I have a user who was infected by Zepto. Didn't have backups of his local systems and the recovery methods described (shadow explorer, recuva, etc.) did not work.
so we went the ransom payment route to retrieve data...unfortunately. After struggling with figuring out why it wasn't running (webroot). we ran the decryption tool and it looked like all was well.
However, we found a full folder of pictures (My pictures) that weren't decrypted and we are unable to re-run the decryption tool.
So here is my question:
Having the Decryption tool, does that help us manually decrypt using the string that's in the name of the application? If so, can anyone point to such?
Thanks in advance.