Jump to content

tisc ransomware attack


Recommended Posts

I just had the tisc virus attack encrypting all files on my Windows computer. I tried to apply a few methods seen on the internet, nothing worked. Decryption software reports that files have been encrypted with an online key. Is there any way I can get my files back without paying the ransom or is there some other way? Can somebody help me please

Link to comment
Share on other sites

5 hours ago, Gael said:

Decryption software reports that files have been encrypted with an online key.

Yes, probably true. Emsisoft Decryptor accurately identifies decryption capabilities.
Next, I'll tell you what you should do as soon as possible and how else you can try to get some files back.

Link to comment
Share on other sites

What to do? Everything is lost?
If there is currently no way to decrypt files, but in the future, in theory, extortionists can publish keys to all of their victims. This does not happen often, but this year we have seen such cases several times.

Why did this happen?

This 'STOP Ransomware' enters the PC due to the fact that computer is poorly protected. People often use free antivirus programs with the 'Free' label in the name. None of these programs will protect PC from programs similar to 'STOP Ransomware', because basic protection is not capable of this feat.
If users used comprehensive protection of the 'Internet Security' class, then it would help protect PC from ransomware attacks.

There is no 100% protection against malware, but what the 'Free' antivirus gives is 1-2 percent protection. 

After this attack, PCs could have stayed other malware elements. This maybe is an info-stealer and something else. Therefore, it is urgent to conduct a full check and destroy malware.

Use an comprehensive anti-virus software such as Emsisoft Anti-Malware to effectively remove the malware. 
You can get a free trial 30-days version of Emsisoft Anti-Malware here: https://www.emsisoft.com/en/home/antimalware/

It will help you clean your PC from other malware for free.

!!! You need to neutralize all malicious files in the system. This should be done as quickly as possible. 

Link to comment
Share on other sites

Only after neutralizing all malicious files ...

This is not the decryption, it is the recovery of certain types of files using the features of these files.

1) If you have encrypted ZIP/RAR archives, you can partially recover them. Only 1-2 files are damaged there. Remove the extension that the ransomware added to the archives, and extract the files in the usual way. Everything except 1-2 files will be fixed. If there is only 1 file in the archive, then it will most likely be unrecoverable.

2) There is an alternative (additional) way to recover some media files:
WAV, MP3, MP4, M4V, MOV, 3GP.

https://www.disktuna.com/media_repair-file-repair-for-stop-djvu-mp3-mp4-3gp

But before trying the alternative variant with media files, it is recommended that you make a copy of the encrypted files. Something will be restored better, something will be restored worse. 

Some types of files can be opened (restored) using the application in which they were created. To do this, you must first remove the extension added by the ransomware. Then can try to open the file from the program in which it was created. If you open audio and video files in the editor, it will restore the structure, and upon closing it will offer to save the changes in the file.

3) If you have PDFs or files of other e-books, then they may suffer in part if they were not protected from manual modification. Therefore, after removing the added extension, they can be partially read (~ 80%).

Unfortunately, it is not yet possible to recover files created in MS Office applications due to their sensitivity to any damage. They can be easily damaged without encryption. It is easier to recover and read text written on paper or on the stone than one created in MS Office.

An alternative method for other files has not yet been found. I understand that this will not be enough, but recovering some of the files is better than to lose everything...

Link to comment
Share on other sites

14 hours ago, Amigo-A said:

Seulement après avoir neutralisé tous les fichiers malveillants ...

Ce n’est pas le décryptage, c’est la récupération de certains types de fichiers en utilisant les fonctionnalités de ces fichiers.

1) Si vous avez des archives ZIP / RARcryptées, vous pouvez les récupérer partiellement. Seuls 1-2 fichiers y sont endommagés. Supprimez l’extension que le ransomware a ajoutée aux archives et extrayez les fichiers de la manière habituelle. Tout, sauf 1-2 fichiers, sera corrigé. S’il n’y a que 1 fichier dans l’archive, il sera probablement irrécupérable.

2) Il existe un moyen alternatif (supplémentaire)
de récupérer certains fichiers multimédias: WAV, MP3, MP4, M4V, MOV, 3GP.

https://www.disktuna.com/media_repair-file-repair-for-stop-djvu-mp3-mp4-3gp

Mais avant d’essayer la variante alternative avec des fichiers multimédias, il est recommandé de faire une copie des fichiers cryptés. Quelque chose sera restauré mieux, quelque chose sera restauré pire.

Certains types de fichiers peuvent être ouverts (restaurés) à l’aide de l’application dans laquelle ils ont été créés. Pour ce faire, vous devez d’abord supprimer l’extension ajoutée par le ransomware. Ensuite, peut essayer d’ouvrir le fichier à partir du programme dans lequel il a été créé. Si vous ouvrez des fichiers audio et vidéo dans l’éditeur, il restaurera la structure et, à la fermeture, il proposera d’enregistrer les modifications dans le fichier.

3) Si vous avez des PDF ou des fichiers d’autres livres électroniques,ils peuvent souffrir en partie s’ils n’ont pas été protégés contre la modification manuelle. Par conséquent, après avoir supprimé l’extension ajoutée, ils peuvent être partiellement lus (~ 80%).

Malheureusement, il n’est pas encore possible de récupérer des fichiers créés dans les applications MS Office en raison de leur sensibilité à tout dommage. Ils peuvent être facilement endommagés sans cryptage. Il est plus facile de récupérer et de lire du texte écrit sur papier ou sur la pierre qu’un texte créé dans MS Office.

Une autre méthode pour d’autres fichiers n’a pas encore été trouvée. Je comprends que cela ne suffira pas, mais récupérer certains des fichiers est mieux que de tout perdre...

Thank you very much for all the time you took to explain this to me. Indeed, the data that I mainly want to recover are C # and java programs. I can lose everything except these projects. I have been a victim of this virus since the beginning of October. I was able to remove the virus, currently I am trying to decrypt the files. Too bad I can't do it.
I will try to follow your explains maybe I could recover some files.
Thank you.

Link to comment
Share on other sites

18 hours ago, Amigo-A said:

Only after neutralizing all malicious files ...

This is not the decryption, it is the recovery of certain types of files using the features of these files.

1) If you have encrypted ZIP/RAR archives, you can partially recover them. Only 1-2 files are damaged there. Remove the extension that the ransomware added to the archives, and extract the files in the usual way. Everything except 1-2 files will be fixed. If there is only 1 file in the archive, then it will most likely be unrecoverable.

2) There is an alternative (additional) way to recover some media files:
WAV, MP3, MP4, M4V, MOV, 3GP.

https://www.disktuna.com/media_repair-file-repair-for-stop-djvu-mp3-mp4-3gp

But before trying the alternative variant with media files, it is recommended that you make a copy of the encrypted files. Something will be restored better, something will be restored worse. 

Some types of files can be opened (restored) using the application in which they were created. To do this, you must first remove the extension added by the ransomware. Then can try to open the file from the program in which it was created. If you open audio and video files in the editor, it will restore the structure, and upon closing it will offer to save the changes in the file.

3) If you have PDFs or files of other e-books, then they may suffer in part if they were not protected from manual modification. Therefore, after removing the added extension, they can be partially read (~ 80%).

Unfortunately, it is not yet possible to recover files created in MS Office applications due to their sensitivity to any damage. They can be easily damaged without encryption. It is easier to recover and read text written on paper or on the stone than one created in MS Office.

An alternative method for other files has not yet been found. I understand that this will not be enough, but recovering some of the files is better than to lose everything...

Hi Amigo-A,

I just tried your suggestions, unfortunately nothing works. Maybe it's because they are c # and java files (other files don't interest me).
If you have any other proposal please let me know

Link to comment
Share on other sites

Quote

C# and java files

We did not try to do something with such files. Probably, they, like ordinary text ones, are damaged in the same way. It is possible to recover only files in archives, except for 1-2, which are likely to suffer. 

Link to comment
Share on other sites

When someone pays the ransom and recovers the files, they can share the key with the Decryptor developers so that they can help others. This is a voluntary matter. Just need to hand over the key to the Emsisoft employees.

Link to comment
Share on other sites

16 hours ago, Amigo-A said:

When someone pays the ransom and recovers the files, they can share the key with the Decryptor developers so that they can help others. This is a voluntary matter. Just need to hand over the key to the Emsisoft employees.

ok, 

The solution now is to pay the ransom. I have to do it.

thank you for everything

 

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...