FARGO (TargetCompany) OR Mallox Ransomware Recovery

[Rudra]

Guys
Is there any Solution for this sophisticated decryption ? This variant targets vulnerable SQL servers .
One of my customer wants to decrypt SQL MDF file. I have read that some file types can be repaired , don't know whether it is possible for this variant.
Has anyone any solution . Pls. PM cost of recovery as well so as to get customer approval.
Thanks

Attachments

[suricate.ch]

For Ransomware, best address is bleepingcomputer.com/forums

[Arch Stanton]

I have read that some file types can be repaired

Some times repair is an option if a file is only partially encrypted. Repair then entails getting rid of encrypted data and make remaining non encrypted data viewable, playable etc.. If encrypted entirely, decryption is only option.

Example, here it turned out GlobeImposter does not encrypt entire file: https://youtu.be/rB5vo02SjD8.
Here PayFast or Zeppelin does not encrypt entire file: https://youtu.be/0gAhaAKshYw
Or STOP DJVU: https://youtu.be/ouSTB6Rg10g

I have no idea about Fargo though, never encountered it.

It does of course depend on type of data if repair is feasible and even desirable.

Quick hint could be to look at file entropy: IF entropy 8.00 bits/byte likely entire file is encrypted.

[northwind]

TargetCompany/Mallox does not encrypt entire file.

[suricate.ch]

it's listed as decrypted here

https://www.nomoreransom.org/en/decryption-tools.html

[northwind]

Yeah, that's for an old version, it won't work for newer infections.