Jump to content

decrypt my .RAD files pls.


Recommended Posts

Hello community, I want to share my latest experience. I tried to extract the files with 7-Zip and it worked surprisingly ...
step by step: 

I have a loads of infected and big data - this is only one folder to test the "7-zip" method.  

My open questions: 
1. what did the Matrix Ransomware have done with my data? 

2. are the infected data and the result data in the same folder or dispersed on the hole drive? 

 

STEP 0: Infected data with  readme

image.png.8227153c514312a328508ff82aed0bce.png

Step 1: 7-Zip 

image.png.cbe4c2b1c0693047f9fa6c1823d05685.png

Step 2: Overwriting Yes or No ? -> i seletcted Auto Rename

image.png.5ff206986d2794bed87d0c8396a1b595.png

Step 3: Message of 7-Zip 

image.png.1d051644592462d344b640d3d4343e37.png

Step 4: Result - > folder with xl and word data is created 

image.png.9ed9a0fc6ccc798e3ec2f5153b1ddef3.png

Result: folder with word Data 

image.png.d42090399034602137aab657f25050f4.pngimage.png.372ad74898a1bd9242660706fecfca11.png 

Result folder with xl Data:

image.png.8a752f05caa4473038d8c8ca6279309a.png

 

End. 

Cheers, Tom

 

 

Link to comment
Share on other sites

12 hours ago, datom said:

1. what did the Matrix Ransomware have done with my data? 

It's possible that it tried to use WinRAR, 7-Zip, or another program with a command-line tool that can create archives to compress your files with a password and simply got the syntax wrong or forgot the password. We can't really say for certain unless you attach a few of the encrypted files to a reply for us to take a look at, or unless you have a copy of the malicious program somewhere that we can take a look at (which is the preferred option since we can analyze the encryption algorithm it uses).

 

12 hours ago, datom said:

2. are the infected data and the result data in the same folder or dispersed on the hole drive? 

It depends on the ransomware. Most will try to encrypt data in the most common places for people to save files, and some will just take the "shotgun" approach and encrypt everything on the entire drive as long as it file extensions are on its list of files to encrypt. Then there are the "dumb" ransomwares that just encrypt everything except a few critical system files, and break almost everything on the system.

We really can't know how sophisticated the ransomware is without being able to analyze it.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...