4
1
So for the past few weeks I have been planning on switching from windows 7 to Ubuntu (14.04) with windows running in a VM for whenever I need it. 2 days ago my antivirus complained to me that I had a virus, and I ignored it, figuring that it would matter 24 hours from then.
Yesterday, I backed up all my files (including the AppData folder) to my external hard-drive. This morning, confident all my files were copied, I erased my old OS and started creating my ideal Ubuntu environment.
At first, I din't notice anything wrong with my files, because all of my PHP files were untouched. Then I noticed all of my image files (including PSD's) were encrypted and now had the standard ransom-ware message asking for $300.
The original files were unaffected, but all of my copies were. Anything super important was backup up via a git repo, but many of my PSD's are now encrypted.
My Question: Does anyone know how I can unencrypt my files?
Here is an example of one of my encrypted files: apache-directory-index.png.enc.rtf (clean)
Nicholas Summers
Posted 2014-08-09T01:31:04.110
Reputation: 203
https://www.decryptcryptolocker.com/ might be worth a try if its cryptolocker. – Journeyman Geek – 2014-08-09T01:43:55.193
no dice, it's "not a cryptolocker file" – Nicholas Summers – 2014-08-09T01:49:13.310
I don't think this question has anything to do with Windows or Ubuntu. Files encrypted by (a Windows) virus, that's all. Also, "the original files were unaffected" — but they've been wiped, haven't they? – 4ae1e1 – 2014-08-09T02:29:40.527
The proper term is "formatted" and they were unaffected by the virus. I intentionally removed them along with the original operating system, to create a brand new system. This DOES involve windows/ubuntu because they are the OS's I have to work with as far as solving the problem. (not to mention they were a suggested edit from another user) – Nicholas Summers – 2014-08-09T04:32:06.063
If you don't have the key to decrypt the files, your out of luck, unless the key exists on the system. Since you deleted the virus, its basically not possible, to decrypt the files. – Ramhound – 2014-08-09T04:49:52.027
1You can still try file recovery after formatting harddisk. – AEonAX – 2014-08-09T05:27:59.390
@NickJ just a correction, on your correction. The drive was formatted to erase items on the drive. Also this does not have anything to do with your OS as the files will not change due to the OS when encrypted. Also to answer your question without the Key to the encryption there isn't a lot you can do. You seem to be very sure it's not Cryptolocker, can you please give you reasons for this assumption. (would reply in a friendlier tone, more likely to get help) – David Golding – 2016-04-11T09:18:41.940