Virus that encrypts files with a .zzzzzzzz extension

[germangastell]

Hi good day. It is a new virus that extorts the user. I got infected wanting to install a free game, when in reality what I was installing was a virus that encrypted me a large part of my files (a large part and not all because I could stop it with Rkill, since the virus had also blocked my administrator of tasks). It just happened in a few days that I was ordering and I did not have my files backed up (I always recommend having a backup of what is important and 2 of the most important). The issue is that I want to decrypt my files and would like to know what I have to do? I have been reading a lot and apparently what I have to do, besides disinfecting, is to wait for a specific decryptor to be published for this virus, as they have done with similar ones and they do it regularly. Examples are:

https://www.avast.com/ransomware-decryption-tools&xid=17259,15700022,15700124,15700186,15700191,15700201,15700237,15700248&usg=ALkJrhhuhuwJKoncaBFDAE81W49XHRQx-g

https://success.trendmicro.com/solution/1114221-downloading-and-using-the-trend-micro-ransomware-file-decryptor&xid=17259,15700022,15700124,15700186,15700191,15700201,15700237,15700248&usg=ALkJrhioo59qG8cJnWQe_VQ7flo5zGQq1A

https://decrypter.emsisoft.com/&xid=17259,15700022,15700124,15700186,15700191,15700201,15700237,15700248&usg=ALkJrhhiI7BbjdwBjIQeL6wYKdkQPpHjXw

https://noransom.kaspersky.com/&xid=17259,15700022,15700124,15700186,15700191,15700201,15700237,15700248&usg=ALkJrhg5jZrqwzP-yjCrQoyOJqQJ1M8qBg

Here I leave the link of the "game" that I downloaded:

https://thehiddenbay.com/torrent/17026182/Counter-Strike_Global_Offensive_v1.35.6.6__AutoUpdate__Multilang

or magnet

magnet:?xt=urn:btih:39ed4c44fdbf6a2e2c14a2d54771b59cb2eb709f&dn=Counter-Strike+Global+Offensive+v1.35.6.6+%2BAutoUpdate+%2BMultilang&tr=udp%3A%2F%2Ftracker.leechers-paradise.org%3A6969&tr=udp%3A%2F%2Fzer0day.ch%3A1337&tr=udp%3A%2F%2Fopen.demonii.com%3A1337&tr=udp%3A%2F%2Ftracker.coppersurfer.tk%3A6969&tr=udp%3A%2F%2Fexodus.desync.com%3A6969

In addition, I would like to consult the following:
With that information, could a software be made to decrypt the files?
Would it be like the ones published on the page? Otherwise, what do I need to make software for that?
Should I lose hope of recovering my encrypted things?
Do you need me to send you an encrypted file so you can see how it is encrypted?
When could a tool be developed for decryption (free or reasonable)?
How much time does it usually take since the new scarab version is detected until a new decryptor is published (if it works like this)?

Thank you very much for your attention and goodwill.

Greetings.

[Pondus]

before running files you download, it is a smart move to upload and test it at www.virustotal.com
Note the analyzis date, if old (cached result) click the blue button at top right and select rescan for a fresh result


No More Ransome  >>  https://www.nomoreransom.org/

ID Ransomware  >>  https://id-ransomware.malwarehunterteam.com/

How much time does it usually take since the new scarab version is detected until a new decryptor is published (if it works like this)?

Anything from days to never     .... depends on the encryption

[germangastell]

Thanks for the info!
This is the result of ID-Ransomware:

Scarab
This ransomware can be decryptable in certain circumstances.
Please see the appropriate guide for more information.

Identified by

ransomnote_email: rohitramses@tutanota.com
ransomnote_bitmessage: BM-2cSzfawmdGKeT8ny99qtMeiGb27TcVBJXz

The other link I'm investigating.

How could I create a software to decrypt? What knowledge do I need?
Do you know anyone who can help me?

Thank you.

[Pondus]

How could I create a software to decrypt? What knowledge do I need?

The smartest computer geeks working at antivirus labs around the world are fighting this and not something you can learn in a week or two

Do you know anyone who can help me?

Yepp, i just gave you link to those who can help

[germangastell]

Hi good day. Thanks for your answer.
I can not communicate with the staff of https://www.nomoreransom.org/ and when uploading the files that require the page, a new page appears showing only the languages ​​in which I want to view the page, so I do not know if I have my files I can not communicate with anyone
I would like to know if I would like it.

Thank you.
regards