Tag Archives: ransomware

Repair MP4, MOV, 3GP, M4V, WAV, MP3 after STOP/DJVU ransomware

As most ransomware STOP/DJVU encrypts files to make them inaccessible. After you pay the ransom (in bitcoins), the attackers send the tools and information needed to decrypt your files and make them accessible again. The encryption is very hard to ‘break’ but ransomware researcher every now and then have success creating decryption software. Some time… Read More »

JPEG restart markers to the rescue

Restart markers make the difference This YouTube channel by my friend and colleague Nguyễn Vũ Hà has many great examples of JPEG-Repair being used to repair STOP/DJVU ransomware affected files. This video in particular is a great showcase on how JPEG restart markers prevent corruption propagating through the JPEG image stream. As you can see… Read More »

Repair/Recover JPEGs encrypted by ransomware STOP Djvu

This article shows repair of JPEGs that fell victim of ransomware. This particular ransomware only encrypts part of the file. Due to this the JPEG header and some 150 KB of JPEG data are lost. Using a reference file and weeding encrypted data we can repair the photo.

Petya or NotPetya from a data recovery perspective

This is not a blogpost on the inner workings of this ransomeware. I am purely interested in discussing the recover-ability of your data. The Petya or NotPetya ransomware appears to do three things to prevent you access from your data: It encrypts the MBR Individual files files are encrypted Then it encrypts the Master File… Read More »

List of ransomware decryption tools

As a result of my ransomware research I’m now following a bunch of ‘tweeters’ that work in the field of cyber security. One tweet pointed me at this list of ransomware decryption tools. Seen this list is a big mess, I cleaned it up and make it available here. In the first column the name of… Read More »

Can you recover files from the wannacrypt ransomware?

I just noticed a couple of tweets where file recovery software developers such as iCare and Easeus went as far as: “Save $300 in your pocket and don’t pay the ransom to decrypt files!”. For a moment I was under the impression, that they already figured out how to decrypt the hostage files. But that’s… Read More »