here is more files
3 docx
3 pdf

First of all pleas don't use this kind of font, there is no need.

Second did your client use any antyvirus on his computer?? If no, I think that your client is victim of so called "ransomware". It is "worm/virus" that is encrypts data on drive not whole drive but single files. Then you see the information that if you want to decrypt data you must pay the ransom.

So there is two options first client pay the ransom, and second you try brute-force.

Regards

sorry for the font, it just too small i thing

if the clint pay the ransom ? will it be encrypted ? or he will just loose his money ?

i mean are they trusted after they receive there ransom, did it work before ??

@LostDataSa

Honestly I don't know ;/ I only know how it works in theory, I never had a chance to check this in practice. And I hope I never will.

i followed the instruction on (Decrypt All Files jejfpoi.txt) which found everywhere on my Clint drive

they are asking for 630 USD

and they gave me the option to decrypt one file only

I have uploaded the encrypted and the decrypted files together in rar file

the question by comparing the encrypted and the original file, wil it be possible to find the encryption key

More than just extensions were altered. Likely a new variant of the encryption-ransom-wares going around. You used to be able to recover files from shadow copies but this is not often the case anymore. Most ransomware's give a short window to pay- paying only guarantees you wont have the money. These criminals may give you the key to decrypt- but sometimes don't as there is nothing you can do about it if you pay. I suggest no one ever pay- then this would stop.

I tried using r-studio

i found all the original files deleted but there are almost the same size and non of them working
also tried to repair the recovered files but no luck also

i am saying the only way is to decrypt these file or if we are able to find the key by comparing the encrypted file and the file was decrypted by the hacker website ( they gave me only one file to decrypt)

here is another file that is also decrypted for comparing them

I do not recommend you pay the extortionist, because it encourages this bad people keep doing the same.

Also I know cases after paying the amount of 3000 eur. customer have not received any key or mode to get data.

I don't agree with your theory that paying will encourage them and not paying will discourage them. They will keep doing this because it works. many people pay.

I do agree to not pay them though.. as good Will Hunting said quite eloquently... " Because Fuck them, that's why".

paying them is no guarantee they will give any key or decrypt your files. The best thing you can do is prevent it. Don't leave network drives mapped unnecessarily, don't leave backup drives connected, don't overwrite your backups too quickly.

maybe try some new technology. Recently Palo Alto bought Cyvera. They are developing some really interesting endpoint protection. Basically there are around 20 techniques most malware uses and these guys are researching each one and writing defence for each. listen to the latest Risky Business podcast for an interview with the CTO of PAN http://risky.biz/RB350 , or download and try it https://www.paloaltonetworks.com/products/endpoint-security.html

Hello Spildit,

As i am new to this forum, i could not compose new post. but i am trying from here if you get , it would be helpful
Friend of mine has seems to be same problem , seem his work pc been infected by ransomware and , he send me this photo file to check if i could recover this file.
Could you please have a look to this photo file and tell me the details of infection and solution to this problem.
bunch of thanks with big hearth.

Regards
Digu