Cry128 belongs to the CryptON/Nemesis ransomware family that is mostly used for targetted attacks via RDP. Files are encrypted using a customized version of AES and RSA. We have seen the following extensions being used by Cry128: ".fgb45ft3pqamyji7.onion.to._", ".id_<id>_gebdp3k7bolalnd4.onion._", ".id_<id>_2irbar3mjvbap6gt.onion.to._" and ".id-<id>_[qg6m5wo7h3id55ym.onion.to].63vc4".
To use the decrypter, you will require an encrypted file of at least 128 KB in size as well as its unencrypted version. To start the decrypter select both the encrypted and unencrypted file and drag and drop them onto the decrypter executable.