I have a client who was infected with ransomware that threatened to permanently encrypt all of her files unless she paid for a key to decrypt her data. Turns out all the ransomware did was add '.crypted' to the end of her file extensions. If you remove the .crypted part from a file i.e. 'test.docx.crypted' and make it just 'test.docx' it works fine. The problem I am running into is that she has a massive amount of files that have been modified. I am looking for an easy way to remove '.crypted' from the end of her files without using System Restore, preferably. She will be working on her computer this week and I will not have access to it until Monday. I would rather her not lose any of her progress that she has made. I was able to remove .crypted from some of her critical work files today so she could work.
I was trying to think of a way to write a batch file that could target '.crypted' and remove it.
Any help would be great!!!
Edited by quietman7, 21 July 2017 - 06:45 PM.