I've been infected by the same virus as the OP in this thread:http://www.bleepingcomputer.com/forums/t/556721/fbi-ransomware-new-variation-canadian/
I'm unable to reply in that thread so am starting a new one:
Posted 26 November 2014 - 12:19 PM
I've been infected by the same virus as the OP in this thread:http://www.bleepingcomputer.com/forums/t/556721/fbi-ransomware-new-variation-canadian/
I'm unable to reply in that thread so am starting a new one:
Posted 26 November 2014 - 11:10 PM
Posted 26 November 2014 - 11:49 PM
Posted 07 December 2014 - 08:31 PM
Hello,
I have made a Decryption Patcher for this infection. If you were hit by Operation Global 3 (This infection, Title is on the bottom of ransom screen), then this patcher will help you get all your files back.
Here is a video with the step by step instructions:
http://youtu.be/1M5IEW5_Ydw
Here is the Patcher(Also on Video page):
http://www.bleepstatic.com/fhost/uploads/3/og3patcher.exe
Hope this helps!
Posted 08 December 2014 - 05:03 PM
Thank you for the patch. I actually came up with a similar way to decrypt the files. However, the problem for me was that I have thousands of files that got encrypted so clicking on each one is not feasible. I wrote a small script to iterate over all the files and open them one by one but since doing that launches the associated application, my script also needed to close/kill that application to prevent the computer from overloading. As a result, the whole process is a bit cumbersome. I managed to decrypt a lot of my files but there are sill many to do.
I was wondering if your patch works by utilizing the infection itself to do the decryption (as does my approach) or if it actually retrieves the key and decrypts the files on its own. If the latter, perhaps it can be made to do this without needing to open the files? That way, I can just let it run on all the affected files without needing to click on each one.
Posted 08 December 2014 - 07:03 PM
Well the good news is, after u run this patcher, the infection can never run right on the machine again. So you can actually simply use ur script now without having to worry about the infection opening again.
Perhaps if more people get the infection ill add a mass decrypt.
EDIT: My patcher actually changes a few bytes in the running infection, changing the way the exe's open.
Edited by Nathan, 08 December 2014 - 07:04 PM.
Posted 09 December 2014 - 12:41 AM
My process also made it so that the machine wasn't getting reinfected when opening the encrypted files. My issue is doing it on a mass scale without having to worry about automatically closing all the applications (such as the image viewer, music player, etc) that launch when each file opens. Anyway, thanks for your efforts.
0 members, 0 guests, 0 anonymous users