Welcome to ElevenForum, @richaardvark.I am in the EXACT same boat and my computer was attacked almost at the exact same time it seems as yours. I noticed it as it was happening though and quickly pulled the power plug from the back of the machine. Over 70k of my files now have the .DcRAT file extension.Strangely, there was not one ransome note left anywhere on my medicine... did you have one left on yours? Perhaps I interrupted the process before it was complete and that's why.
I do have some potentially positive news though! Despite what several of the apparently misinformed and unaware persons above have stated this ransomware can in fact be decrypted. There is basically only one person in the world though (aside from the idiot who attacked our machines of course) who can help us. He's just a nice guy with a special gift who helps people in his spare time. You need to contact him via the bleepingcomputer.com forum and/or visit the ID-Ransomware site and upload one of the encrypted files and it will identify the type of ransomware (DcRAT, which is apparently a variant of Lime ransomware, which is a variant of HiddenTear ransomware.) and it will direct you to this Twitter thread and basically tell you to DM/message Michael and take a number and wait patiently.
Here is the Bleeping Computer site forum topic discussing this particular malware where you can also try to contact Michael/you can see my message to him here as well: Lime-Rat (HiddenTear) Ransomware Support Topic - Page 3 - Ransomware Help & Tech Support
Another potentially but probably not very helpful resource unfortunately is this decryptor tool that Michael already made for HiddenTear ransomware and its spawned variants but I ran this for over 8 hours and it didn't work for me so I'm not sure that it will work for you either but give it a try!
That Dark Crystal DCRat malware thing that someone else above linked to is actually something different than what we are dealing with, though I thought the same thing myself at first. Actually, the source code and sketchy sales site for @$$hole "hackers" to buy the tools that were used to infect our computers are located here and here. I don't think there's any benefit to reaching out to any of the sketchy people at those websites and I don't think that downloading their software is a good idea either and would be pointless anyway because we still wouldn't have the specific encryption key that was generated when whatever terrible person took over our machines.
Hopefully this information is helpful for you. I've been waiting since Friday now for this Michael person to respond and it might be a while before he's able to help it seems unfortunately :-(.
Yes yes, make sure you always have a quality backup system in place, blah blah blah.Also everyone else above should become a little more educated before they chime in and say things that aren't quite the case here. There is possibly a chance that your files can be decrypted... fingers crossed!
Good information has been given by @glasskuter, @Nobody and @DigitalGoat.
BTW, from everything I have seen so far, DC Rat isn't Ransomware; it's especially complicated malware. Thing is, with this type of malware, it's not going to be easy to fight off, and with the many variables out there, it's not going to be easy to find something that will work.
Bottom line for me: Don't discount anyone trying to help. No one has the final word on how to get rid of this malware. Not you, not I, not anyone!
Lastly, I find it pretty scary to actually depend on someone who is supposed to be the only one who knows how to get rid of DC Rat.
FURTHERMORE! Why hasn't he/she published the information on how to get rid of DC Rat online as far and wide as possible!?! I know that if I could figure it out, my conscience wouldn't leave me alone until I published documentation on how to resolve the problem!
So, I look at only "one" individual being able to handle this malware with skepticism!
My Computers
System One System Two
-
- OS
- Windows 11 23H2 22631.2861
- Computer type
- PC/Desktop
- Manufacturer/Model
- HP Envy TE01-1xxx
- CPU
- Intel(R) Core(TM) i7-10700 CPU @ 2.90GHz 2.90 GHz
- Motherboard
- 16.0GB Dual-Channel Unknown @ 1463MHz (21-21-21-47)
- Memory
- 16384 MBytes
- Graphics Card(s)
- Intel UHD Graphics 630
- Sound Card
- Realtek High Definition Audio
- Monitor(s) Displays
- Monitor 1 - Acer 27" Monitor 2 - Acer 27"
- Screen Resolution
- 1920 x 1080
- Hard Drives
- WDC PC SN530 SDBPNPZ-512G-1006 (SSD)
Seagate ST1000DM003-1SB102
Seagate BUP Slim SCSI Disk Device (SSD)
- PSU
- HP
- Case
- HP
- Cooling
- Standard
- Keyboard
- Logitech Wave K350
- Mouse
- Logitech M705
- Internet Speed
- 500 mbps
- Browser
- Firefox
- Antivirus
- Windows Defender
- Other Info
- That's all Folks!
-
- Operating System
- Windows 11
- Computer type
- PC/Desktop
- Manufacturer/Model
- HP
- CPU
- Intel Core i7 (10th gen) 10700
- Motherboard
- Intel
- Memory
- 16 GB
- Graphics card(s)
- Intel UHD Graphics 630
- Sound Card
- Built-in
- Monitor(s) Displays
- Acer 27" & Samsung 24"
- Screen Resolution
- 1920 x
- Hard Drives
- SSD (512 GB)
HDD (1 TB)
Seagate
- PSU
- Intel i7 10th Generation
- Case
- HP
- Cooling
- HP/Intel?
- Mouse
- Logitech M705
- Keyboard
- Logitech Wave K350
- Internet Speed
- 50 mbps
- Browser
- Firefox 90.2
- Antivirus
- Windows Defender
- Other Info
- Headphone/Microphone Combo
SuperSpeed USB Type-A (4 on front)
HP 3-in-One Card Readr
SuperSpeed USB Type-C
DVD Writer
