Please note that these free tools are provided as-is and without warranty of any kind. The tools may only work with specific ransomware versions, and may not work with versions that were released after a tool was created. Technical support for the tools is available only to customers using a paid Emsisoft product.
Aurora is a ransomware family that encrypts files using XTEA and RSA, and may also be known as "Zorro", "Desu", or "AnimusLocker". Known extensions include ".Aurora", ".aurora", ".animus", ".ONI", ".Nano", ".cryptoid", ".peekaboo", ".isolated", ".infected", ".locked", ".veracrypt", ".masked", ".crypton", ".coronolock", ".bukyak", ".serpom", and ".systems32x".
The malware leaves many ransom notes, examples include "!-GET_MY_FILES-!.txt", "#RECOVERY-PC#.txt", and "@[email protected]". Here is an example of the note's contents:
==========================# zorro ransomware #==========================
SORRY! Your files are encrypted.
File contents are encrypted with random key.
Random key is encrypted with RSA public key (2048 bit).
We STRONGLY RECOMMEND you NOT to use any "decryption tools".
These tools can damage your data, making recover IMPOSSIBLE.
Also we recommend you not to contact data recovery companies.
They will just contact us, buy the key and sell it to you at a higher price.
If you want to decrypt your files, you need to get the RSA-key from us.
--
To obtain an RSA-key, follow these steps in order:
1. pay this sum 500$ to this BTC-purse: 18sj1xr86c3YHK44Mj2AXAycEsT2QLUFac
2. write on the e-mail [email protected] or [email protected] indicating in the letter this ID-[id] and BTC-purse, from which paid.
In the reply letter you will receive an RSA-key and instructions on what to do next.
We guarantee you the recovery of files, if you do it right.
==========================# zorro ransomware #==========================