Media repair tool for MP3 and WAV affected by STOP/DJVU
June 13th, 2020, 21:25
I am working on a small repair tool that allows you to repair MP3 and WAV files that are affected by STOP/DJVU ransomware. To test it I need files encrypted by this ransomware. To repair WAV files the tool requires a reference file: A file recorded with the same device or same software as the victim files.
So, if you have any of those and would like me to repair them, please share them with me. I’ll then try to adjust the tool to repair them and send it to you so you can repair the rest of the files. So, I do not need tons of them, send me, say 10 + reference file if possible
Drop me a PM and the URL where you’ve uploaded them (Google Drive or similar).
"Stop is believed to be the most active ransomware in the world, accounting for more than half of all ransomware infections, according to figures from ID-Ransomware, a free site that helps identify infections. But Emsisoft said that figure is likely to be far higher." - source, https://techcrunch.com/2019/10/18/stop- ... ion-tools/
If time permits I'll keep adding more file types.
So, if you have any of those and would like me to repair them, please share them with me. I’ll then try to adjust the tool to repair them and send it to you so you can repair the rest of the files. So, I do not need tons of them, send me, say 10 + reference file if possible
Drop me a PM and the URL where you’ve uploaded them (Google Drive or similar).
"Stop is believed to be the most active ransomware in the world, accounting for more than half of all ransomware infections, according to figures from ID-Ransomware, a free site that helps identify infections. But Emsisoft said that figure is likely to be far higher." - source, https://techcrunch.com/2019/10/18/stop- ... ion-tools/
If time permits I'll keep adding more file types.
Re: Media repair tool for MP3 and WAV affected by STOP/DJVU
June 14th, 2020, 0:56
Joep Sir ,
I get daily cases of this ransomeware ,So you have been researching and i believe you know there are some tools that repair files of a particular type ,Can you share that too ,Drop me a pm with your email id and i will keep sending you references of few file formats ,Today itself i have three active cases with me
I get daily cases of this ransomeware ,So you have been researching and i believe you know there are some tools that repair files of a particular type ,Can you share that too ,Drop me a pm with your email id and i will keep sending you references of few file formats ,Today itself i have three active cases with me
Re: Media repair tool for MP3 and WAV affected by STOP/DJVU
June 16th, 2020, 7:43
Well, 'researching' ...
I discovered by accident that a few JPEGs I had been repairing for a client were actually JPEGs affected by a STOP/DJVU variant (checked and confirmed with https://id-ransomware.malwarehunterteam.com/).
So then the only logical conclusion was that the file was not entirely encrypted, else I would not have been able to make the JPEG data visible. Only a portion of the files is encrypted by variants of STOP/DJVU. It can clearly be seen in attached picture, where JPEG-Repair strips any file from any data that prevents a JPEG decoder from decoding data.
So idea is, in general, that for specific file types it may be possible to strip it from corrupt/encrypted data + glue in a valid header + maybe restore some pointers within header to point to the data that survived encryption.
The larger the file, the smaller the effect of the encryption. Based on what I have seen STOP/DJVU variants encrypt 150 KB or so in digital photos (JPEG, CR2, NEF).
I am by no means a ransomware specialist, and the idea of repair is only even possible on data that wasn't actually encrypted.
I discovered by accident that a few JPEGs I had been repairing for a client were actually JPEGs affected by a STOP/DJVU variant (checked and confirmed with https://id-ransomware.malwarehunterteam.com/).
So then the only logical conclusion was that the file was not entirely encrypted, else I would not have been able to make the JPEG data visible. Only a portion of the files is encrypted by variants of STOP/DJVU. It can clearly be seen in attached picture, where JPEG-Repair strips any file from any data that prevents a JPEG decoder from decoding data.
So idea is, in general, that for specific file types it may be possible to strip it from corrupt/encrypted data + glue in a valid header + maybe restore some pointers within header to point to the data that survived encryption.
The larger the file, the smaller the effect of the encryption. Based on what I have seen STOP/DJVU variants encrypt 150 KB or so in digital photos (JPEG, CR2, NEF).
I am by no means a ransomware specialist, and the idea of repair is only even possible on data that wasn't actually encrypted.
- Attachments
-
Re: Media repair tool for MP3 and WAV affected by STOP/DJVU
June 21st, 2020, 11:16
working on adding video https://youtu.be/_2ZMRvbnOk4
Re: Media repair tool for MP3 and WAV affected by STOP/DJVU
June 21st, 2020, 15:40
Wow ,
Keep The Development Alive
Keep The Development Alive
Re: Media repair tool for MP3 and WAV affected by STOP/DJVU
June 23rd, 2020, 16:11
K. Got something. https://youtu.be/3AKJ27sZ9_E
Powered by phpBB © phpBB Group.