BloodDolly released a free ECh0raixDecoder decryption tool which can find the key and decrypt old variants of ECh0raix for victims infected prior to July 17, 2019. Using this decoder, victims can brute force the decryption key for encrypted files and use it to restore them. Everyone infected after July 19, 2019 was hit with new variant. A quick way to tell if your are a victim of the new unbreakable version is if the key at the end of the ransom note is 173 characters long.
Newer versions of eCh0raix Ransomware (July 19, 2019 and later) are not decryptable without paying the ransom and obtaining the private encryption keys from the criminals who created the ransomware unless they are leaked or seized & released by authorities. Without the criminal’s master private key that can be used to decrypt your files, decryption is impossible. That usually means the private key is unique (specific) for each victim and generated in a secure way (i.e. RSA, AES, Salsa20, ChaCha20, ECDH, ECC) that cannot be brute-forced.
Note: BloodDolly updated ECh0raix Decoder (v1.0.5) so victims can use any file as a source of decryption keys, however the decoder still cannot find the decryption key for newer versions of ECh0raix. Download link and instructions provided in Post #707.
There is an ongoing discussion in this topic where victims can post comments, ask questions and seek further assistance. Other victims have been directed there to share information, experiences and suggestions.
Rather than have everyone with individual topics, it would be best (and more manageable for staff) if you posted any more questions, comments or requests for assistance in the above support topic discussion…it includes experiences by experts, IT consultants, victims and company representatives who have been affected by ransomware infections. To avoid unnecessary confusion, this topic is closed.
The BC Staff
Windows Insider MVP 2017-2020
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015
Member of UNITE, Unified Network of Instructors and Trusted Eliminators