Files infected extension changed to .crypt (no fix?)

[Benchtech]

I tried looking up a fix for this but haven't found one yet. I've tried everything listed over at bleeping but none of them work but was told this could be a new variant of a similar infection currently in the wild. The encryption key was usually stored on the infected PC but now is stored on a remote server (or so they believe).

Changing the file extension from mypic.jpg.crypt to mypic.jpg corrupts the file.

If anyone has some insight please respond.

 

[ComputerRepairTech]

Do you have a sample of the infection? (I mean the virus itself not the .crypt files)

Edit: oh did you try: http://www.majorgeeks.com/Kaspersky_XoristDecryptor_d7732.html

 

[TenYardFight]

Search for a previous thread with ransomware in the title. I'm pretty sure you're never getting those files back. I would love it if I was wrong.

 

[ComputerRepairTech]

Just curious have you tried a file recovery program? I was just thinking it may be possible that the encryption process did not use the same space on the disk then created the .crypt version and deleted the original.

 

[drake3d]

The files are/where encrypted by the virus/malware/ransomware that infected the system. Once that is removed you can try shadow explorer to recover the files pre infection. If that does not work use a file recovery program as ComputerRepairTech suggested. I like EASEUS Data Recovery myself but there are others out there including free ones. If you are doing this regularly, data recovery, I would suggest you add a good recovery tool to your tech tools.

Good luck and keep us posted.

 

[NYJimbo]

Once that is removed you can try shadow explorer to recover the files pre infection.

Somebody please tell me if this works, because I am sitting at the edge of my seat.

 

[ComputerRepairTech]

I want a sample! post it some where like in password protected rar or something with the password being: infected

I don't expect to be able to break AES encryption but with any luck there may be an obvious weakness in the key generation itself.

 

[TimM]

Kaspersky's XoristDecrypter tool has fixed those sort of encrypted files in the past. A new version was released less than a week ago, so hopefully it can handle the new version of the virus that you've encountered.

 

[MobileTechie]

Jeez - this is not a good development. I know they've been warning this was coming but it could be catastrophic for families with valued photos etc.

The authorities need to be making a lot more effort in closing this stuff down, especially the money brokers like Visa who allow the financial payments to take place.

 

[Benchtech]

Kaspersky's XoristDecrypter tool has fixed those sort of encrypted files in the past. A new version was released less than a week ago, so hopefully it can handle the new version of the virus that you've encountered.

I've already used this and nothing was found as it only looks within the local computer for the encryption key as stated this new variant use a key store on the ransomwares server.

I've gotten 10 of these since Saturday all get a wipe and reload, after explaining that their is no fix currently and everything is lost. (FYI I still backup everything in case a fix is released)

 

[ComputerRepairTech]

I've gotten 10 of these since Saturday all get a wipe and reload, after explaining that their is no fix currently and everything is lost. (FYI I still backup everything in case a fix is released)

Get a sample for me please.

 

[Benchtech]

Get a sample for me please.

Next PC that comes in I'll get you a petri dish