I would like to warn everyone who has decided to pay ransom to decrypt your data to contact address openpgp@foxmail.com. Behind this malware there is Crysis/Dharma, distributed through remote access systems.
Unfortunately we have already received several emails where people complain that they have paid requested ransom ($3000) but did not receive keys to decrypt data.
I wanted to warn everyone whose data was encrypted with this malware not to pay ransom as there will be no keys sent to you anyway.
This ransomware is used in most cases to decrypt files from 1C software and rename them into
id-XXXXX.[openpgp@foxmail.com].pgp.
As a proactive measure I would recommend to use a reliable protection (Avira and other free antivirus software do not seem to detect it). The most reliable antivirus against it is Kaspersky Internet security.
It is also very important to make periodic backups of your data and store it in a protected cloud. Only secure configuration of your system and backup can help you against ransomware attacks.
