Joep
Well-Known Member
- Reaction score
- 324
- Location
- Netherlands
This specific ransomware (STOP) does encrypt the first 150 KB of the file. That leaves room for repair: 150 KB means the JPEG header is corrupt + some 150 KB of actual image data. Since the original photo is 6 MB+ there is plenty of data left.
I add a valid header to the file and basically remove the encrypted data.
This is hardly ideal as each photo needs to be repaired manually. Takes me about 10 minutes per photo on average.
Note that some variants of stop can be decrypted under certain conditions.
I add a valid header to the file and basically remove the encrypted data.
This is hardly ideal as each photo needs to be repaired manually. Takes me about 10 minutes per photo on average.
Note that some variants of stop can be decrypted under certain conditions.