Ransonware *.DcRat encrypted files


J3trooper

New member
Local time
4:29 AM
Posts
1
OS
Windows 11
My computer has been infected with Ransonware. All my files have been encrypted with the file extension *.DcRat
I have reinstalled windows 11 but now need to decrypt my files
Has anyone any experience at decrypting these files?
 

My Computer

System One

  • OS
    Windows 11

Nobody

Active member
Member
Local time
6:29 AM
Posts
114
OS
Windows 11 Pro 21H2 (22000.778)

My Computer

System One

  • OS
    Windows 11 Pro 21H2 (22000.778)
    Computer type
    PC/Desktop
    CPU
    AMD Ryzen 5 5600X
    Motherboard
    Asus TUF Gaming B550-Plus
    Memory
    Kingston 16GB (2 x 8GB) DDR4 3200MHz
    Graphics Card(s)
    Gigabyte Radeon RX 580 AORUS 8GB GDDR5
    Monitor(s) Displays
    Samsung
    Screen Resolution
    1920X11080
    Hard Drives
    Samsung 970 EVO Plus NVMe M.2 500GB (OS)
    Samsung 980 NVMe 1TB (Games)
    Samsung 860 EVO 250GB
    Samsung 850 EVO 250GB (Music)
    PSU
    Super Flower / Leadex 750W 80Plus Titanium
    Cooling
    SilentiumPC Fortis 3 HE1425 v2
    Keyboard
    Logitech K520
    Mouse
    Logitech G700S
    Internet Speed
    50mbps/10mbps
    Browser
    Firefox, Chrome, Edge, Opera
    Antivirus
    Windows Defender

jimbo45

Well-known member
Power User
VIP
Local time
3:29 AM
Posts
1,643
Location
Hafnarfjörður IS
OS
Windows XP,7,10,11 Linux Arch Linux
Did you ever take any backups.

Nobody should ever be allowed to use a computer where they have valuable data without first learning about and performing a backup of the OS and data files up at least once.

If you have a proper uncontaminated backup simply remove every external connection to computer, including internet, clean format the disk -- proper format i.e write X'00" (Hex Zero) ; to every physical sector on HDD, then create new File system (windows NTFS or whatever), and restore OS and data.

If you haven't -- then maybe a hard lesson - so next time you know what to do especially as there are so many decent FREE backup programs around. Most people here use Macrium but there are others.

Cheers
jimbo
 

My Computer

System One

  • OS
    Windows XP,7,10,11 Linux Arch Linux
    Computer type
    PC/Desktop
    CPU
    2 X Intel i7

glasskuter

Well-known member
Power User
VIP
Local time
10:29 PM
Posts
1,849
Location
The Lone Star State of Texas
OS
Windows 11 Pro 21H2 22000.778
Sorry to be the bearer of bad news, but once ransomware gets hold of your system, the files can not be decrypted. You have 2 choices; restore from a backup if you have one, or do a clean install of windows. Make sure ALL partitions on the drive are deleted and uninstall in unallocated space.
Be sure to change all your passwords immediately and monitor your financials. I would also contact any financial institution and advise them of it as that particular piece of malware is especially invasive. DO NOT PAY HACKERS ONE RED CENT.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 21H2 22000.778
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 7080
    CPU
    i9-10900
    Memory
    32 gb
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    256 m.2 2230-256+1 tb hdd
    PSU
    500w
    Case
    MT
    Cooling
    Dell Premium
    Keyboard
    Logitech wired
    Mouse
    Logitech wireless
    Browser
    Firefox
    Antivirus
    Defender+MWB Premium
  • Operating System
    Windows 10 Pro 21H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 9020
    CPU
    i7-4770
    Memory
    24 gb
    Screen Resolution
    2560x1440
    Hard Drives
    256 gb Toshiba BG4 M.2 NVE SSB and 1 tb hdd
    PSU
    500w
    Case
    MT
    Cooling
    standard
    Mouse
    Logitech wireless
    Keyboard
    Logitech wired
    Antivirus
    Defender+MWB Premium

CornishRattler

Well-known member
Pro User
VIP
Local time
4:29 AM
Posts
1,737
Location
Cornwall UK
OS
Windows 11 Pro Beta, 11 Dev, W10 VHDX Triple Boot
Do we need to start the conversation about the vital importance of backing up again?
@J3trooper sorry for your loss, it is almost certainly a loss
 

My Computer

System One

  • OS
    Windows 11 Pro Beta, 11 Dev, W10 VHDX Triple Boot
    Computer type
    Laptop
    Manufacturer/Model
    Dell Alienware M15 Ryzen Edition R6
    CPU
    AMD Ryzen™ 9 5900HX
    Memory
    32GB
    Graphics Card(s)
    NVIDIA® GeForce RTX™ 3070 8GB GDDR6
    Hard Drives
    1 x Samsung 980 Pro 1TB
    1 x Samsung 970 Evo Plus 1TB

glasskuter

Well-known member
Power User
VIP
Local time
10:29 PM
Posts
1,849
Location
The Lone Star State of Texas
OS
Windows 11 Pro 21H2 22000.778
free decryption tools
Those tools are each designed for only ONE ransomware variant.
EDIT: And I have never known them to work.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 21H2 22000.778
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 7080
    CPU
    i9-10900
    Memory
    32 gb
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    256 m.2 2230-256+1 tb hdd
    PSU
    500w
    Case
    MT
    Cooling
    Dell Premium
    Keyboard
    Logitech wired
    Mouse
    Logitech wireless
    Browser
    Firefox
    Antivirus
    Defender+MWB Premium
  • Operating System
    Windows 10 Pro 21H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 9020
    CPU
    i7-4770
    Memory
    24 gb
    Screen Resolution
    2560x1440
    Hard Drives
    256 gb Toshiba BG4 M.2 NVE SSB and 1 tb hdd
    PSU
    500w
    Case
    MT
    Cooling
    standard
    Mouse
    Logitech wireless
    Keyboard
    Logitech wired
    Antivirus
    Defender+MWB Premium

glasskuter

Well-known member
Power User
VIP
Local time
10:29 PM
Posts
1,849
Location
The Lone Star State of Texas
OS
Windows 11 Pro 21H2 22000.778
Do we need to start the conversation about the vital importance of backing up again?
It won't do any good. I have preached it to my customers for years and until one gets bitten and learns the hard way, they do not think it can happen to them.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 21H2 22000.778
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 7080
    CPU
    i9-10900
    Memory
    32 gb
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    256 m.2 2230-256+1 tb hdd
    PSU
    500w
    Case
    MT
    Cooling
    Dell Premium
    Keyboard
    Logitech wired
    Mouse
    Logitech wireless
    Browser
    Firefox
    Antivirus
    Defender+MWB Premium
  • Operating System
    Windows 10 Pro 21H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 9020
    CPU
    i7-4770
    Memory
    24 gb
    Screen Resolution
    2560x1440
    Hard Drives
    256 gb Toshiba BG4 M.2 NVE SSB and 1 tb hdd
    PSU
    500w
    Case
    MT
    Cooling
    standard
    Mouse
    Logitech wireless
    Keyboard
    Logitech wired
    Antivirus
    Defender+MWB Premium

Nobody

Active member
Member
Local time
6:29 AM
Posts
114
OS
Windows 11 Pro 21H2 (22000.778)
That tool was designed in 2019 for only ONE ransomware variant.

There are more than 50 tools for different ransomware. In addition, there is more on the Internet. Of course, it is unlikely that the files will be recovered. But it's not a big hassle to try. :)
 

My Computer

System One

  • OS
    Windows 11 Pro 21H2 (22000.778)
    Computer type
    PC/Desktop
    CPU
    AMD Ryzen 5 5600X
    Motherboard
    Asus TUF Gaming B550-Plus
    Memory
    Kingston 16GB (2 x 8GB) DDR4 3200MHz
    Graphics Card(s)
    Gigabyte Radeon RX 580 AORUS 8GB GDDR5
    Monitor(s) Displays
    Samsung
    Screen Resolution
    1920X11080
    Hard Drives
    Samsung 970 EVO Plus NVMe M.2 500GB (OS)
    Samsung 980 NVMe 1TB (Games)
    Samsung 860 EVO 250GB
    Samsung 850 EVO 250GB (Music)
    PSU
    Super Flower / Leadex 750W 80Plus Titanium
    Cooling
    SilentiumPC Fortis 3 HE1425 v2
    Keyboard
    Logitech K520
    Mouse
    Logitech G700S
    Internet Speed
    50mbps/10mbps
    Browser
    Firefox, Chrome, Edge, Opera
    Antivirus
    Windows Defender

Wynona

Well-known member
Power User
VIP
Local time
10:29 PM
Posts
1,441
Location
Arkansas
OS
Windows 11 20000.613
C'mon folks! @J3trooper is in a heck of a pickle! There's no need to be harsh with him (you know who you are).

@J3trooper: Hopefully you do have a backup of your computer.

Advice from @glasskuter & @Nobody seem to be the best you've gotten so far. And no, I can't help; I wish I could.
 

My Computers

System One System Two

  • OS
    Windows 11 20000.613
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP Envy TE01-1xxx
    CPU
    ntel(R) Core(TM) i7-10700 CPU @ 2.90GHz 2.90 GHz
    Motherboard
    16.0GB Dual-Channel Unknown @ 1463MHz (21-21-21-47)
    Memory
    16384 MBytes
    Graphics Card(s)
    Intel UHD Graphics 630
    Sound Card
    Realtek High Definition Audio
    Monitor(s) Displays
    Monitor 1 - Acer 27" Monitor 2 - Acer 27"
    Screen Resolution
    1920 x 1080
    Hard Drives
    WDC PC SN530 SDBPNPZ-512G-1006 (SSD)
    Seagate ST1000DM003-1SB102
    Seagate BUP Slim SCSI Disk Device (SSD)
    PSU
    HP
    Case
    HP
    Cooling
    Standard
    Keyboard
    Logitech Wave K350
    Mouse
    Logitech M705
    Internet Speed
    100 mbps
    Browser
    Firefox
    Antivirus
    Windows Defender
    Other Info
    That's all Folks!
  • Operating System
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP
    CPU
    Intel Core i7 (10th gen) 10700
    Motherboard
    Intel
    Memory
    16 GB
    Graphics card(s)
    Intel UHD Graphics 630
    Sound Card
    Built-in
    Monitor(s) Displays
    Acer 27" & Samsung 24"
    Screen Resolution
    1920 x
    Hard Drives
    SSD (512 GB)
    HDD (1 TB)
    Seagate
    PSU
    Intel i7 10th Generation
    Case
    HP
    Cooling
    HP/Intel?
    Mouse
    Logitech M705
    Keyboard
    Logitech Wave K350
    Internet Speed
    50 mbps
    Browser
    Firefox 90.2
    Antivirus
    Windows Defender
    Other Info
    Headphone/Microphone Combo
    SuperSpeed USB Type-A (4 on front)
    HP 3-in-One Card Readr
    SuperSpeed USB Type-C
    DVD Writer

CornishRattler

Well-known member
Pro User
VIP
Local time
4:29 AM
Posts
1,737
Location
Cornwall UK
OS
Windows 11 Pro Beta, 11 Dev, W10 VHDX Triple Boot
C'mon folks! @J3trooper is in a heck of a pickle! There's no need to be harsh with him (you know who you are).

@J3trooper: Hopefully you do have a backup of your computer.

Advice from @glasskuter & @Nobody seem to be the best you've gotten so far. And no, I can't help; I wish I could.
Unless OP has a back up (I'm guessing not or he probably wouldn't be posting) or by miracle those RSW programs work then he's f*$k@d, you can't really cover said 'f*$k@d' in cream and butter to make it sweeter I'm afraid
 
Last edited:

My Computer

System One

  • OS
    Windows 11 Pro Beta, 11 Dev, W10 VHDX Triple Boot
    Computer type
    Laptop
    Manufacturer/Model
    Dell Alienware M15 Ryzen Edition R6
    CPU
    AMD Ryzen™ 9 5900HX
    Memory
    32GB
    Graphics Card(s)
    NVIDIA® GeForce RTX™ 3070 8GB GDDR6
    Hard Drives
    1 x Samsung 980 Pro 1TB
    1 x Samsung 970 Evo Plus 1TB

BrianInEngland

Active member
Member
VIP
Local time
4:29 AM
Posts
258
OS
Windows 11 Pro 22H2 (RP channel)
One of the reasons I bought the paid version of Macrium is that it makes backups that can only be accessed by itself - any attempt to write to the backup file generates an error. It uses a driver to protect itself. The cost of the full version licence for peace of mind against ransomware was well worth it.
 

My Computer

System One

  • OS
    Windows 11 Pro 22H2 (RP channel)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Gigabyte
    CPU
    AMD Ryzen 5900X 12-core
    Motherboard
    X570 Aorus Xtreme
    Memory
    32GB Corsair Platinum RGB 3600MHz
    Graphics Card(s)
    MSI Suprim X 3080 Ti
    Sound Card
    Soundblaster AE-5 Plus
    Monitor(s) Displays
    ASUS TUF Gaming VG289
    Screen Resolution
    3840x2160
    Hard Drives
    Samsung 980 Pro 2TB
    Samsung 970 Pro Plus 1TB
    Samsung 970 Pro 1TB
    Samsung T7 Touch 1TB
    PSU
    Asus ROG Strix 1000W
    Case
    Corsair D750 Airflow
    Cooling
    Noctua NH-D15S
    Keyboard
    Logitech G810
    Mouse
    Logitech G903 with PowerPlay charger

hsehestedt

Well-known member
Power User
VIP
Local time
10:29 PM
Posts
714
Location
Texas, USA
OS
Windows 11 21H2
Based upon the file name extension you are seeing, I wonder if this is what you have been infected with:


What's interesting about this is that the ransom is supposedly only $5.

Personally, I would like to say that I would never ever pay a single dime in ransom for data, especially since I have great backups (nudge, nudge, wink, wink), but I simply thought that you might want to know what your options are. If the data is important enough to you, maybe it's worth paying the $5 and considering this a cheap, forced lesson that could have potentially been a lot worse.
 

My Computers

System One System Two

  • OS
    Windows 11 21H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home Built
    CPU
    Intel i7-11700K
    Motherboard
    ASUS Prime Z590-A
    Memory
    128GB Crucial Ballistix 3200MHz DRAM
    Graphics Card(s)
    No GPU - CPU graphics only (for now)
    Sound Card
    Realtek (on motherboard)
    Monitor(s) Displays
    HP Envy 32
    Screen Resolution
    2560 x 1440
    Hard Drives
    1 x 1TB NVMe Gen 4 x 4 SSD
    1 x 2TB NVMe Gen 3 x 4 SSD
    2 x 512GB 2.5" SSDs
    2 x 8TB HD
    PSU
    Corsair HX850i
    Case
    Corsair iCue 5000X RGB
    Cooling
    Noctua NH-D15 chromax.black cooler + 10 case fans
    Keyboard
    CODE backlit mechanical keyboard
    Mouse
    Logitech MX Master 3
    Internet Speed
    300Mb down / 20Mb up
    Browser
    Chromium Edge
    Antivirus
    Windows Defender
    Other Info
    Additional options installed:
    WiFi 6E PCIe adapter
    ASUS ThunderboltEX 4 PCIe adapter
  • Operating System
    Windows 11 21H2
    Computer type
    Laptop
    Manufacturer/Model
    HP Spectre x360 15-BL012DX
    CPU
    Intel i7-7500U
    Memory
    32GB
    Graphics card(s)
    Dual Intel HD 620 and Nvidia GeForce 940MX
    Sound Card
    Built-in Realtek HD Audio
    Monitor(s) Displays
    4k 15-inch
    Screen Resolution
    4k (3840 x 2160)
    Hard Drives
    1TB Seagate FireCuda 510 NVMe SSD
    Internet Speed
    300Mb down / 20Mb up
    Browser
    Chromium Edge
    Antivirus
    Windows Defender
    Other Info
    RAM Upgraded from 16GB to 32GB WiFi Upgraded from WiFi 5 to WiFi 6 SSD upgraded from 512GB NVMe SSD to 1TB Seagate FireCuda 510 NVMe SSD

Lokien

Member
Member
Local time
5:29 AM
Posts
55
Location
The Netherlands
OS
Windows 11
Based upon the file name extension you are seeing, I wonder if this is what you have been infected with:


What's interesting about this is that the ransom is supposedly only $5.
I think you misread the article. It doesn't say anything about the ransom. It's the malicious software itself which is (supposedly) sold for just 5 bucks.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    HP
    CPU
    Intel(R) Core(TM) i5-1035G1
    Motherboard
    HP 86C9 56.33 AMI F.22

DigitalGoat

Well-known member
Member
VIP
Local time
4:29 AM
Posts
208
Location
United Kingdom
OS
Windows 11 Pro
Maybe the OP would consider contacting bleepingcomputer.com for advice, they are well versed in ransomware variants and how to go about recovering files, if possible. They have, I think, a dedicated live chat and phone options to walk people through procedures and have a lot of industry connections that could be of help.
Until the OP knows whether or not the files are recoverable I suggest affected disks are disconnected and placed in a drawer until such time as a tool for reversing that particular variant becomes available, if at all.
Of course it all depends on how important and unique the OP's data is and the lengths they are prepared to go to for recovery.
 

My Computer

System One

  • OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Scan 3XS Custom 1700
    CPU
    Intel i7-12700K 3.6GHz Base (5.0GHz Turbo)
    Motherboard
    Asus ProArt Creator B660 D4
    Memory
    64GB DDR 3600Mhz
    Graphics Card(s)
    EVGA 2060 Super
    Sound Card
    Onboard Realtek
    Monitor(s) Displays
    Gigabyte G32QC 32inch 16:9 curved @2560 x 1440p 165Hz Freesync Premium Pro/ Dell SE2422H 24inch 16:9 1920 x 1080p 75Hz Freesync
    Screen Resolution
    2560 x 1440p & 1920 x 1080p
    Hard Drives
    WD SN570 1TB NVME (Boot), Samsung 870QVO 1TB (SSD), SanDisk 3D Ultra 500Gb (SSD) x2, Seagate 3Tb Expansion Desk (Ext HDD), 2x Toshiba 1Tb P300 (Ext HDD)
    PSU
    Corsair RM1000X Modular
    Case
    Corsair 4000D Airflow Desktop
    Cooling
    Corsair Hydro H150i RGB Pro XT 360mm Liquid Cooler, 3 x 120mm fans, 1x Exhaust
    Keyboard
    Microsoft Ergonomic
    Mouse
    Logitech G402
    Internet Speed
    800Mbs
    Browser
    Edge Chromium
    Antivirus
    Defender, Malwarebytes

glasskuter

Well-known member
Power User
VIP
Local time
10:29 PM
Posts
1,849
Location
The Lone Star State of Texas
OS
Windows 11 Pro 21H2 22000.778
@J3trooper I just reread your OP and noticed that I missed where you had already reinstalled Windows. Sorry about that. May I ask what method you used? Did you use a reset with the "keep my files" option, a reset with "remove everything" or a clean install using an iso? It matters. Even though you say you reinstalled, you also ask how to decrypt the files which leads me to believe you reset using "keep my files' option.
The only way to be 100% sure the malware is not still lurking around is to do a clean install using the iso.

Hackers have gotten very sophisticated and there may be triggers inserted into one, some, or all of the infected files if they are left on your system. Besides encrypting files, this particular variant is known to insert a keylogger which can track every keystroke you make. Do not take the chance.
I do not mean to be harsh, but for the safety of you and your family, I suggest you chalk this up as a learning experience, bite the bullet and accept your files are gone, and clean install from scratch (iso) if you haven't already.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 21H2 22000.778
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 7080
    CPU
    i9-10900
    Memory
    32 gb
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    256 m.2 2230-256+1 tb hdd
    PSU
    500w
    Case
    MT
    Cooling
    Dell Premium
    Keyboard
    Logitech wired
    Mouse
    Logitech wireless
    Browser
    Firefox
    Antivirus
    Defender+MWB Premium
  • Operating System
    Windows 10 Pro 21H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 9020
    CPU
    i7-4770
    Memory
    24 gb
    Screen Resolution
    2560x1440
    Hard Drives
    256 gb Toshiba BG4 M.2 NVE SSB and 1 tb hdd
    PSU
    500w
    Case
    MT
    Cooling
    standard
    Mouse
    Logitech wireless
    Keyboard
    Logitech wired
    Antivirus
    Defender+MWB Premium

richaardvark

Member
Local time
10:29 PM
Posts
2
OS
Windows 11
My computer has been infected with Ransonware. All my files have been encrypted with the file extension *.DcRat
I have reinstalled windows 11 but now need to decrypt my files
Has anyone any experience at decrypting these files?
I am in the EXACT same boat and my computer was attacked almost at the exact same time it seems as yours. I noticed it as it was happening though and quickly pulled the power plug from the back of the machine. Over 70k of my files now have the .DcRAT file extension. 😕 Strangely, there was not one ransome note left anywhere on my medicine... did you have one left on yours? Perhaps I interrupted the process before it was complete and that's why.

I do have some potentially positive news though! Despite what several of the apparently misinformed and unaware persons above have stated this ransomware can in fact be decrypted. There is basically only one person in the world though (aside from the idiot who attacked our machines of course) who can help us. He's just a nice guy with a special gift who helps people in his spare time. You need to contact him via the bleepingcomputer.com forum and/or visit the ID-Ransomware site and upload one of the encrypted files and it will identify the type of ransomware (DcRAT, which is apparently a variant of Lime ransomware, which is a variant of HiddenTear ransomware.) and it will direct you to this Twitter thread and basically tell you to DM/message Michael and take a number and wait patiently.

Here is the Bleeping Computer site forum topic discussing this particular malware where you can also try to contact Michael/you can see my message to him here as well: Lime-Rat (HiddenTear) Ransomware Support Topic - Page 3 - Ransomware Help & Tech Support

Another potentially but probably not very helpful resource unfortunately is this decryptor tool that Michael already made for HiddenTear ransomware and its spawned variants but I ran this for over 8 hours and it didn't work for me so I'm not sure that it will work for you either but give it a try!

That Dark Crystal DCRat malware thing that someone else above linked to is actually something different than what we are dealing with, though I thought the same thing myself at first. Actually, the source code and sketchy sales site for @$$hole "hackers" to buy the tools that were used to infect our computers are located here and here. I don't think there's any benefit to reaching out to any of the sketchy people at those websites and I don't think that downloading their software is a good idea either and would be pointless anyway because we still wouldn't have the specific encryption key that was generated when whatever terrible person took over our machines.

Hopefully this information is helpful for you. I've been waiting since Friday now for this Michael person to respond and it might be a while before he's able to help it seems unfortunately :-(.

Yes yes, make sure you always have a quality backup system in place, blah blah blah. ✅ Also everyone else above should become a little more educated before they chime in and say things that aren't quite the case here. There is possibly a chance that your files can be decrypted... fingers crossed! 🤞🏻
 
Last edited:

My Computer

System One

  • OS
    Windows 11

Devlin1888

"RockHardSemi"
Power User
VIP
Local time
4:29 AM
Posts
883
Location
Scotland
OS
Windows 11 Education Build 22483.1011 Developer Build
Im afraid unless you run with the back up everyday/every time you touch something on you're pc crew all the backup brigade are gonna do is tell you to backup and why you're stupid for not backing up and not to touch a PC unless you do this.
Around 15 years no back ups no fails. Don't be stupid and 99% of the time you shoulnd't need it. If you need it, Chances are you're touching crap you dont know about and need it to bail you out, User error is at the center of alot more than most people will be willing to admit, Because people don't like admitting they're wrong or made a mistake( Again learn before you touch, Thus not needing a get out of jail free card as often/if ever)
Useful to have of course but some people make it sound like theres a gun being held to you're head, It aint a bomb thats gonna explode.
They also can be decrypted, It is possible. Not Saying it will happen for you but its most certainly possible.
Good luck getting it sorted, I hope the Ultra secure backup people aren't too harsh :)
 

My Computer

System One

  • OS
    Windows 11 Education Build 22483.1011 Developer Build
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom
    CPU
    i7 10700k@5.2
    Motherboard
    Gigabyte Gaming X Z490
    Memory
    16GB Viper Steel Series 3200mhz
    Graphics Card(s)
    Gigabyte RTX2070 Super X OC Windforce
    Monitor(s) Displays
    ASUS TUF Gaming 3840X2160 Benq Gl2250 1920x1080
    Screen Resolution
    4K/1600/1440/1080
    Hard Drives
    M.2 - ADATA SX8200 Pro 1TB
    SSD - Samsung 860 evo
    PSU
    Corsair 650w
    Case
    NZXT S340 Elite
    Cooling
    Cooler Master Hyper 212 RGB Black Edition
    Keyboard
    Razer Ornata Chroma
    Mouse
    Steel Series Rival 710
    Internet Speed
    50mbs
    Browser
    Opera GX
    Antivirus
    Windows Defender
    Other Info
    Logitech g29+Pedals+Shifter

glasskuter

Well-known member
Power User
VIP
Local time
10:29 PM
Posts
1,849
Location
The Lone Star State of Texas
OS
Windows 11 Pro 21H2 22000.778
misinformed and unaware persons
everyone else above should become a little more educated before they chime in and say things that aren't quite the case here.
Young grasshopper, Welcome to the forum. I must say you are very unfair in your assessment of the merit of the volunteers here. If I'm reading correctly, I believe one member, @DigitalGoat, did suggest BleepingComputer, to the OP. Speaking for myself, I did read about this particular piece of malware with all its variants and what it can do. I gave the best recommendation I could based on what I read, the user's particular case, and what I have witnessed with malware attacks myself. It is the same advice I give anyone who is in this particular circumstance. A sophisticated malware attack such as this involves more than just recovering the files as it is able to corrupt the OS and insert triggers that can and usually does affect the user later.
There is basically only one person in the world though (aside from the idiot who attacked our machines of course)
Mainstream users can not and will not seek out one lone person who can decrypt their files (who IMO is also a hacker if there is only one other than the person who inserted the malware in the first place). I'm sure his services are not free. Even if he does it out of the goodness of his heart, I would be leery of giving him access to my files. The whole idea of there being only 2 people who know how to unlock these files would be very suspicious to me. Have you ever heard of teamwork?
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 21H2 22000.778
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 7080
    CPU
    i9-10900
    Memory
    32 gb
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    256 m.2 2230-256+1 tb hdd
    PSU
    500w
    Case
    MT
    Cooling
    Dell Premium
    Keyboard
    Logitech wired
    Mouse
    Logitech wireless
    Browser
    Firefox
    Antivirus
    Defender+MWB Premium
  • Operating System
    Windows 10 Pro 21H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 9020
    CPU
    i7-4770
    Memory
    24 gb
    Screen Resolution
    2560x1440
    Hard Drives
    256 gb Toshiba BG4 M.2 NVE SSB and 1 tb hdd
    PSU
    500w
    Case
    MT
    Cooling
    standard
    Mouse
    Logitech wireless
    Keyboard
    Logitech wired
    Antivirus
    Defender+MWB Premium

Nobody

Active member
Member
Local time
6:29 AM
Posts
114
OS
Windows 11 Pro 21H2 (22000.778)
I am in the EXACT same boat and my computer was attacked almost at the exact same time it seems as yours. I noticed it as it was happening though and quickly pulled the power plug from the back of the machine. Over 70k of my files now have the .DcRAT file extension. 😕 Strangely, there was not one ransome note left anywhere on my medicine... did you have one left on yours? Perhaps I interrupted the process before it was complete and that's why.

I do have some potentially positive news though! Despite what several of the apparently misinformed and unaware persons above have stated this ransomware can in fact be decrypted. There is basically only one person in the world though (aside from the idiot who attacked our machines of course) who can help us. He's just a nice guy with a special gift who helps people in his spare time. You need to contact him via the bleepingcomputer.com forum and/or visit the ID-Ransomware site and upload one of the encrypted files and it will identify the type of ransomware (DcRAT, which is apparently a variant of Lime ransomware, which is a variant of HiddenTear ransomware.) and it will direct you to this Twitter thread and basically tell you to DM/message Michael and take a number and wait patiently.

Here is the Bleeping Computer site forum topic discussing this particular malware where you can also try to contact Michael/you can see my message to him here as well: Lime-Rat (HiddenTear) Ransomware Support Topic - Page 3 - Ransomware Help & Tech Support

Another potentially but probably not very helpful resource unfortunately is this decryptor tool that Michael already made for HiddenTear ransomware and its spawned variants but I ran this for over 8 hours and it didn't work for me so I'm not sure that it will work for you either but give it a try!

That Dark Crystal DCRat malware thing that someone else above linked to is actually something different than what we are dealing with, though I thought the same thing myself at first. Actually, the source code and sketchy sales site for @$$hole "hackers" to buy the tools that were used to infect our computers are located here and here. I don't think there's any benefit to reaching out to any of the sketchy people at those websites and I don't think that downloading their software is a good idea either and would be pointless anyway because we still wouldn't have the specific encryption key that was generated when whatever terrible person took over our machines.

Hopefully this information is helpful for you. I've been waiting since Friday now for this Michael person to respond and it might be a while before he's able to help it seems unfortunately :-(.

Yes yes, make sure you always have a quality backup system in place, blah blah blah. ✅ Also everyone else above should become a little more educated before they chime in and say things that aren't quite the case here. There is possibly a chance that your files can be decrypted... fingers crossed! 🤞🏻

A: You didn’t read everyone’s comment, so don’t say everyone. B: Yes, decrypting may be possible, but usually it is not possible.
 

My Computer

System One

  • OS
    Windows 11 Pro 21H2 (22000.778)
    Computer type
    PC/Desktop
    CPU
    AMD Ryzen 5 5600X
    Motherboard
    Asus TUF Gaming B550-Plus
    Memory
    Kingston 16GB (2 x 8GB) DDR4 3200MHz
    Graphics Card(s)
    Gigabyte Radeon RX 580 AORUS 8GB GDDR5
    Monitor(s) Displays
    Samsung
    Screen Resolution
    1920X11080
    Hard Drives
    Samsung 970 EVO Plus NVMe M.2 500GB (OS)
    Samsung 980 NVMe 1TB (Games)
    Samsung 860 EVO 250GB
    Samsung 850 EVO 250GB (Music)
    PSU
    Super Flower / Leadex 750W 80Plus Titanium
    Cooling
    SilentiumPC Fortis 3 HE1425 v2
    Keyboard
    Logitech K520
    Mouse
    Logitech G700S
    Internet Speed
    50mbps/10mbps
    Browser
    Firefox, Chrome, Edge, Opera
    Antivirus
    Windows Defender
Top Bottom