Anurag 0 Report post Posted October 24, 2017 My system got infected by a ransom malware and all images and important files got corrupted, and converted to be as .cesar files. I used spyhunter and removed the malware and viruses. But files got corrupted Need your support to get them decrypted and to recover the files. As I have the files in different drive other than c:, I havent mentioned windows protection ‘on’. Its my fault. I tried Stellar and other Data Recovery software, but even after restoring the .cesar files only exists. Unable to get my original files back. Also I have .cesar files and other files that are being corrupted. Is that ok, to have them? will that cause any issue? Can you please let me know any solution and your help needed for this. Copy of Book2_revised.xlsx.id-94BF6034.[[email protected]].cesar Quote Share this post Link to post Share on other sites
GT500 841 Report post Posted October 24, 2017 It looks like it's a variant of the Crysis/Dharma ransomware:https://id-ransomware.malwarehunterteam.com/identify.php?case=1576e4f64cd83ca1be2739e92d6d95c3255761da In the case of ransomware like this, which uses secure encryption and generates new public/private keys for every computer it infects, usually there is no way to decrypt the files without getting the private key from the criminals who made the ransomware. You can try a tool such as ShadowExplorer, however ransomware like this usually deletes Volume Shadow Copies, so ShadowExplorer will usually find nothing. Even if the Volume Shadow Copies were not deleted, the odds of finding backup copies of files in them is pretty slim, since Windows would normally only leave backup copies of files in the Volume Shadow Copies if you were using Microsoft's own backup software for data backups (although sometimes the System Restore will save copies of files in the Volume Shadow Copies).http://www.shadowexplorer.com/ In cases where the Volume Shadow Copies are deleted, then note that ransomware doesn't generally delete them securely, so it might be possible to use a file undelete utility to undelete the old Volume Shadow Copies, and then use ShadowExplorer to recover files, however this isn't necessarily straightforward to do (the computer will need to be running from a bootable disk to have write access to the "System Volume Information" folder, or the hard drive will need to be connected to another computer), and even if you can recover the old Volume Shadow Copies, as mentioned above the odds of there being backup copies of important files in them are low to begin with. Note that you may need to find a local computer technician who can assist you with this if you do want to try it. Here's a link to a list of file recovery tools at Wikipedia:https://en.wikipedia.org/wiki/List_of_data_recovery_software#File_Recovery Quote Share this post Link to post Share on other sites
