tonywong81789

infected 2k19sys virus

Recommended Posts

Hello Tony

Identification result >>>

It is possible that you are lucky and we have a decryptor that can decrypt your files.
But you need to find at least one original file in a pair to the encrypted one in order to extract the decryption key.

Emsisoft Decryptor for Paradise for 2k19sys-variant. 
https://www.emsisoft.com/ransomware-decryption-tools/paradise 

Share this post


Link to post
Share on other sites

Excuseme, what is that mean "But you need to find at least one original file in a pair to the encrypted one in order to extract the decryption key."

I tried the decryptor but the second item"orginial" show that it was not work

Share this post


Link to post
Share on other sites
1 hour ago, tonywong81789 said:

I tried the decryptor but the second item"orginial" show that it was not work

original-file.png.5e614420847111c73020dece615134cc.png
Download Image

 

Buttons work. You need to find the original unencrypted file to calculate the key. 

Share this post


Link to post
Share on other sites

Excuse me, I do not understand what is the orginial unencrypted file.

My case is the harddrive have differnent files inside, all pictures and documents were locked in some files. luckly, still one file's pictures were not infected but some documents still infexted and locked in this same file. At this moment, i tried the decryptor, i placed an uninfected photo in second button, it still file not support, how can i fix it?

Share this post


Link to post
Share on other sites
5 hours ago, tonywong81789 said:

I do not understand what is the orginial unencrypted file.

Original file — the file, that was before encryption. 

Test 1 2012-04.doc - original file

Test 1 2012-04.doc_9Mm5Bz_{[email protected]}.2k19sys - encrypted file

Share this post


Link to post
Share on other sites

Do you have any encrypted files that were originally downloaded from the Internet? If yes, you might be able to download the original copy again and use it in your file pair.

Share this post


Link to post
Share on other sites

@tonywong81789

Here is a sample list where you can find the originals of the encrypted files (my list):

1) on flash drives, external drives, CD / DVD, memory cards of the camera, phone;
2) in attachments of emails sent or received by you;
3) among the copies of shared photos of friends, relatives (in their PC) that you gave;
4) among the uploaded photos in the social. networks, including via smartphone and tablet;
5) among the uploaded photos to cloud services (Google Disk,  OneDrive, Yandex Disk etc.);
6) on the sites of ads, where you could previously send photos or images;
7) among unencrypted files, copies, renamed files on your PC;
8 ) on an old PC or disk, from where you transferred photos and documents to a new PC;
9) you can re-upload from the Internet previously downloaded photos, pictures, etc .;
10) you can use sample images supplied with Windows;
11) take photos or pictures that you previously posted on the avatar on the forums.
12) extract previously deleted files from the Recycle Bin or restore it with a special program.
 
If decryption failed ...
 
It is possible that the original file was an inaccurate copy of the encrypted. This could be due to the fact that earlier you yourself reduced or corrected it in the editor, or uploaded to social networks, cloud services, and there the file was somehow automatically changed.
Look for more files and try different pairs of encrypted and original files with the same name. Very often files can have the same name, but are not a copy of each other. Vocabulary used in any language is limited. The possibilities of PCs, cameras and other devices for taking photos are also limited. In cameras and mobile devices, names for photos are given automatically according to a specific format, so photos with the name from IMG_0001.JPG to IMG_9999.JPG can be quite a lot in different years. Smartphones can give photos more original names, such as IMG_20171012_170451.jpg - here and the date of shooting, and the sequence number, because the repetition of the name is unlikely.
 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.