Dealing with a Ransomware Attack: A full guide
Vložit
- čas přidán 4. 06. 2024
- Help! Infected by Ransowmare? This video is a full guide on how to deal with a ransomware attack, how to decrypt your encrypted files, lockdown your network contain damage, recover data and so on.
▼ Links, Resources and Contact Information ▼
✉ Contact us for business: www.thepcsecuritychannel.com/...
🔥 Love the channel? Become a Patreon:
/ tpsc
🔥 Buy the best antivirus/security products with exclusive discounts and support this channel:
www.thepcsecuritychannel.com/buy
🔥 Join us on Discord and participate in our active community:
www.thepcsecuritychannel.com/...
▶️ See how your product performs in a Test vs Malware:
www.thepcsecuritychannel.com/...
▶️ Want to learn cybersecurity? Get started here:
www.thepcsecuritychannel.com/... - Věda a technologie
Response to certain concerns in the comments:
I’m aware that “pulling the plug” can destroy evidence for forensic investigators, but the value of potentially preventing a large amount of data from being encrypted in the first place can be much greater for the user than the slim chance of finding file traces or the encryption key in memory through a high cost forensic investigation. Of course it only makes sense if done early, and as with everything not everyone agrees. This video is meant to be a general guide for most people but of course it cannot tell you how to perfectly deal with every possible scenario.
I would go with unplugging the network card or switch!
@Deadpoppin Only if you have n word pass
Ok
@Deadpoppin Your n word pass please.
2019 has started with ransomware attacks and till this day we hearing ransomware attacks happening.
I hope I wont need to use this video in my lifetime
Same
@@malwaretestingfan im not a expert but i think it depends on the kind of ransomware and what methods and algorytms it uses to encrypt
Backup
@@malwaretestingfan how does renaming the zip file to exe help?
@@felixiii4186 Simple. Ransomwares always avoid EXE files, to not corrupt themeselves.
There is a special place in hell for ransomware developers
@Geek Gamer Not always.
@Geek Gamer make a new market..smh
Not the developpers, but the ones who use them
For such people hell does not even exist. Rather address the gullibility on the other side of the keyboard. Backup backup and backup your data.
who knows, people who made this are top Avast or Cisco employees?
Tips for avoiding ransomware in the first place:
1. don't click links in emails
2. don't download programs or microsoft docs off the internet
3. Don't visit sketchy websites
4. Don't touch popups or ads
5. don't plug random USB drives you find into your computer.
your steps suck
@@1980woodpixie Your comment rocks!
200 IQ move:
Encrypt your files before a ransomware can.
its prettygood genius
Big brain
its not that easy , windows services will not fuction as they target .dll files too
it'lll just encrypt it again
My friend does it lol
*just pull out an uno reverse card so now they pay you*
Big brain
No u
@@prettyepicname 👍
Lol
😁
Make sure your backups are off line. Attackers tend to delete them. They have been on your network long before the encryption. Check who has admin rights on your network and reset all your password.
Air gap'd backups are a must for every network! Do not leave the only copy of your data connected to the computer/network!!!!!
Good comment and reply.
Or on connected cloud storage with an account with read privileges only. And use a different account on a VM every time you need to create/upload them
What do people mean by network? Your wifi network?
@@yannick6303 they will be inside your organisation moving around the corporate network. They will know more about your internal network than you do
getting rid of the "malware" is easy, the hard part is getting your data back.
If you dont care about your data, just reinstall windows or format your pc
i've had to do that but i havent had ransomware yet, just me being stupid and accidently deleting the boot file
@@ChrissQuartz how do you accidentally delete the boot file
Did you corrupt your bios or something
Also don't forget to secure your network, passwords, services, and the like so it doesn't happen again
@@Boon_LightBurn For me, I did something else stupid, and attempted to restore cloned backups. I messed up, and the UEFI couldn't find the windows boot location. Then I facepalmed when I realized I could have just used Windows Restore for the issue. Was a bad day, but at least no data loss due to having backups.
@@JohnSmith-xf1zu that sounds like a bad day, I am sorry sir
Thank you thank you thank you so much, my PC got attached by ransomware. My all the files got encrypted. Luckily I saw this video and I checked with 1 file, it got decrypted. So happy. Thank you so much. I got my all old memories thank you...
Guys really it works.
How do you do it
How do you do that?
Explain us... How?
Yay UwU
I had my entire OneDrive documents folder taken hostage by ransomware when I was 16. It was the week of my GCSE coursework hand ins for my Design class and I had to redo months of work in a few days. It was fucking traumatic and I hope to god as an adult I never get into this situation again.
it thought me a lesson, i bought 5 external hard drives for extra layers of protection, i transfer all my stuff to my external drive weekly for now on, 2 days ago i got all my thousands of photos and videos encrypted, thankfully i had them saved on my external hdd
@@TheGamingChad. What do you guys install to get yourselves in these situations? Do you go on sketchy websites? I am not judging I just have gotten into modding and don't want to ruin my new laptop.
@@couragecrusader7649 answer this man!
i am currently 16 and my OneDrive, containing my research, is at same situation. wtf do i do🧎♀️🔥
I think the ultimate way around this is to just store any important/sensitive information in a secure cloud server environment (that doesn't sync with your computer) - just do it manually. No matter what happens to your computer, you should have a safe backup as well so that you can just format and restore to get the functionality back - but the whole time your data wouldn't even be in question. That's real peace of mind. Obviously there are other issues associated with keeping information in the cloud - but if you're using a unique secure password and 2FA with a good authentication app then there should be 0 concern. Any input is welcome though :)
Auto syncing is absolutely fine as far as your backup cloud offers Ransomeware immunity or backup versioning.
Great video!
You forgot two important points.
1) only way to be sure you system is clean is to nuke os from orbit. I mean clean reinstall deleting partitions.
2) if you have system restore enabled, you might get files back using tools that can extract files from system restore. I have had success with this several times.
which files?
@@nimalsenna personal files, documents.
Am I to use system restore before or after reinstalling windows
Clean install will delete all files including system restore data. Use USB to boot from and delete all partitions in hard Drive to preform total clean install.
So you have to get files from system restore before clean install. So be careful not to infect newly extracted files. It might be smart to use safe mode. Then application named ShadowExplorer you can extract files if system restore was enabled. Move them to external usb drive and then you can clean install. If my explanation was too difficult then turn to professional for help.
Well there’s no guarantee that the authors of the ransomware would give you the encryption key even if you pay up. So you’re screwed either way.
CZcams is recommending me one of your videos called "My Security 2015", and I want to see your security in 2019.
I wish I had this a few years ago. I do know the basics of Ransomware but your links for help I would have loved. Thank you SO much! I have saved and shared!
Backup to cloud. I suggest mega
still works! followed steps exactly and it works, thx a ton and keep up the awesome videos
This is the most informative video I have found with information that is extremely helpful in the efforts of dealing with ransomware attacks. My question for you is, how in good god do you have all of those actual ransomware files to execute??
Thanks, Leo.
This is why Google Drive is so handy for me. Anything that I consider sensitive/irreplacable is always kept in a backup folder that I could access at any time. In case I switch to a new PC or if by some chance I am attacked by ransomware
Great video and just subscribed. Thank you.
Thank you for the great information. Our company just got hit last night. Turned every file to a ". Nortron " extension.
I'll do the steps as you described. Hopefully the files can be decrypted.
Everybody gangsta until the decryption file you download is another ransomware
Super useful high-level video, thanks!
Thanks for Sharing.... Really good to know how to react when hit by Ransomware....
Someone should send this to the Louisiana government. They recently got hit hard by some ransomeware attacks
@@ahsokaincognito Well, it's a government agency hit. They have the money ¯\_(ツ)_/¯
@@Appoxo with elections coming up soon this is sad to hear
@@ahsokaincognito Absolutely. It could be also Megacortex; also, most ransomware intrusion on companies are product of second intrusion and hacking.
@@Appoxo They have our money!
@@lesliesavege1206 Communism intensifies
Hey! Thats a great video.
However I have a question, What would you suggest for downloading the decryptor or checking the ID-Ransomware website when the infected device is off network. Also, most enterprise usually tend to block mass storage devices?
What would you recommend?
Phone tethering?
i believe that the best protection is to use two external drive and alternate them and unplug them as soon as your backup is done
Very good work, thank you
I wish I saw this a few months ago when I had to deal with it. I got rid of the ransomware, reset and changed the network password and saved a couple files but i didn't figure out how to decrypt the files that got infected. In my case it was the .hese extension. Back in August. Good thing that I had a backup of my most important files but I lost a couple beautiful memories.
How did you got it ?
Can I store some important "Ransomware (phobos) encrypted files" in another pc for further/future decryption without being infected??
Good content 👍 For my sight I prefer back up solutions routine. Sperate from any source connect to internet.
Thank You kindly for the tips its kind of sad that these people will barely be punished, so lessen thier effectivness is noble deed. Can I ask how it works that files which take over your entire data are usually very small sized? and what are the most common ways to be infected? Sorry if thats silly question Im trying to be as cautious as I can but since Your Ccleaner video Im very stressed :)
I needed that a month ago. I just reinstalled Windows and erased anything related to that piece of crap Ransomware. Thankfully I back up my files on a server separated from the attacked machine. And it forgot to actually encrypt my important data since I caught it mid-process when it was busy encrypting TEMP files x3
I just checked ID Ransomware and it says it supports Spora, have they added support since you recorded this yesterday?
... maybe
from what i tried they dont have redeye or wannacry yet
@@-YakTheKuza interesting. At first glance it looked like wanna cry was in the list of supported ransomware
@@Samiozd thats not how it works it doesnt just check the name
I setup my computer to survive a virus attack without relying on an antivirus program, which I have been doing from the early days of Windows. I got hit with a ransomware in the early days of this malware. It encrypted all the Windows doc, text and image files, but my personal files were uninfected, which included my jpg files I saved for my photography business. I laughed at the message it showed on my screen demanding I pay them, because I had backups of everything on CDs. I didn't have to use these backups, because of the steps I took to alleviate the threat. I was impressed at the level of encryption it did to Windows informational files, and I had to reinstall Windows, but I lost none of my personal files.
Is your personal files is on different partition or different disk?
I just started watching your videos and LOVE THEM! But I'm a dope when it comes to this stuff. When you say, "Lockdown infected computers in your Network" does that mean if my child's computer gets Ransomware on his tablet or laptop, my laptop or my other kids stuff can get infected? So everything hooked up on my ISP is now at risk?
Potentially.
It depends on the software being used against you but it's completely possible.
He is mostly talking about places with shared files across a network (think school computers and how they have a server where you can access files from any computer on that network.)
“Im gonna give a live demonstration, so were gonna infect this system with ransomware”
*pulls out a whole folder of ransomwares*
dang now i have a way to fight this kind of stuff since its been on the rise as of late.
Just came across your channel and you have a new subscriber.
Thank you - very informative
My brother had a laptop that was infected with ransonware some years ago. He got rid of it with a complete wipe and reload of his laptop.
no shit, windows format is the only way
if onedrive is mounted to documents , pictures, desktop, will the ransomware be able to encrypt that, if yes, is it recoverable from cloud
Yes but you can restore these files very easily: support.office.com/en-us/article/Restore-your-OneDrive-fa231298-759d-41cf-bcd0-25ac53eb8a15
OneDrive has retention but only for a limited period of time, you should not use onedrive or any cloud file services as a backup system
one drive is not hackable at this moment we are doing this to use ai to hack shainghai
One drove is usefull but makes pc very slow
Is it safe to ask the ransomware authors to show the demo that thay can decrypt one file? Is it processed by email or do I have to install some suspicious software they give me?
Why would you trust them
How do you expect people to do all the things you suggest if their systems are frozen? The times I was hit I could not move from the demand screen. I had no internet access at all except on a different desktop computer.
since I formatted my computer after the attack my email accounts on social networks and even accounts that I didn't remember existed tried to be connected by strangers, what can that be?
Exactly same , my youtube channel started uploading videos which was logged in into my decrypted pc. Someone also tried using my Instagram and I am bit worried about my money as I do card payments from pc . Although the mail linked to Google pay was also in pc and I changed all of those account passwords , then also someone might use them for thier beneficiary. Plz reply me what all accounts and applications were compromised and need to secured
@@KunalSawant875 it’s very possible it was all broken into. Try to get into these accounts and change passwords + enable 2 step verification. Stop doing payment stuff on PC, do it on IPhone or something of that nature
@@bugginoutw2243 yes , I followed same path.first of all I changed all of my passwords even if they were not signed up into my pc. Then I went to my banks , met mangers and changed details for my online transactions. Also in one or two banks ,I made new account closing existing one.and last but not the least I made new bank account with very low balance just to do online transactions. it's been a while but thanks a lot for the reply!
How much these criminals usually ask to decrypt your files?
Really depends on the ransomware group, and depends if it's an individual or a business with cyber insurance.
Fyi I only know that because the place I work at got hit with ransomware and I've been researching it since.
Best case scenario, you actively back up your work and use external version control for any major project. Thus making it a simple case of wiping your drives and reinstalling your os.
Worst case scenario, contact the ransom, ask for a demo to prove they arent just going to scam you further. Perhaps even pay a tiny fee to prove your intent of paying the full ransom.
Take that demo to security expects to reverse engineer the ransom. What ever little you spent (if so) likely will help others in the long run.
great video mate! just a question though, if i get attacked by ramsonware and i use microsoft onedrive (synchronized) will my files on cloud be encrypted too or are they safe? Thank you in advance for your time and keep up the good work!
As of today, talking from experience, since I had OneDrive synchronized/connected to my pc when I got attacked I can tell you that your files won't be safe if they're connected to your pc. :')
@@itzMiee thnx for the reply mate, i'll keep that in mind!
I notice you never brought up a full system restore.
Thank you. Now I'm calmer about my attack.
you should also make a video on ransomware that locks the computer. my brother had a couple of them and i had to go through a few hoops to get them out without a format. as for data security, the best thing to do is get a 2TB+ USB drive (or more if needed), plug it in, make backups and then unplug it. this way you can be sure that nothing has access to the backups, then in case of ransomware, you deal with the problem and if no decryption is available you just restore the backups.
And actually get at least two of these backup drives. Nothing sucks more than needing your backup and finding out the USB stick you put it on is dead.
what's the best imaging/backup software to get a complete sector by sector image of your entire system? And, should the infected drive be wiped or zeroed out before an infected system get restored with an image?
Simple format is enough, u can use tools like Dd from linux system rescue... there are plenty of ways to save images of your partitions
I’ve been pirating stuff for over a decade and not once have I ever had any virus/malware/ransomware, how do people even come across this sort of thing?
Dark web my guess
just plainly not having an antivirus plus not worrying or being unknowing of any viruses, plus cyber security is more tougher than it was 10 years ago, 10 years ago it was easy for a naive kid back then like i was to download a harmful virus, got a rogue antivirus but luckily some youtube videos figured out the activation key and allowed me to rid the program.
nowadays i havent had a virus since that incident i described. and even when downloading stuff i get VERY skeptical when my antivirus goes off even if its a false alarm. i always find reviews, ask friends, and if i have to, use a vm to make sure its safe or not.
tbh i tend to get scared connecting my laptop even on my college wifi because those places can be easy breeding grounds for a massive virus spread, i always use my phone instead.
The two primary vehicles I see working at an MSP are email related (attachments or links not yet identified by filters) and wide open remote desktop ports. The former we are training users against phishing with a service called KnowB4 that we launch phishing campaigns and get statistics on who goofed and how badly. Numbers have gone way down so it is successful.
not necessarily, it just havent hit you yet or may be youre just lucky.. if you are using cracked software there maybe 80% chance of getting hit by ransomware
how about you try downloading and install malwarebyte ..run a full scan and see whatchu got..
Please don't pay ransom:
All hackers: *triggered*
Thanks for the information. But does randsomeware takes login informations?
My solution is to always have backups, and not backups from like..months ago, but bi-daily backups....in other words I have backups from Sunday-Monday, that I overwrite with backups for Tuesday-Wednesday...which get overwritten with backups for Thursday-Friday..etc...and I rotate them and keep it steady and even, I guess once you get into a rhythm with making / storing, and overwriting backups?...ransom ware becomes a thing of the past. There's also the fact that you MUST change ALL passwords when/if you get hit with ransom ware, (I always encrypt my passwords and use long complex, yet easily remember-able passwords too...not a word really but a phrase....like (not ever used by me...just using this for an example):
Take your name....say...its "Timothy"....
SPLIT it "Timo-thy"....
Place something INSIDE your split name....like ...
"scH001Bu5"......
SPLIT that as well...
"scH001-Bu5"
in the middle of THAT?...place your birthdate...
00/00/0000....but use underscores instead:
00_00_0000
so you now have "TimoscH00100_00_0000Bu5thy"......now...take THAT?..
and ENCRYPT IT!...by the time someone cracks THAT?....you already have backups of your backups which are backups of your backups, and if they DO hit you with ransomware?...you can listen to some jazz, sip on some chilled wine...and smile as you restore your latest backup and change your passwords yet again.
Just some simple advice from an old Network admin!...(sometimes..."simple" doesn't have to mean "vulnerable"!...LoL!!)
If you don't care for data JUST REINSTALL WINDOWS FFS
Exactly what i did😂
SAME. Haha
i think almost everyone does that. simple and easy. everyone's just bieng techy in the comments LOL
Same
How did you guys get ransomware?
Same I did 🤣🤣🤣
You can do system restore on Windows also!!
Yeah that's what i did about 2 years ago. I simply rolled windows back to the day before. Don't know if it works every time but it worked for me.
Peace
Not really some ransonware will not let you system restore
@@thatguyyouseeeverywhere8886 then format the drive or if not just open the pc and take it out go and put another one if you have one
This is an excellent source of information and very well explained.
my father's accounting office got hit by barak ransomware, but he didn't get any ransom note, have you heard about similar situations? also could you recommend any good programs for restoring files? thanks a lot!
Since my systems do not have sensitive files I just do a full wipe and reboot
Neither do I, but i had a lot of games and movies on my device. Losing files can be heartbreaking y'know.
Merry christmas to you and family and a happy free virus 2020 year , greetings from hans of the dutch lowlands nl 👍👌
"free virus 2020 year"
This comment definitely did not age well
Kian Santang Kusumah ikr
I keep a number of backup images for my computers. The images are on drives that must be manually connected to the computers to restore. If I have any reason to restore a computer, I first boot on the Windows repair start DVD and then I connect the image drive. I then run the utility to restore the computer.
Note: Do not execute any virus on real computer, use virtual machine or dont execute them at all. It's for your safety.
Don't forget to close your internet connection, and make sure the malware can't leak from the vm
"Half the time the ransomware will encrypt your backup once u connect it to your PC"
*Laughs in stack of DVD-R's*
Read-only cloud storage is also nice ;)
@ then your just trusting someone else to hold all your data for you .-.
that sounds scary, but i did the following, i got encrypted 2 days ago, first time actually, AFTER rebooting my pc i connected my external drive to my computer to transfer all my files to the computer again, am i good to go or did i do it anything wrong? and while my computer had ransomware i managed to move some stuff to my phone using an usb cable, my phone was not encrypted
If you are planning to put everything on DVD's, why bother, buy a Blu-ray drive and couple of those double layer double side 100GB discs
Can someone explain to me how to exactly do this at 0:40, does it just mean disconnecting from the internet? I'm not very good with computers so I don't quite know how to do this. I haven't been hit by ransomware btw, but I just wanted to know if my laptop ever gets infected by ransomware.
production. Thanks again!
1:05
*pulls out my grandfather's life support*
this comment is so underrated.
will they know my ip address ?? i have the .booa virus on my pc and my pc dont have any important stuffs so lol
Backups, backups, backups. Ransomware won't be able to touch your AWS S3 objects (unless it knows your root account password, in which case data loss is the least of your worries). It also won't encrypt your external hard drive unless it's plugged into your machine at that moment.
redundancy with randomly generated passwords saves that. ive got 3 accounts with a password i cant even remember and if they can get to the locked flash drive in a place i shant say to get to them...welll
Heya I know I this a bit off topic but i am just wondering. I tried opening discord and then a application error popped up, it says this "the instruction at 0x0000000000000076CAO63E referenced memory at 0x0000000006F532778 the required data was not placed into memory because of an I/O error status of 0xc000000242.
Click ok to terminate program"
How do you fix this?
the dislikes are ransomware makers
Yes.
This Video : **Exists*
Me : Dont Use Computer lol
Are your accounts (minecraft, battlenet, discord, etc) protected? is iot just your documents and images that get screwed?
Helpful Video Leo
i dont store super secret stuff on my computer so if i ever get ransomware i have no problem doing a factory reset
they got my anime wallpapers
Lmfaaaaao
I just keep all important files on flash drives. If I was infected I would long format the drive and then reinstall windows.
Ransomware will typically encrypt any devices connected to infected systems
@@vidzpit8264 no shit. I'm saying my files are stored on flash drives. I don't leave them plugged in 24/7. I plug them in when I want to use the files, then unplug them.
Can you tell me what are some places where ransomware can infect you and also can i just format c if I don’t have any files i care about as i only have games.
Im not very tech savvy so I’d love if someone explained this to me
By recent past experience on a ransomware attack, I would recommend urgently to keep up-to-date the bios of the computer. It seems this was the only door open to get infected.
Backup your computer regularly, people! My high school recommended doing so every Friday, so that's what I've done for years.
I remember getting ransomware on my computer like 10 years ago from downloading Terrordrome, CSGO, and Fallout 2 on super sketchy sites💀
A few months ago I got hit by one with the .boop extension so I basically have 2 TB of data encrypted, that includes approximately 15 years of pictures. The two infected drives are lying here on my desk. I have a new drive in my machine but I operate from home so my work files are on those drives. I became complacent and wasn't backing up as I used to.
I don't have any imp docs but I just want to make sure my pc is usable.is it safe to still use the pc?
Use brenddy_hack on Instagram who did mine
Step 0: Have backups
Step 1: Nuke the install from orbit
Step 2: Install Linux instead
(I'd reccomend Linux Mint if you're used to Windows.)
@Leon Voerman most common ransomware is made for Windows, so it doesn't work on oinux
@@sybrenvandenakker9064 www.notebookcheck.net/Lilu-Lilocked-ransomware-has-now-infected-thousands-of-Linux-servers.434547.0.html
Step 2 can only be implemented if you don't need Windows specific softwares. It's great for people who do some web surfing, watch videos and stuff. And as you mentioned, with distros like Mint and Ubuntu, linux has become extremely user friendly.
@@smellymomo if you REALLY need a certain bit of windows software, use a VM or dual boot. just make sure that the windows VM/partition does not have access to your linux drives (hard to do anyways since windows hates anything to do with linux)
if you need to transfer files between them, mount the windows partition in linux and move files there. always keep the files under linux and also a cold backup too if you wanna be extra safe (a drive that's unplugged most of the time)
There are thingies for linux as well, trust me on that one.
Honestly, just owning it and not trying to hide it is partially
why I watch you. It's the honorable thing to do and it make
the rest of the jobs much more believe when you are call
out of the spots like that, so thank you #davkracks.
Very useful vid. Thanks
Okay so the problem with me is that I download the decryptor for Stop(DJVU) but it won't start/open. Do you know any solution for that?
Thankyou very much for uploading this video but sadly my version of ransomware isnt decrytable !
I saw personally what ransomware can do to a company. I'm curious about things such as One Drive local files from SharePoint/Teams that can get hit by a ransomware on a client PC - would Microsoft recognize a sync over to the cloud service and stop that from moving over?
athough i am not sure if the system would detect that the files had been encrypted, most cloud storage services (including onedrive and google drive) have file versions, im not sure how it works with onedrive, but with google drive older versions are usually stored for at least 30 days
After watching some youtube videos .. I tried to decrypt it but it says Id is online decryption is impossible .... Does formatting my computer will remove the ransomware ?
If you have dropbox accessible at all times on your computer, does ransomware encrypt that also? (even though the files reside within the cloud)
No. Though i suggest MEGA for better security and more free memory than what dropbox offers and works just like onedrive does (acts like a folder inside your file explorer)
if you pay for the dycrypter is it an executable or what like is it possible to hand over to sucurity experts so they can use it in the future or what?
Do not pay them, they are most likely gonna keep asking for more money. A last ditch method would be to formatting your pc and reinstalling windows
Hello I was recently attacked by downloading a bad file from internet, I got the ransomware attacked + Pop-up adds on Chrome. Thank God I have my Data on a hard Drive so It won't be a problem, but I'm questioning if formatting my laptop will remove the pop-up sites on Chrome or will they remain on Google? (uBlock is blocking 68 pop-ups on this video) Please help and thanks for the vid.
thx for this video :)
So in other words if there is a repair tool for the ransomware you have then you can repair the files if not restore from backup. This is a good reason to back up to a NAS device that uses unique login credentials and is not part of the domain. I have seen people get their backups encrypted too so no way to recover short of paying the ransom.
So there are some files in my computer who are encrypted but i dont need those files and i want to delete them to get more space, There are some text files saying that something bad will happend if i delete them, Somehow it din't infect like main files like games etc i think i actually got rid of some of it with an antivirus but others are still encrypted, What should i do?.
I keep isolated system backups. I would do a restore using a full wipe of the partition before restoring.
Thank you bro.
My data files infected by iisa (dajavu Ransom )
Now I would decript my files.
😘
Hi, my client has been impacted by Cuba Ransomware. Is there any recovery possible? Are there any decryption tools?
Hello friend, after you have ran the process, and it encrypts your files, is it possible to do Task Manager-Find random process- Create memory dump and the encryption key will be in there? But when it creates the memory dump file, will it encrypt that?
I don't think that will help unfortunately. Most encryption uses a public and private key pairing. The public key is used to encrypt the data and the private key is needed to decrypt it.
You might be able to obtain the public key this way, but that will be useless to decrypt them: you will still need the private key which will be held by the scammers and likely won't be part of the software itself so it can't be reverse engineered and obtained.