Hello there.
First post. Little background. I work on A Service desk for a company and back in March we had a user become infected with Ransomware. All of his data was encrypted with a .ECC file extension and a ransom note was added to his desktop wallpaper pointing us towards the TOR browser and a Darkweb site to get the key. Obviously this was way back in March before the Virus was analysed and this tool was created so at the time there wasn't much advice available other than rebuild computer and restore from backups so, as we assumed we had a full backup of his data, we had the machine wiped and rebuilt to clear the virus and then raised a request for his data to be restored from a date prior to the encryption.
Long story short The backup was recovered but from the incorrect date (when the data was already encrypted) and, thanks to outsourcing, the Backup team only keep 60 days worth of backups so by the time they restored it and the customer got around to checking it (he travels a lot) any clean data had been wiped over and wasn't retained.
We have a full copy of all the encrypted data but obviously, because the machine was rebuilt, we lost the files the virus will have put on the computer (i.e. no key.dat file) meaning the programs cannot find it to unencrypt.
I appreciate it is a long shot but, since this is an early version of the Ransomware from March this year, is there anyway of unencrypting these files if the key.dat file is not available?
Edited by Rhodsey, 06 October 2015 - 02:35 AM.