In-depth technology research: finding new ways to recover data, accessing firmware, writing programs, reading bits off the platter, recovering data from dust.
Forum rules
Please
do not post questions about data recovery cases here (use
this forum instead). This forum is for topics on finding new ways to recover data. Accessing firmware, writing programs, reading bits off the platter, recovering data from dust...
September 21st, 2023, 15:41
Hi to all!
No ID ransomware
SHA1: 3b3123bedd02b9f3137ec4db3d2eaef0aed6c4f5
https://id-ransomware.malwarehunterteam.com -> no identify
All files file.ext
.d3adany known solution?
September 21st, 2023, 18:11
AFAIK, no.
What kind of files?
September 22nd, 2023, 6:50
Arch Stanton wrote:AFAIK, no.
What kind of files?
.mdf
.ldf
One file.
September 22nd, 2023, 6:53
It's D3adcrypt ransomware, no solution available.
I thought this strain is inactive, but it looks like it is activated again. I have last year's samples of encrypted files, could you upload an encrypted .pdf or .jpg to take a look? I'd need a large file, preferable larger than 2MB.
Just curious to see what they've changed in their encryption algo.
September 22nd, 2023, 8:46
northwind wrote:It's D3adcrypt ransomware, no solution available.
I thought this strain is inactive, but it looks like it is activated again. I have last year's samples of encrypted files, could you upload an encrypted .pdf or .jpg to take a look? I'd need a large file, preferable larger than 2MB.
Just curious to see what they've changed in their encryption algo.
Send PM.
Please look.
September 22nd, 2023, 10:13
Care to share a JPEG with me for research purposes?
September 22nd, 2023, 11:00
Arch Stanton wrote:Care to share a JPEG with me for research purposes?
sending to you!
Thanks!
September 23rd, 2023, 14:33
Wow, I've never seen anything like this.
Sempre sent me a 50GB sample image of the encrypted drive.
It looks like they're using some intelligent algo that messes up each file in its entity. They're encrypting the header and then they salt the main body of the file with something that looks like 256AES, or at least that's my quick impression. Out of 50GB I was able to re-create just 10 .jpg files, some useless .png files and some .pdf files that need repair in their main body (all sent to sempre). And a lot of .txt files that obviously couldn't be salted/messed up due to small file size.
To be honest, I doubt this can be decrypted even with the private encryption key.
September 23rd, 2023, 16:25
sempre wrote:Arch Stanton wrote:Care to share a JPEG with me for research purposes?
sending to you!
Thanks!
How? My email is
joep@disktuna.com.
September 23rd, 2023, 17:12
Arch Stanton wrote:Care to share a JPEG with me for research purposes?
Sorry
Ok sending
PM
September 24th, 2023, 4:46
NVM, a 37 kilobytes JPEG isn't going to to do it.
September 25th, 2023, 9:02
Arch Stanton wrote:NVM, a 37 kilobytes JPEG isn't going to to do it.
Hi!
Sorry for the larger 69kb .jpg
has interest?
September 25th, 2023, 17:55
No, probably not.
September 26th, 2023, 7:04
unsolved case
Powered by phpBB © phpBB Group.