webideia 0 Posted May 24, 2016 Report Share Posted May 24, 2016 Hi, Files has been encrypted and extension changed to id-3E8CDC20.{[email protected]}.cbf. Example: Original: resposta_modelos.xsl Encrypted: resposta_modelos.xsl.id-3E8CDC20.{[email protected]}.cbf Anyone has this issue? Regards, Link to post Share on other sites
Kevin Zoll 309 Posted May 24, 2016 Report Share Posted May 24, 2016 Unfortunately, there doesn't appear to be a way to recover your files once encrypted. Your best best in trying to recover files is using a tool like Shadow Explorer, which will check if you can restore files using 'shadow copies' or 'shadow volume copies'. If that doesn't work, you may try using a data recovery program such as PhotoRec or Recuva. Link to post Share on other sites
webideia 0 Posted May 25, 2016 Author Report Share Posted May 25, 2016 Hi,But anyone know which version of ransonware is this? Regards, Link to post Share on other sites
Kevin Zoll 309 Posted May 25, 2016 Report Share Posted May 25, 2016 It an Offline Ransomware variant and it cannot be decrypted. It uses two levels of RSA encryption. It is not possible to decrypt files encrypted with the RSA encryption algorithm with out the private encryption key. Link to post Share on other sites
Recommended Posts