Files encrypted by Ouroboros could be decrypted provided that we receive the files we asked for, including payment instructions dropped by Ouroboros (we received only Phobos instructions) as well as the Ouroboros ransomware itself from the machine. Now I understand what you mean by the sample, however, we need the exact ransomware sample that was run on the machine; any other even slightly modified variant could not be used to create a decryptor. Unfortunately since real-time protection was effectively disabled at the time of encryption, we don't have any metadata that we could use to find it ourselves.

Decryptor for Lazarus (Ouroboros) Ransomware

DOWNLOAD: https://vittuv.com/2vDCrm

2ff7e9595c