Jump to content

Ransomeware woes, nearly got my files decrypted, please help me get my Graduation photos back


Topazia

Recommended Posts

Hello all,

 

I should start by saying I am absolutely NOT tech savy so apologies for any misuse of terms!

 

On 24th November last year while browsin,  my computer went into lockdown with a screenshot from the "police" saying I had downloaded copyrighted material and to pay a fine. Scariest thing ever for someone like me!

 

After 4 hours on the phone to a friend we got my laptop unlocked and after lots of scanning removed all the nasty ransomwear.

 

Huzzah!

 

Not so much sadly. It somehow changed all the files in my documents, pictures & music folders. Nowhere else, jthese locations. I thought I had backed up recently...sadly I hadn't backed up since a few key life events, noteably..my graduation.

 

JPEGS, PDF, WORD, MP3, MP4, AVI...all these types of files just won't open. All say they were modified at the same time the virus hit. Their file names all remain the same though.

 

To find out my graduation photos and videos are locked is HEARTBREAKING. I have low quality copies from facebook uploads but they don't print out well.

 

Sorry, I am waffling.

 

I have managed to "unlock" some files.

 

My music/sounds folder I managed to unlock and restore completely by loading each sound file into audacity and then resaving.

 

No luck with PDF or WORD docs.

 

BUT. After downloading so many picture recovery softwear, I have only found ONE that shows my pictures restored in the trial versions, picture doctor 2.0. This gives me hope that all is not lost. However, it costs $99 which I simply cannot afford.

 

I don't know what that specific programme does, the other photo recovery programmes didn't find anything but this one, 100% of my photos showed up in the preview box so surely all is not lost? What am I missing, I really don't want to give up.

 

Kind regards and thanks to all

 

x

Link to post
Share on other sites

Hello and Welcome to Malwarebytes

So sorry to hear you got hit with the Ransom ware malware. This is definitely a nasty one. They encrypt your files and hold them ransom and have you pay for a code. Sad to say but you may never recover the files.

Your best bet is to have one of our experts help you one on one to check your system to make sure its completely clean, and perhaps they can help with some restore suggestions. Unfortunately the best restore tools are not free...

Being that you are/werw probably infected, feel free to follow the instructions below to receive free, one-on-one expert assistance in checking your system and clearing out any infections and correcting any damage done by the malware.

Please see the following pinned topic which has information on how to get help with this: Available Assistance for Possibly Infected Computers

Thank you

Link to post
Share on other sites

Hello,

 

My laptop is all fine and cleared now, I had a friend make sure and ran lots of scans. I moved the encrypted files off.

 

The fact I was able to "uncode" my music and that this programme managedgives me some hope, I just wondered if there was an easy way I was totally missing O_o

Link to post
Share on other sites

You really can't "repair" data that has been encrypted via cryptovirology.  The ONLY way is to have the "key" that was used to encrypt the files to decrypt them.

 

If your data was encrypted by malware using cryptovirology then one should consider the files as if they were deleted and no longer existed.  Then retrieve them from the last backup you made prior to the crypto event.

Link to post
Share on other sites

But surely if they are showing up in a jpeg repair programme, that would not have that key, there is a way and they arent truely encrypted?? Because I managed to get back my music files easily and now a few pdfs..I read somewhere it wasn't true encryption.

 

And I had no back ups when I tried in November when this happened.

Link to post
Share on other sites

I HAVE MY PICTURES!!!

 

My friend found another jpeg repair that worked, it has restored them to almost perfect quality! I am so happy. I tried about 10 programmes with no luck.

 

I just have a few PDF, WORD and soem video files I'd liek to try get back and I'll have reversed this nasty ransomware!

 

I would be interested to know what was done to the files then as it is my understanding that they weren't encrypted as such.

 

If anyone has any ideas for the video files particulary i'd be interested to know please.

 

So happy I have my day back :D

 

For anyone who had this ransonwear hit (it was a metropolitan police one about copyright) the programme that has restored my jpegs is RS File Repair 1.1

Link to post
Share on other sites

Laptop has been running fine since November now, I am paranoid since it happened!

 

And I usually do big back ups, just happened to land during one of those busy life periods and thought I had  <_<

 

Does anyone have any ideas what programme I could use to try get my few mp4/avi clips back at all? Now we know they aren't truely encrypted??

 

(Thank you all by the way)

Link to post
Share on other sites

I just tried a freeware programme and it said it wasn't an avi. Yet the file extension says it is. This is what happened with the JPEGS, im not techy minded enough to know what this virus did to them, put a mask over the original so it doesnt read as what it actually is???

 

And it doesnt let me upload any of them, bit of a brick wall now..so close to reversing everything this virus did! >.<

Link to post
Share on other sites

X3

yeppers ... attach a sample of the file(s) in question and perhaps some of us here can work at finding a solution to what actually is going on .

(crystal balls are worthless at this point)

 

i know what it is like to loose pictures from years gone by ...

i graduated , joined uncle sam's finest and two years later all the negatives , pictures and cameras/photographic equipment i had accumulated and printed over the years were destroyed in a fire at my mom and step-dad's place .

nothing left but ashes .

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.