1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Decryption of Ransonware Files

Discussion in 'BlackHat Lounge' started by redbandit, Feb 14, 2015.

  1. redbandit

    redbandit Power Member

    Joined:
    Sep 30, 2014
    Messages:
    516
    Likes Received:
    101
    Location:
    BHW
    hi everyone,

    any recommendations for decrypting files hit by ransomware? Not sure of the type of malware but it is definitely a variant of CryptoLocker. The malware has been wiped off the system but the files are still encrypted. Files types are Word, Excel, PPT, PDF and Jpeg.


    thank you
     
  2. BillyPart

    BillyPart Newbie

    Joined:
    Jan 23, 2015
    Messages:
    14
    Likes Received:
    52
    bleeping computer has been tracking and reporting on the technological advancement of the ransomware malware, and the last article I read said that they had learned that the encryption algo used was easy to crack. But my prediction is that's going to change, and there is soon going to come a day when, once you've been hit it's going to be pay the ransom, or lose the data. I'm currently researching online backup services in order to get ahead of this very serious threat.
     
    • Thanks Thanks x 1
  3. redbandit

    redbandit Power Member

    Joined:
    Sep 30, 2014
    Messages:
    516
    Likes Received:
    101
    Location:
    BHW
    Hi Billy,

    I looked up Bleeping computer, but have had no luck with the files. any alternative you have that can be used to view/restore the data?
     
  4. Capo Dei Capi

    Capo Dei Capi BANNED BANNED

    Joined:
    Oct 23, 2014
    Messages:
    754
    Likes Received:
    1,732
    did you try the restore to previous version method?

    http://esupport.trendmicro.com/en-us/home/pages/technical-support/premium-security/1099221.aspx
     
    • Thanks Thanks x 1
  5. liteman

    liteman Newbie

    Joined:
    Jan 7, 2015
    Messages:
    23
    Likes Received:
    12
    freelancer etc might have someone who handles that not sure
     
    • Thanks Thanks x 1
  6. redbandit

    redbandit Power Member

    Joined:
    Sep 30, 2014
    Messages:
    516
    Likes Received:
    101
    Location:
    BHW
  7. redbandit

    redbandit Power Member

    Joined:
    Sep 30, 2014
    Messages:
    516
    Likes Received:
    101
    Location:
    BHW
    hey thanks, didnt strike me to check there.! : )
     
  8. JustUs

    JustUs Power Member

    Joined:
    May 6, 2012
    Messages:
    626
    Likes Received:
    582
    If you have the hard disk, and you have not written to it since file encryption, data recovery software will get the files back. In some cases, even if you have written to the disk you can recover the files.
     
  9. BillyPart

    BillyPart Newbie

    Joined:
    Jan 23, 2015
    Messages:
    14
    Likes Received:
    52
    I read a similar post somewhere else. Why/how do you know that?

    The other post said GetDataBack would restore the original data. I'm wondering if the encryption leaves behind an original copy that is only "deleted" and not "wiped". I'll try to post a like to bleeping computer in a minute here...
     
  10. Red Giant

    Red Giant Jr. VIP Jr. VIP

    Joined:
    Nov 1, 2013
    Messages:
    1,535
    Likes Received:
    257
  11. The Tic

    The Tic Newbie

    Joined:
    Jul 16, 2016
    Messages:
    0
    Likes Received:
    0
    I was wondering if there was a universal decrypter for ransomware. This would be a great challenge for any blackhat willing to do create such a program. I work as a Computer Technician and we are getting the odd ransomware. I would love to have a universal ransomware decrypter for any kinds of ransomware. This universal ransomware decrypter could be updated with any new ransomware or the universal ransomware decrypter could change the encryption process and change for the universal ransomware decrypter to first encrypt the what was being encrypted and then decrypt it afterwards. I would like to challenge any blackhat to carry this out. If there is such a ransomware decryption tool please let me know.