Jump to content
Login new information ×
Login new information

Ransomware

Knightmare

By Knightmare
in Security & Privacy Center

Recommended Posts

Knightmare

Knightmare

Posted
Posted

My friend managed to get herself some ransomware and now she says that her files are encrypted by the malware. I don't have much more information than that, since I was just informed about it today, but I was wondering if there are any programs out there that have a high success rate when it comes to decrypting these files. I assume that to remove it, I should create a bootable media and run it from the flash drive; as for decrypting the files, some people are claiming that Recuva will do the trick but I didn't know if someone knew of something stronger. Is there any other information that I should get from my friend? She's not very tech-savvy, so I don't know how detailed she can be but I can try.

Link to comment
Share on other sites
  • Replies 17
  • Views 1.5k
  • Created
  • Last Reply
knowledge-Spammer

knowledge-Spammer

Posted
Posted
13 minutes ago, Knightmare said:

My friend managed to get herself some ransomware and now she says that her files are encrypted by the malware. I don't have much more information than that, since I was just informed about it today, but I was wondering if there are any programs out there that have a high success rate when it comes to decrypting these files. I assume that to remove it, I should create a bootable media and run it from the flash drive; as for decrypting the files, some people are claiming that Recuva will do the trick but I didn't know if someone knew of something stronger. Is there any other information that I should get from my friend? She's not very tech-savvy, so I don't know how detailed she can be but I can try.

its a hard one to say 100%

high success rate when it comes to decrypting these files

i am a little tech-savvy but some  ransomware  can be very hard to fix

 

if she not care about old files and just want pc back and runnin  reinstall windows and save your time  trying to decrypting 

this ransomware  is out of control nowdays

i am sure Recuva  will not help the program for deleted files i think

if all files and videos and pics are encrypted   its a hard one  and maybe u cant get all files back 

i am myself playing with ransomware  to try and understand it better to help think of ways to stop bs ransomware

Link to comment
Share on other sites
Knightmare

Knightmare

Posted
  • Author
Posted
33 minutes ago, knowledge said:

its a hard one to say 100%

high success rate when it comes to decrypting these files

i am a little tech-savvy but some  ransomware  can be very hard to fix

 

if she not care about old files and just want pc back and runnin  reinstall windows and save your time  trying to decrypting 

this ransomware  is out of control nowdays

i am sure Recuva  will not help the program for deleted files i think

if all files and videos and pics are encrypted   its a hard one  and maybe u cant get all files back 

i am myself playing with ransomware  to try and understand it better to help think of ways to stop bs ransomware

She did say that she needs the files for work, so if there is hope to recover the files, that would be good.

Link to comment
Share on other sites
jcvo

jcvo

Posted
Posted

you have to verify that class of version of Ransomware is the one that coded the files according to that to help you

Link to comment
Share on other sites
Kalju

Kalju

Posted
Posted

Victims usually will receive a ransom note by the name of "WHATHAPPENDTOYOURFILES.TXT", with the following contents.

Here is one real example 

Your ID: 978286
* * *
Hi. Your files are now encrypted. I have the key to decrypt them back.
I will give you a decrypter if you pay me. If you pay me today, the price is only 1 bitcoin.
If you pay me tomorrow, you will have to pay 2 bitcoins. If you pay me one week later the price
will be 7 bitcoins and so on. So, hurry up.

Also, try to find out, if somewhere on your computer is a file booyah.exe and any folder, which contains encrypted files, must contain file CRIPTOSO.KEY Most probably is used TeslaCrypt 4.0, Google it, if You are interested in it. Or read this.
Does she get something similar and one more question - where is the encrypted files located (I mean folders) and are all files encrypted or only some of them?

If possible, maybe some examples, I mean some encrypted file names.

Link to comment
Share on other sites
luisam

luisam

Posted
Posted
1 hour ago, Knightmare said:

... some people are claiming that Recuva will do the trick...

 

Recuva won't decrypt files but it or for the case, any files recovery application, might let recover deleted files which in most cases might be previous versions, unfinished saves or copies of stored files. Certainly, I recommend to run as many recovery apps as she can. different applications recover different kind of files.

Another source to recover files are those sent by gmail or some other web resident email service, stored in SENT folder or stored in any "cloud" resource like Google Drive, Dropbox, etc...

Remember to save recovered files to a different storing media, so the recovery process might have a better rate.

Even not knowing the version of the Ransomware that strucked the computer, I'm rather pessimistic about any possibility to decrypt some of those files. In any case, hope someone might give you some better tip.

Link to comment
Share on other sites
davmil

davmil

Posted
Posted

Kaspersky and some other AV vendors can repair certain versions of ransomware.  Check out their sites.

Link to comment
Share on other sites
Knightmare

Knightmare

Posted
  • Author
Posted
1 hour ago, davmil said:

Kaspersky and some other AV vendors can repair certain versions of ransomware.  Check out their sites.

Links, please :D

Link to comment
Share on other sites
straycat19

straycat19

Posted
Posted
57 minutes ago, Knightmare said:

Links, please :D

 

It isn't that simple.  You need to know the type of ransomware that was used.  The clue is usually the extension that is added to the encrypted files. If you can provide that then it will help to point you to the right location for your particular ransomware decryption, if it is available.

Link to comment
Share on other sites
mattias

mattias

Posted
Posted
5 hours ago, davmil said:

Kaspersky and some other AV vendors can repair certain versions of ransomware.  Check out their sites.

  

https://noransom.kaspersky.com/

 

Link to comment
Share on other sites
Marcus Thunder

Marcus Thunder

Posted
Posted
11 hours ago, Knightmare said:

My friend managed to get herself some ransomware and now she says that her files are encrypted by the malware. I don't have much more information than that, since I was just informed about it today, but I was wondering if there are any programs out there that have a high success rate when it comes to decrypting these files. I assume that to remove it, I should create a bootable media and run it from the flash drive; as for decrypting the files, some people are claiming that Recuva will do the trick but I didn't know if someone knew of something stronger. Is there any other information that I should get from my friend? She's not very tech-savvy, so I don't know how detailed she can be but I can try.

Did your friend have any kind of antivirus protection or security application running while getting infected? if yes what was it ..pls tell me

I am also curious about the particular site that got you friend infected...What was the site or was it a pop up ad ...

Link to comment
Share on other sites
Knightmare

Knightmare

Posted
  • Author
Posted
3 hours ago, Marcus Thunder said:

Did your friend have any kind of antivirus protection or security application running while getting infected? if yes what was it ..pls tell me

I am also curious about the particular site that got you friend infected...What was the site or was it a pop up ad ...

It wasn't a site, it was an email. I hope to meet up with them soon and get more answers.

Link to comment
Share on other sites
Holmes

Holmes

Posted
Posted

You need to find out the name of the particular ransomware and decryptcryptolocker.com is not available hasnt been available for sometime.  If its a newer ransomware or CTBlocker she must have a shadow copy or a system backup to recover her files as there is no decryption tool available.  You can try to use recova its not as good as some recovery programs are the one I use is active partition recovery enterprise which has active file recovery included you could try that a trial should be available.  We do need additional information.

Link to comment
Share on other sites
Knightmare

Knightmare

Posted
  • Author
Posted

Should I use Kaspersky rescue disk to clean the system first or is there something better?

Link to comment
Share on other sites
info999

info999

Posted
Posted

Unfortunately her only option is to pay, because it's impossible to decrypt the files without the private key used to encrypt them

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...