All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 17 posts ] 
Author Message
 Post subject: Ransomware recovery ,partial success
PostPosted: May 11th, 2017, 4:18 
Offline

Joined: March 9th, 2017, 6:16
Posts: 55
Location: trinidad
Hi all
We have got some success in recovery of standard database files. 5 out of 10 were recovered in readable format.
Those who are interested pls. PM.


Top
 Profile  
 
 Post subject: Re: Ransomware recovery ,partial success
PostPosted: May 11th, 2017, 7:46 
Offline

Joined: June 6th, 2014, 11:19
Posts: 13
Location: India
Hi
Is there any possibility to decrypt ONION ransomeware .


Top
 Profile  
 
 Post subject: Re: Ransomware recovery ,partial success
PostPosted: May 11th, 2017, 9:27 
Offline

Joined: March 9th, 2017, 6:16
Posts: 55
Location: trinidad
Hi What is the affected file types .Currently I can work on limited file types (database) only.
PM for more details.


Top
 Profile  
 
 Post subject: Re: Ransomware recovery ,partial success
PostPosted: May 12th, 2017, 5:23 
Offline
User avatar

Joined: December 8th, 2013, 4:48
Posts: 607
Location: Pakistan
kash wrote:
Hi
Is there any possibility to decrypt ONION ransomeware .


Onion is a Cry128 variant, there is decryptor available for this. see if it works

_________________
Data Recovery Pakistan


Top
 Profile  
 
 Post subject: Re: Ransomware recovery ,partial success
PostPosted: May 12th, 2017, 11:12 
Offline
User avatar

Joined: January 28th, 2009, 10:54
Posts: 2609
Location: Greece
MindMergepk wrote:
Onion is a Cry128 variant


I kindly disagree, .onion can be a lot of different Ransomware strains, and one (and most common) of them is Dharma. If it's Dharma it's game over.

_________________
Northwind Data Recovery - Greece
WD Trusted Partners
http://www.northwind.gr


Top
 Profile  
 
 Post subject: Re: Ransomware recovery ,partial success
PostPosted: May 12th, 2017, 15:33 
Offline
User avatar

Joined: December 8th, 2013, 4:48
Posts: 607
Location: Pakistan
its possible,
can OP upload some files to identify the variant.

_________________
Data Recovery Pakistan


Top
 Profile  
 
 Post subject: Re: Ransomware recovery ,partial success
PostPosted: May 12th, 2017, 15:37 
Offline
User avatar

Joined: December 19th, 2006, 8:49
Posts: 7720
Location: Portugal
bunty wrote:
Hi all
We have got some success in recovery of standard database files. 5 out of 10 were recovered in readable format.
Those who are interested pls. PM.


For what malware/ransomware ?

:shock: :shock: :shock:

_________________
1Q9xrDTzTddUXeJAFRn37aqh1Yr6buDCdw - (Bitcoin Donations)
The HDD Oracle - Platform for OPEN research on Data Recovery.


Top
 Profile  
 
 Post subject: Re: Ransomware recovery ,partial success
PostPosted: May 13th, 2017, 9:40 
Offline

Joined: March 9th, 2017, 6:16
Posts: 55
Location: trinidad
Hi all
With the help of one of my friend , we have successfully worked on Dharma ransomware. affected files.
As I have previously mentioned we have limited success ( some database files fully recovered)


Top
 Profile  
 
 Post subject: Re: Ransomware recovery ,partial success
PostPosted: May 13th, 2017, 16:08 
Offline
User avatar

Joined: December 8th, 2013, 4:48
Posts: 607
Location: Pakistan
dharma old variants keys are already released in march 2017:
https://threatpost.com/keys-for-dharma- ... ed/124024/

new variant has no solution as far as i know, I would love to hear if anyone has decrypted new dharma variants.

_________________
Data Recovery Pakistan


Top
 Profile  
 
 Post subject: Re: Ransomware recovery ,partial success
PostPosted: May 14th, 2017, 2:06 
Offline
User avatar

Joined: January 28th, 2009, 10:54
Posts: 2609
Location: Greece
Dharma .wallet .onion has no way to decrypt.
As far as we've seen, on countless analysis we've done, it has no weaknesses.
And .dharma was "broken" because the dev gave away the master key, not because it was possible to crack.

_________________
Northwind Data Recovery - Greece
WD Trusted Partners
http://www.northwind.gr


Top
 Profile  
 
 Post subject: Re: Ransomware recovery ,partial success
PostPosted: May 14th, 2017, 19:49 
Offline

Joined: November 7th, 2015, 13:04
Posts: 88
Location: Austin metro area TX USA
I assume full image backups of OS and Data partitions onto external media has already been done? If/when end-user gets the stuff back, then another set will be made?

_________________
"Take care of thy backups and thy restores shall take care of thee." Ben Franklin
http://collegecafe.fr.yuku.com/forums/4 ... hnologies/


Top
 Profile  
 
 Post subject: Re: Ransomware recovery ,partial success
PostPosted: May 15th, 2017, 2:48 
Offline

Joined: March 9th, 2017, 6:16
Posts: 55
Location: trinidad
As several peoples have mentioned full decryption may not be possible.
However I have got limited success with some file types (database)


Top
 Profile  
 
 Post subject: Re: Ransomware recovery ,partial success
PostPosted: May 15th, 2017, 5:41 
Offline
User avatar

Joined: December 8th, 2013, 4:48
Posts: 607
Location: Pakistan
question is !
what is the variant you can partially decrypt ?

_________________
Data Recovery Pakistan


Top
 Profile  
 
 Post subject: Re: Ransomware recovery ,partial success
PostPosted: May 16th, 2017, 8:16 
Offline

Joined: March 9th, 2017, 6:16
Posts: 55
Location: trinidad
Bit difficult to answer as there are so many variants , pls .send me your file ,I will give it a try.


Top
 Profile  
 
 Post subject: Re: Ransomware recovery ,partial success
PostPosted: May 19th, 2017, 3:42 
Offline
User avatar

Joined: January 28th, 2009, 10:54
Posts: 2609
Location: Greece
Dharma .wallet now decryptable :)

_________________
Northwind Data Recovery - Greece
WD Trusted Partners
http://www.northwind.gr


Top
 Profile  
 
 Post subject: Re: Ransomware recovery ,partial success
PostPosted: May 19th, 2017, 3:58 
Offline
User avatar

Joined: December 8th, 2013, 4:48
Posts: 607
Location: Pakistan
yes, again master keys released;
https://www.bleepingcomputer.com/news/s ... decryptor/

_________________
Data Recovery Pakistan


Top
 Profile  
 
 Post subject: Re: Ransomware recovery ,partial success
PostPosted: May 19th, 2017, 13:26 
Offline
User avatar

Joined: December 8th, 2013, 4:48
Posts: 607
Location: Pakistan
another variant master key released:
BTCWare Ramsomware

https://www.bleepingcomputer.com/news/s ... available/

_________________
Data Recovery Pakistan


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 17 posts ] 

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: beto, Google [Bot] and 25 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group