All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 6 posts ] 
Author Message
 Post subject: FARGO (TargetCompany) OR Mallox Ransomware Recovery
PostPosted: May 19th, 2023, 4:52 
Offline

Joined: August 10th, 2015, 9:00
Posts: 33
Location: asia india
Guys
Is there any Solution for this sophisticated decryption ? This variant targets vulnerable SQL servers .
One of my customer wants to decrypt SQL MDF file. I have read that some file types can be repaired , don't know whether it is possible for this variant.
Has anyone any solution . Pls. PM cost of recovery as well so as to get customer approval.
Thanks


Attachments:
Screenshot 2023-05-19 015239.png
Screenshot 2023-05-19 015239.png [ 268.73 KiB | Viewed 1904 times ]
Top
 Profile  
 
 Post subject: Re: FARGO (TargetCompany) OR Mallox Ransomware Recovery
PostPosted: June 17th, 2023, 12:25 
Offline

Joined: March 11th, 2021, 10:13
Posts: 184
Location: Switzerland
For Ransomware, best address is bleepingcomputer.com/forums


Top
 Profile  
 
 Post subject: Re: FARGO (TargetCompany) OR Mallox Ransomware Recovery
PostPosted: June 17th, 2023, 13:29 
Offline
User avatar

Joined: May 13th, 2019, 7:50
Posts: 907
Location: Nederland
Quote:
I have read that some file types can be repaired


Some times repair is an option if a file is only partially encrypted. Repair then entails getting rid of encrypted data and make remaining non encrypted data viewable, playable etc.. If encrypted entirely, decryption is only option.

Example, here it turned out GlobeImposter does not encrypt entire file: https://youtu.be/rB5vo02SjD8.
Here PayFast or Zeppelin does not encrypt entire file: https://youtu.be/0gAhaAKshYw
Or STOP DJVU: https://youtu.be/ouSTB6Rg10g

I have no idea about Fargo though, never encountered it.

It does of course depend on type of data if repair is feasible and even desirable.

Quick hint could be to look at file entropy: IF entropy 8.00 bits/byte likely entire file is encrypted.

_________________
Joep - http://www.disktuna.com - video & photo repair & recovery service


Top
 Profile  
 
 Post subject: Re: FARGO (TargetCompany) OR Mallox Ransomware Recovery
PostPosted: June 17th, 2023, 16:25 
Offline
User avatar

Joined: January 28th, 2009, 10:54
Posts: 3452
Location: Greece
TargetCompany/Mallox does not encrypt entire file.

_________________
http://www.northwind.gr
SandForce SSD Recovery
Ransomware Reverse Engineering - NoMoreRansom! partners


Top
 Profile  
 
 Post subject: Re: FARGO (TargetCompany) OR Mallox Ransomware Recovery
PostPosted: June 18th, 2023, 11:48 
Offline

Joined: March 11th, 2021, 10:13
Posts: 184
Location: Switzerland
it's listed as decrypted here

https://www.nomoreransom.org/en/decryption-tools.html


Top
 Profile  
 
 Post subject: Re: FARGO (TargetCompany) OR Mallox Ransomware Recovery
PostPosted: June 19th, 2023, 4:10 
Offline
User avatar

Joined: January 28th, 2009, 10:54
Posts: 3452
Location: Greece
Yeah, that's for an old version, it won't work for newer infections.

_________________
http://www.northwind.gr
SandForce SSD Recovery
Ransomware Reverse Engineering - NoMoreRansom! partners


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 6 posts ] 

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: Google Adsense [Bot] and 84 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group