C77L/X77C Ransomware (.[<email>].[random 8]; .[ID-random 8][<email>]) Support

New variant reported with .[random 10].[random 8] extension (#Restore-My-Files.txt)

.p9MQtIBw6X.OXOfUbfa

Hello, help me find a decryptor. There are examples of two encrypted and unencrypted files. And the extortionist's note.

https://drive.google.com/drive/folders/1VmAxvcVfPTRpfCjk4G3nQiug_Hwa8l7B?usp=sharing

Hello, help me find a decryptor. There are examples of two encrypted and unencrypted files. And the extortionist's note.

Your encrypted files

.[ID-C282F1FD][Evoteam.sup@gmail.com].14z = .[ID-random 8][<email>].14z

What is the actual name of the ransom note?

This looks to be a new variant of C77L/X77C Ransomware most of which will have an .[ID-random 8 char][<email>.[random 3 char], an .[<email>].[random 8 char], or a .[random 10].[random 8 char] extension appended to the end of the encrypted data filename and typically will leave files (ransom notes) named #Recover-Files.txt, #Restore-My-Files.txt, READ-ME.txt, READ-ME-Nullhexxx.txt. These are some examples.

.[ID-BAE12624][recovery-data09@protonmail.com].mz4
.[ID-80587FD8][Dm_for_decrypt@protonmail.com].3yk
.[ID-9A7BE444][Decryptorkrypt@gmail.com].nb0
.[ID-646633FB][carolcarol0014410@gmail.com].1qb
.[ID-8430E697][SuppDecFile@gmail.com].958
.[nullhex@2mail.co].8AA60918
.[mrdarkness@onionmail.org].40D5BF0A 
.p9MQtIBw6X.OXOfUbfa

actual name of the ransom note

#Restore-My-Files.txt

 

@Jimmy00315

The encryption is secure and the criminal's master private keys (AES session key) are needed for decryption. Without the criminal's master private key (session key)s, decryption is impossible.

I have merged your topic into the primary support topic for victims of this ransomware. When or if a decryption solution is available it will provided here. 

New variant reported with .9pf extension (#Restore-My-Files.txt)

[ID-C4D676C5][SuppDecFile@gmail.com].9pf

Please tell me, how much money does a scammer ask for a decoder?

The price most likely will vary, however, most security experts will advise against paying the ransom demands, negotiating a payment with the criminals or using a data recovery service. I explain why in this topic (Post #17) which includes victim experiences. Also read my comments here (Post #2) for more victim experiences and information as to what we know about those who claim they can decrypt data (including scammers, data recovery services and the criminals).

Does anyone have any experience interacting with data recovery issues through this website?
https://lockbitdecryptor.com/decrypt-c77l-ransomware/

Does anyone have any experience interacting with data recovery issues through this website?
https://lockbitdecryptor.com/decrypt-c77l-ransomware/

They are scammers and middlemen.

They don't even hesitate to mention the BC forum and my GitHub repository.

But as an expert, I can tell you that without the help of attackers, they won't be able to decrypt your files

Adding to rivitna's expert advice, you may want to read What we know about those who claim they can decrypt data (Post #2), including scammers, the criminals and data recovery services.
 
Do not let yourself be victimized twice.