I was wondering if anyone can assist me with a problem I am currently having with a drive that has been infected with one of the many ransomware trojans out there.
It is a data drive (no OS) given to me by a friend of a friend needing help.
I have been informed that the drive was infected with somethng called 'BKA-Trojaner', one I have not heard of before. The trojan was removed before coming to me, but specific files on the drive have been renamed.
Only .doc files have been encrypted (not sure if this is due to the trojan only targetting these, or if the process was interrupted before completion) The renaming, however, is something I haven't seen before. Instead of the usual locked-<file name>, or conversion to RAR files, each file nas had it's extension removed, and the name changed to a random string of characters such as 'ayyrNsteenLJJVVX' and no way to identify what the original filename was.
I would appreciate any help in this matter!