon RX 580 AORUS 8GB GDDR5
    Monitor(s) Displays
    Samsung
    Screen Resolution
    1920X11080
    Hard Drives
    Samsung 970 EVO Plus NVMe M.2 500GB (OS)
    Samsung 980 NVMe 1TB (Games)
    Samsung 860 EVO 250GB
    Samsung 850 EVO 250GB (Music)
    PSU
    Super Flower / Leadex 750W 80Plus Titanium
    Cooling
    SilentiumPC Fortis 3 HE1425 v2
    Keyboard
    Logitech K520
    Mouse
    Logitech G700S
    Internet Speed
    50mbps/10mbps
    Browser
    Firefox, Chrome, Edge, Opera
    Antivirus
    Windows Defender
Back
Top Bottom