1. May 30, 2020  

    Any tech specialist out there?

    hello y'all, hope everyone's fine and well outta there, i've stumbled upon a problem lately, silly me got trolled and infected with .mzlq virus, and everything got encrypted, I know, was my fault.... despite everything, all my WoW screenshots from over 7 years got all encrypted and I cannot open them, all those memories can't be relived again, that's what hurts me!

    Did anyone had the same problem, I tried everything to restore those files, but nothing kinda worked, there was a software for 120$, but neither them can guarantee it will be restored, if someone had same or simmilar problems, please let me know, or should I just move on, and take it as a warning for further links?
    Thanks y'all, and have a breazzy lovely day ^^

  2. May 31, 2020  
    It depend of your skills but :
    - there is no guarantee to get this pictures or others back.
    - Never pay, it's exactly what they want, because it's a ransomware. If i was you I'll forget about all my files (that why backup your files on another system is usefull during the life of your computer) , and reinstall all to scratch because if one file of this ****, still stay on your computer you are ready for another round.

    In other word reset your computer.


    with a bit skill and many times (there is way more risk and no guarantee )

    In the case you really want yours pictures back, you save them on an empty usb storage, create a virtual sandbox on linux, use recurva > long/deep scan on file >restore. It can take many times. After reset your usb storage (in fat 32) erase, the sandbox, and reset your computer .
    Edited: May 31, 2020

  3. May 31, 2020  
    In the case you really want yours pictures back, you save them on an empty usb storage, create a virtual sandbox on linux, use recurva > long/deep scan on file >restore. It can take many times. After reset your usb storage (in fat 32) erase, the sandbox, and reset your computer .
    Don't bother, won't work.
    Copying encrypted files on a USB won't magically decrypt them, this can only work if there's file version history, such as google drive history for files or windows history from "File History" if you had made backups.

    Move on, don't open or download stuff from untrusted sources and that's all there is to it, luckily you only seem to have lost wow screenshots, that's pretty good if you ask me, could have had something more important.

  4. May 31, 2020  
    Don't bother, won't work.
    Copying encrypted files on a USB won't magically decrypt them, this can only work if there's file version history, such as google drive history for files or windows history from "File History" if you had made backups.
    .
    ???????????????????

    The goal of using an usb is to isolate the files, I said use recurva. Recurva is a soft that allow you to reach losing data. The goal is to try to find data before the encryption, to restore them. As I said there is no safe way, may be it's 'll work, maybe no.

  5. June 2, 2020  
    I think all that Recurva will do is find your Mount&Blade mods you were keeping on that USB previously.

  6. June 2, 2020  
    ???????????????????

    The goal of using an usb is to isolate the files, I said use recurva. Recurva is a soft that allow you to reach losing data. The goal is to try to find data before the encryption, to restore them. As I said there is no safe way, may be it's 'll work, maybe no.
    Encrypted files have 99% sure have rewritten the original files. Copying the encrypted files will keep them encrypted and that's all.
    Your one and only hope to "restore" files is to just unplug the computer right away as soon as they're encrypted, don't even use it. Take the disk out, plug it into another computer (as a secondary drive, DO NOT boot from it) and then try recovering there.
    More you use the drive higher the chance of you overwriting the old version but there's likely no old version.
    When a file is modified it will likely stay in the same spot: https://imgur.com/a/odnUvKs
    After it changed it remained in the same inode, didn't move, overwritten, stuff underneath permanently lost, NTFS probably works the same way.

  7. June 3, 2020  

    You are likely out of luck here.

    I've worked in the tech industry for almost 20 years. There are hundreds of varieties of this particular ransomware... and there are many other versions of crypto virus's in the news...

    Some famous examples include celebreties, politicians and CITIES who have paid the ransom because they had no other option... If you want the data - you will have to :

    a. Pay them (bad choice but if you need it now you have no choice) -- if you pay there are safety measures you must take to insure your own security - never pay with any traceable payment method... CC / bank etc... use encrypted payments.

    b. Hope that LEA captures the people behind it - and gets their hands physically on the server / workstation hardware that has the decryption keys for your specific version. Then and only then will a solution be available to decrypt it without paying.

    c. do searches online to see if your particular version has been found and stopped... (very unlikely)

    If you choose not to pay - you can put that hard drive on a shelf and wait 5 or 10 years and maybe eventually someone will find a way for you to recover that data... though it may take 15 or 20 years and may never happen...

    Always keep backups.. sorry I have no advice to offer... I know zero people in the world who can handle this - even the FBI / CIA and high end Tech firms would not have much of a chance to fix this.... Encryption is very powerful in the world of IT - if used correctly... heck even a locked iphone can't be unlocked.... so a specially designed encryption like you are stuck with is far beyond that...

    Good luck; but keep in mind these things generally give you 24 hours to pay the 500 bucks or whatever.. then it goes to a thousand.. then 5k.. 10k... then the criminals walk away and never will you have the chance again to pay -- they dont want to get caught... so they will not wait around long before they cover their tracks, delete the servers and create a new version of the virus to start again from another location...

  8. June 4, 2020  
    Encrypted files have 99% sure have rewritten the original files. Copying the encrypted files will keep them encrypted and that's all.
    Your one and only hope to "restore" files is to just unplug the computer right away as soon as they're encrypted, don't even use it. Take the disk out, plug it into another computer (as a secondary drive, DO NOT boot from it) and then try recovering there.
    More you use the drive higher the chance of you overwriting the old version but there's likely no old version.
    When a file is modified it will likely stay in the same spot: https://imgur.com/a/odnUvKs
    After it changed it remained in the same inode, didn't move, overwritten, stuff underneath permanently lost, NTFS probably works the same way.
    what the hell you don't understand? As I said "few skill" because i don't think he has enought acknowlegde. So I tried to find the most easiest way for dummy to get his files back. i said the best way: forget all and reset your computer form scratch.

    If i said move it to a usb (and yes there are still encrypt )and use sanbox, it's to avoid cross contamination. My goal is to prevent a new infection or worst because he tried randoms thing (and yes i know there are better chance to find something with recurva on the disk itself).
    If i said recurva it's because, even a rewritte file have a "ghost back up" due to the way of how work filesystem, or how encryption are made. Even a pro can forget to erase something. AND again i said few chance to work. A lot of "hacker" are just script kiddle.
    Plug this thing as secondary, it's the best way to **** up your primary disk. (Even if you use linux because you don't know how and what is the property of this thing.)

    Never paid with ransomware, because you are not sure they 'll give you a key or the right key.
    And no encryption can be break, for example the EASA256 was break so now use AESA512 and it's not 100% sure.
    There are many way to encrypt files many of them are outdated, and can be break enought easily.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •