Hi folks, long time lurker here.
OK, last year, a good mate of mine fell foul to ONE of the ransomware scams. **every** precious photo he owned was scrambled. Yes, no back up!!!!
This was before just cryptolocker and he seems to recall the old FBI / Metro police / Scotland yard porn warnings.
He couldn't shift it and formatted the HD but of course, after his files had been encrypted. I suspect the decryption key was stored on his PC.
So, he asked me if I could help as I have a bit experience with things like this. And his missus is pi55ed as the wedding / holiday / kids etc pics are now all unreadable.
I have discovered ALL the encrypted files start with : CR_M0x04ì7 8 when viewed with notepad.
We also now have some encrypted files from his PC and the identical NONE encrypted files which are on my computer as I gave them him those files back in 2004!! Obviously the metadata is different but the pics are identical.
I have just tried the Panda decryption util (pandaunransom) and it generated a key but doesn't seem to decrypt them.
Can anyone here offer up a bit of a suggestion I could try. He's a good mate and I do feel for him. I would be gutted to loose all my pics. Hence 3 backups at my site.
Pics are only small, happy to upload if anyone wants to try...
Thanks for any suggestions.
Edited by Queen-Evie, 12 April 2015 - 03:51 PM.
moved from Anti-Virus and Anti-Malware Software