i was attacked, am confused, i cant open my data

mariam3 · #1 06-01-2023, 01:09

Hello, my computer system was attacked by unknown guys online iguess.

i cant open my data on the computer.

"Don't worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key."

any Help Please ?

BR

atom0s · #2 06-01-2023, 03:12

That sounds more like you opened an infected program, pdf, etc. and got hit with ransomware. If you know what version/variant of ransomware you got hit with you can look around online for any known decryptor tool that was already made for it. (Typically for the shittier versions that used a similar key/code that could be determined or pulled from your system.)

blue_devil · #3 06-01-2023, 04:20

Quote:

Originally Posted by mariam3

Hello, my computer system was attacked by unknown guys online iguess.

i cant open my data on the computer.

"Don't worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key."

any Help Please ?

BR

You were hit by a ransomware attack. I am so sorry for this.

In 2015(maybe 2016) my friend's notebook was also hit by TeslaCrypt ransomware. I was able to decrypt my friend's data!

First you should define what/which ransomware (ransomware variant) you ware hit by. Then you can search for a decryptor. If you cannot find a decryptor, you then reverse the malicious binary to create a decryptor. And If you are lucky you can rip out the decryption key (if it is in binary)

sh3dow · #4 06-01-2023, 13:20

As blue_devil said, identify the ransomware and search for its decryptor. Many ransomware was found with weak implementations therefor easy way to decrypt it.

Use this ID Ransomware, upload a ransom note and/or sample encrypted file to identify the ransomware that has encrypted your data.

hXXps://id-ransomware.malwarehunterteam.com

After that you will a have clue on what to search for

bolo2002 · #5 06-01-2023, 22:10

And don't use the infected anymore directly,as said identify the ransomware,with a bootable usb key antivirus distro like Kaspersky,eset etc..and keep it even months later a decryptor can come.
I wish you'll recover data.

silver · #6 06-23-2023, 06:35

Well, it depends if your data is valuable enough.

Most modern ransomware are a part of RaaS (Randomware as a Service), and authors are relatively "trustable", so you can pay them and get your files back. Nowadays it's basically impossible to crack a ransomware, because most flaws have been fixed, and those who cannot well encrypt your files are nearly all upgraded (unless you infected from a sample during 2016-2017.

I helped a few companies solving their ransomware issue back in 2015. One case I had dealt is having its private key XORed under C:\Temp\ntuser.dat (weird name, haha). Another case I had managed to do is solved by using the dump file, because the victim is a driver developer, and the ransomware incorrectly encrypted her configuration file for the device driver, so the kernel crashed in WinDBG.

However, modern ransomware can make correct assumption of which file should be encrypted, and carefully design their key function, so low hanging fruits have gone. Nowadays, all companies claiming they can solve the file, are mostly fraud.

Good luck

The Following User Says Thank You to atom0s For This Useful Post:
mariam3 (06-01-2023)

The Following 2 Users Say Thank You to blue_devil For This Useful Post:
mariam3 (06-01-2023), sh3dow (06-01-2023)

The Following 2 Users Say Thank You to sh3dow For This Useful Post:
blue_devil (06-02-2023), niculaita (06-03-2023)

The Following User Says Thank You to bolo2002 For This Useful Post:
niculaita (06-03-2023)