Jump to content


Visiting Expert
  • Posts

  • Joined

  • Last visited

  • Days Won


Posts posted by Amigo-A

  1. Only after neutralizing all malicious files ...

    This is not the decryption, it is the recovery of certain types of files using the features of these files.

    1) If you have encrypted ZIP/RAR archives, you can partially recover files. Remove the extension that the ransomware added to the archives, and extract the files in the usual way. Unfortunately, many files can be encrypted or damaged there, but some files can be opened. 

    2) There is an alternative (additional) way to recover some media files:
    WAV, MP3, MP4, M4V, MOV, 3GP.


    But before trying the alternative variant with media files, it is recommended that you make a copy of the encrypted files. Something will be restored better, something will be restored worse. 

    Some types of files can be opened (restored) using the application in which they were created. To do this, you must first remove the extension added by the ransomware. Then can try to open the file from the program in which it was created. If you open audio and video files in the editor, it will restore the structure, and upon closing it will offer to save the changes in the file.

    3) If you have PDFs or files of other e-books, then they may suffer in part if they were not protected from manual modification. Therefore, after removing the added extension, they can be partially read (~50 - 80%), if get lucky.

    Unfortunately, it is not yet possible to recover files created in MS Office applications due to their sensitivity to any damage. They can be easily damaged without encryption. It is easier to recover and read text written on paper or on stone than one created in MS Office.

    There is a new way to recover JPG / JPEG image files

    The main condition for recovery is to find 1 file from the same series of previously taken photos.

    When using the program, some antiviruses give a false positive. Don't be alarmed. The program does yet not have a digital signature. You can also ask the developer to help you recover your photo files. The work is not easy, you need to negotiate a fee.

  2. Hello @jacob 91

    You need to neutralize all malicious files in the system. This should be done as quickly as possible. 

    Use comprehensive anti-virus software such as Emsisoft Anti-Malware to effectively remove the malware. 
    You can get a free trial 30-days version of Emsisoft Anti-Malware here: https://www.emsisoft.com/en/home/antimalware/

    It will help you clean your PC from other malware for free.

  3. 2 hours ago, help pls said:

    when will online IDs turn to offline IDs



    An Online ID is used when the computer is connected to the Internet and nothing prevents the encryptor from contacting its server and receiving an encryption key randomly generated on that server.
    The Offline ID built into the program is used when the computer is disconnected from the Internet and/or communication with the ransomware server is not possible.

  4. 1 hour ago, VEER123 said:


    Yes, decryption MAY be possible in the future

    When the developers receive the decryption key, they can add it to the Emsisoft Decryptor. When this event will happen, no one knows. It doesn't depend on them. The key can be given by the person who paid the ransom and decrypt the files.

    • Upvote 1
  • Create New...