I was recently hit with the “Zipper” ransomware where all my files were zipped. Due to not having a backup, I decided to take the chance in paying the small ransom fee for their decryption.
Surprisingly, I was provided the decryptor and the private key and I was able to unzip all my files. Upon further investigation, I discovered that many files were missing. Going back to the original hard disk that was affected, I can see they were also missing here. I ran a disk recovery scan using one of the many well-known tools available and I can see all the missing files. What I think has happened here is that I managed to stop the ransomware mid encryption and has part of this it encrypts the files and deletes the originals, and therefore files are missing.
After recovering these files, I’ve found that they’re corrupted/damaged. I inspected the file headers of these files as they don’t appear to look correct and look encrypted.
How could I repair decrypt these files? I have the private key.
The decryption software provided originally only decrypts the .zip files so I’m not sure how to explicitly use my private key against some pdf and .doc documents?
Edited by hamluis, 19 June 2018 - 09:06 AM.
Moved from MRA to Ransomware - Hamluis.