Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Post SOPA Ransomeware Issue with files


  • Please log in to reply
2 replies to this topic

#1 Tony Hunt

Tony Hunt

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 23 November 2012 - 09:16 PM

Hi guys,

I was cleaning the ransomware off a system and as it happens that was the simple part. The affected computer has some essential docs/files that were renamed to .block after they got hit by the SOPA/Ransomware variant.

I ran trid on some of the files in hopes that they were just RARed but the file type was indeterminate and I am betting they are encrypted.

I am looking for a company or professional service to employ on this, as the machine that got hit lost a ton of very vital data and needs the files recovered. The number of files and impact of the files is going to require some contract work unless I can nail down a set process to use to recover the files.

Suggestions?

BC AdBot (Login to Remove)

 


#2 mn21111

mn21111

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 18 December 2012 - 03:08 PM

http://www.bleepingcomputer.com/forums/topic446111.html/page__st__165

Scroll about halfway down this page and see my post, as well as Fabian Wosar's, they have two different files you can use to try to decrypt your files. You will need to locate Initia1Log.txt.block and ok.txt.block on your pc, since they contain the encryption key/validator generated by the server when your files were encrypted. It's not a bad idea to save a copy of these two files in another place since they are your keys. If you are still infected by the malware you should try to boot from another HD and access your files from another non-infected OS, since further damage to your files is possible and recovery may be difficult after that.

Best of luck.

Edited by mn21111, 18 December 2012 - 03:11 PM.


#3 Tony Hunt

Tony Hunt
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 18 December 2012 - 03:56 PM

You da man!

I'll post results as I get them, and thanks a ton!

-Tony




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users