Help Identifying Ransomware Type

Hello all. First time post. I was hoping that someone might be able to assist me in identifying the Ransom ware that one of our machines was hit with. Every filename has been replaced with a hexadecimal number and a .TEST extension. Your time and assistance would be greatly appreciated. Thank you. Peter

https://www.nomoreransom.org

Good luck…!!

ID Ransomware >> https://id-ransomware.malwarehunterteam.com/

Thank you both for chiming in. It appears that there is no decryption method available at the present time. This is the result of my file submission.

Sorry! We don’t yet have a solution to help you but we are actively looking for it.

You’re welcome. Btw, no backups…!??

Well, here’s the thing. I’ll preface what I’m about to say with: “I’m a little OCD when it comes to backups” BUT

My clients are all domain-joined (Windows Server 2012 Essentials). However, the files (Word/Excel) that they access are located on a NAS. These get backed up to external hard disks which are hooked up to the NAS. In addition, I backup same files locally to a separate workstation in the office. Once that backup is made I will FTP that zipped backup offsite via SFTP to our hosting company. This happens every single night.

What I didn’t see coming was that the owner of the firm began saving all of his personal material to his own machine. I, on numerous occasions have warned all users in the office that this was bad practice. Lo and Behold!

So, I have yanked the infected hard drive and replaced it with full O/S install. I was hoping for a way to decrypt the files on the infected drive which I can access once placed in a drive caddy. One day perhaps.

My apologies for the long-winded response. Peter