Answer the question
In order to leave comments, you need to log in
File decryption after ransomware trojans?
I always thought that encrypted files were lost forever, but then I found as many as 3 decryption utilities on the Kaspersky website, which in some cases really help by picking up the key for a split second. It looks like encryption is not AES at all, how scary file extensions are after these trojans, or am I behind the times)
Answer the question
In order to leave comments, you need to log in
1) If you are talking about files with the *.AES256 extension, then AES encryption is really used there. The Kaspersky Lab utility capable of decrypting such files is RakhniDecryptor . There is one thing: the utility will restore only those files, the decryption key for which is in its database. Nevertheless, the utility is constantly being improved (updates are released several times a week), and in relation to less strong encryption algorithms, it is able to pick up a key using the "brute-force search" method in a very limited time.
2) Utilities for combating malware that encrypts user data, the LC has not 3, but more. :)
The most commonly used, apart from RakhniDecryptor, are RectorDecryptor , XoristDecryptor and RannohDecryptor .
3) Please note that it is not recommended to check the box "Delete encrypted files after successful decryption" in the additional settings of the utilities until you make sure on a group of encrypted files that the utility decrypts them correctly. There are situations when user's files are encrypted in turn by two different malware.
4) If the utilities do not help, you can try to download them after a while (after updating them), and also contact the Kaspersky Lab forum or the Kaspersky Lab fan club in the "Fighting viruses / Destroying viruses" section, where you can find out the prospects for decryption.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question