Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Has Anyone Succeeded?


  • Please log in to reply
1 reply to this topic

#1 nopermission

nopermission

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:53 PM

Posted 07 December 2017 - 04:28 PM

 
Has anyone succeeded
 
Troldesh/-
.magic_software_syndicate
.da_vinci_code
 
.cerber
and how exactly encryption does not understand it

Edited by hamluis, 08 December 2017 - 05:46 AM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:53 AM

Posted 09 December 2017 - 06:51 AM

Decryption is only possible for some cases of Troldesh infection. Kaspersky and Intell Security (McAfee) have released decryption tools for encrypted data which work on some Troldesh (Shade) variants.

There are several different variants of Cerber Ransomware with different file extensions appended to the end of encrypted filenames and ransom notes. Trend Micro released a Ransomware File Decryptor for victims of earlier Cerber v1 infections but it has limitations...must be used on the infected machine, may take several hours to complete decryption, some files may be only partially decrypted. Trend Micro's decryptor does not work on Cerber v2/v3 encrypted files or the newer v4x/v5x and CRBR Encryptor variants which use 10 random characters with a random 4 character hexadecimal extension (i.e. 1xQHJgozZM.b71c). Unfortunately that means, there is no known method to decrypt files by these variants[/b] without paying the ransom. If possible, your best option is to restore from backups, try file recovery software or wait for a possible solution at a later time.
 


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users