|
cumshitter posted:Luckily I've never had to do it, but I thought I had heard that the encryption unlock key was stored on an infected computer's hard drive and that it could be accessed through safe mode? There have been a couple of variants that stored the key locally and some AV companies were able to decrypt the user files from this, but a lot of ransomware infections store their keys on external servers so there's no way (without massive computing power and several years processing time) to get that info without paying. There was one recently that spread out and infected a heap of machines but their hosting service got wind of what they were doing and shut down all their accounts, leaving those who got hit with no way of recovering their files at all due to the place that hosted their decryption keys no longer existing. I've had some success retrieving data by running deleted file recovery tools after the infection as most of them will make an encrypted copy of the file and then delete the original so if you're lucky the files you need still exist on the drive but have just bee removed from the filesystem table. Wouldn't be surprised to see newer variants run a defrag after the infection to prevent this limited recovery method. Ransomware authors are without doubt some of the worst human beings to grace the face of this planet.
|
# ¿ Mar 26, 2016 03:22 |
|
|
# ¿ Apr 28, 2024 18:55 |
|
Slime posted:There's apparently one near me, I'm almost tempted to flatten my laptop to see what's on it and then flatten it again once I'm done. You could still end up with a boot sector infection that way, I think a live ubuntu or similar CD would be best
|
# ¿ Oct 13, 2016 10:58 |