here is more files
3 docx
3 pdf

First of all pleas don't use this kind of font, there is no need.

Second did your client use any antyvirus on his computer?? If no, I think that your client is victim of so called "ransomware". It is "worm/virus" that is encrypts data on drive not whole drive but single files. Then you see the information that if you want to decrypt data you must pay the ransom.

So there is two options first client pay the ransom, and second you try brute-force.

Regards

sorry for the font, it just too small i thing

if the clint pay the ransom ? will it be encrypted ? or he will just loose his money ?

i mean are they trusted after they receive there ransom, did it work before ??

@LostDataSa

Honestly I don't know ;/ I only know how it works in theory, I never had a chance to check this in practice. And I hope I never will.

i followed the instruction on (Decrypt All Files jejfpoi.txt) which found everywhere on my Clint drive

they are asking for 630 USD

and they gave me the option to decrypt one file only

I have uploaded the encrypted and the decrypted files together in rar file

the question by comparing the encrypted and the original file, wil it be possible to find the encryption key

More than just extensions were altered. Likely a new variant of the encryption-ransom-wares going around. You used to be able to recover files from shadow copies but this is not often the case anymore. Most ransomware's give a short window to pay- paying only guarantees you wont have the money. These criminals may give you the key to decrypt- but sometimes don't as there is nothing you can do about it if you pay. I suggest no one ever pay- then this would stop.

I tried using r-studio

i found all the original files deleted but there are almost the same size and non of them working
also tried to repair the recovered files but no luck also

i am saying the only way is to decrypt these file or if we are able to find the key by comparing the encrypted file and the file was decrypted by the hacker website ( they gave me only one file to decrypt)

Hello.
I can't check now because i'm at work writting by mobile phone and don't have my tools with me.
What is the ransomware name ? It's on the ransom page.
Most likely i can compare the decrypted with encrypted file and get the key.
I will check when i arrive home.
How many files do you need to decrypt ?
Also, are you willing to outsource the job and pay for the decryption ?
I've done a cryptorbit ransomware recovery recently and was very successful. I've posted a thread about it sometime ago.
Some ransomware doesn't even actualy encrypt.
I will check properly when i arrive, on the meanwhile can you provide the ransomware name ?

_________________
1Q9xrDTzTddUXeJAFRn37aqh1Yr6buDCdw - (Bitcoin Donations)
paypal.me/Spildit - (PayPal Donations)
The HDD Oracle - Platform for OPEN research on Data Recovery.

here is another file that is also decrypted for comparing them

Needless to say you should first of all plug the client drive on your system and clean it with your AV tools, or run an off-line bootable cleaner like avira rescue cd and make sure the client computer gets clean otherwise the files will end up re-encrypted.

When you scan the encrypted files with AV it will not display any infection because they are just encrypted or messed up files. The true executable code doing the encryption might still be on the system and can as well be rooted (rootkit) so make sure to run multi av tools against the drive but running them from a clean system with the drive attached to it but not booting from it.
I will check your files later today.

_________________
1Q9xrDTzTddUXeJAFRn37aqh1Yr6buDCdw - (Bitcoin Donations)
paypal.me/Spildit - (PayPal Donations)
The HDD Oracle - Platform for OPEN research on Data Recovery.

Ok, i've just arrived home.

The files are encryped with CTB Locker virus.
I will post more info in a moment.

_________________
1Q9xrDTzTddUXeJAFRn37aqh1Yr6buDCdw - (Bitcoin Donations)
paypal.me/Spildit - (PayPal Donations)
The HDD Oracle - Platform for OPEN research on Data Recovery.

BAD LUCK :

Is it possible to decrypt files encrypted by CTB Locker?



http://www.bleepingcomputer.com/virus-r ... nformation

_________________
1Q9xrDTzTddUXeJAFRn37aqh1Yr6buDCdw - (Bitcoin Donations)
paypal.me/Spildit - (PayPal Donations)
The HDD Oracle - Platform for OPEN research on Data Recovery.

I do not recommend you pay the extortionist, because it encourages this bad people keep doing the same.

Also I know cases after paying the amount of 3000 eur. customer have not received any key or mode to get data.

I don't agree with your theory that paying will encourage them and not paying will discourage them. They will keep doing this because it works. many people pay.

I do agree to not pay them though.. as good Will Hunting said quite eloquently... " Because Fuck them, that's why".

paying them is no guarantee they will give any key or decrypt your files. The best thing you can do is prevent it. Don't leave network drives mapped unnecessarily, don't leave backup drives connected, don't overwrite your backups too quickly.

maybe try some new technology. Recently Palo Alto bought Cyvera. They are developing some really interesting endpoint protection. Basically there are around 20 techniques most malware uses and these guys are researching each one and writing defence for each. listen to the latest Risky Business podcast for an interview with the CTO of PAN http://risky.biz/RB350 , or download and try it https://www.paloaltonetworks.com/products/endpoint-security.html

Hello Spildit,

As i am new to this forum, i could not compose new post. but i am trying from here if you get , it would be helpful
Friend of mine has seems to be same problem , seem his work pc been infected by ransomware and , he send me this photo file to check if i could recover this file.
Could you please have a look to this photo file and tell me the details of infection and solution to this problem.
bunch of thanks with big hearth.

Regards
Digu