Main » Forums home » Research and development

All times are UTC - 5 hours [ DST ]

Forum rules


Please do not post questions about data recovery cases here (use this forum instead). This forum is for topics on finding new ways to recover data. Accessing firmware, writing programs, reading bits off the platter, recovering data from dust...



Post new topic Reply to topic  Page 1 of 1
  [ 7 posts ] 
  Previous topic | Next topic 
Author Message
athena
 Post subject: Malloxx ransomware recovery
PostPosted: August 28th, 2023, 9:12 
Offline

Joined: May 30th, 2014, 0:54
Posts: 125
Location: Universe
Is there any known solution to decrypt Malloxx (Targetcompany) ransomware encrypted data?
Avast has released free decrypter ,but it does not work with this variant.
Top
 Profile  
 
northwind
 Post subject: Re: Malloxx ransomware recovery
PostPosted: August 29th, 2023, 5:03 
Offline
User avatar

Joined: January 28th, 2009, 10:54
Posts: 3456
Location: Greece
Unfortunately there isn't.

_________________
http://www.northwind.gr
SandForce SSD Recovery
Ransomware Reverse Engineering - NoMoreRansom! partners
Top
 Profile  
 
athena
 Post subject: Re: Malloxx ransomware recovery
PostPosted: August 29th, 2023, 8:22 
Offline

Joined: May 30th, 2014, 0:54
Posts: 125
Location: Universe
northwind wrote:
Unfortunately there isn't.


Thank you northwind.
Is there anyway to repair encrypted mdf file using some utilty. That is the only way left unfortunately
Top
 Profile  
 
northwind
 Post subject: Re: Malloxx ransomware recovery
PostPosted: August 30th, 2023, 2:35 
Offline
User avatar

Joined: January 28th, 2009, 10:54
Posts: 3456
Location: Greece
There are plenty sql repair utilities with ambiguous results most of the time. Stellar, Systools and Repair Toolbox being some of them.
You can try all of them in demo and see which gives you best results.

_________________
http://www.northwind.gr
SandForce SSD Recovery
Ransomware Reverse Engineering - NoMoreRansom! partners
Top
 Profile  
 
higgsboson
 Post subject: Re: Malloxx ransomware recovery
PostPosted: August 30th, 2023, 23:20 
Offline

Joined: September 1st, 2012, 6:16
Posts: 182
Location: Universe
northwind wrote:
There are plenty sql repair utilities with ambiguous results most of the time. Stellar, Systools and Repair Toolbox being some of them.
You can try all of them in demo and see which gives you best results.


Is it possible to get full or partial SQL data after repairs ? Has anyone done this ?I have a pending case too. What will be charges for the same.
If customer agrees I am ready to pay. I have tried all above utilities (demo mode) but outcome of the same is not known though some tables are shown in preview.
Any help appreciated
Top
 Profile  
 
northwind
 Post subject: Re: Malloxx ransomware recovery
PostPosted: August 31st, 2023, 3:34 
Offline
User avatar

Joined: January 28th, 2009, 10:54
Posts: 3456
Location: Greece
As a general rule, after repairing your database, it will attach to the SQL server, however there will be data missing. The amount of missing data will be dependant on the corruption of the file due to encryption.

In some cases, where we get lucky, we were able to manually repair the file and get almost perfect result, but that was due to poor encryption of the ransomware, where it encrypted areas that weren't really containing user data, only headers and generic stuff.

In most of the cases with the auto repair tools, the result is poor because critical tables will be missing.

_________________
http://www.northwind.gr
SandForce SSD Recovery
Ransomware Reverse Engineering - NoMoreRansom! partners
Top
 Profile  
 
higgsboson
 Post subject: Re: Malloxx ransomware recovery
PostPosted: August 31st, 2023, 11:39 
Offline

Joined: September 1st, 2012, 6:16
Posts: 182
Location: Universe
northwind wrote:
As a general rule, after repairing your database, it will attach to the SQL server, however there will be data missing. The amount of missing data will be dependant on the corruption of the file due to encryption.

In some cases, where we get lucky, we were able to manually repair the file and get almost perfect result, but that was due to poor encryption of the ransomware, where it encrypted areas that weren't really containing user data, only headers and generic stuff.

In most of the cases with the auto repair tools, the result is poor because critical tables will be missing.


Thank you so much norhwind , before purchasing expensive tool I have got clear idea about outcome which depends upon level of coruption.
I think if customer approves costing and his software vendor for manual reconstruction & repairs then I will send file to developers .They might be able to repair it far better than retail tool.
Thanks a lot :-D :good:
Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 7 posts ] 

Main » Forums home » Research and development

All times are UTC - 5 hours [ DST ]

Who is online

Users browsing this forum: Google [Bot] and 47 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Switch to mobile style
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group