Ravock

Encrypted files advice

Recommended Posts

Hello.

I've created a topic last week about a friend who had their files encrypted by a ransomware.

Later, I found out that the files were encrypted using an online key and decryption is impossible.

Now, they want me to format their PC so they can at least have a clean system to start over, but they also want me to save the encrypted files.

Is it ok for me to save them? I'll copy them to an external HDD and move them back to their PC when I'm done.

I've ran Malwarebytes a couple times and the system seems clean.

Thanks for the help!

Share this post


Link to post
Share on other sites

The encrypted files themselves are not infectious or anything.

It's always recommended to archive encrypted files in that case in hopes of something changing in the future; unfortunately with STOP Djvu and the new variants with online keys, your only chance will be if the criminals are caught and their private RSA keys seized by law enforcement.

Share this post


Link to post
Share on other sites
On 3/11/2020 at 8:32 PM, Demonslay335 said:

The encrypted files themselves are not infectious or anything.

It's always recommended to archive encrypted files in that case in hopes of something changing in the future; unfortunately with STOP Djvu and the new variants with online keys, your only chance will be if the criminals are caught and their private RSA keys seized by law enforcement.

Yeah, these online keys really suck... I do hope they manage to arrest the criminals, those files meant a lot to my friend...

Anyway, thanks for the info. I've saved their files and filed a report as well.

Share this post


Link to post
Share on other sites
On 3/12/2020 at 7:32 AM, Demonslay335 said:

The encrypted files themselves are not infectious or anything.

It's always recommended to archive encrypted files in that case in hopes of something changing in the future; unfortunately with STOP Djvu and the new variants with online keys, your only chance will be if the criminals are caught and their private RSA keys seized by law enforcement.

Hi, I just want to know if there were any circumstances before that the criminals were actually caught and the key for online ID was retrieved?

Share this post


Link to post
Share on other sites
16 hours ago, nadine021 said:

Hi, I just want to know if there were any circumstances before that the criminals were actually caught and the key for online ID was retrieved?

It hasn't happened for the STOP ransomware, however there have been cases of it happening with other ransomwares. There have also been cases where criminals have decided to quit making/distributing ransomware, and have released their private keys themselves (keep in mind that this is rare).

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.