.crypted files restoral
posted in Viruses
0
My server has been hit by a virus that added .crypted extension to all .tif and .pdf files rendering them unusable. How can I restore access to these files? Thank you.
Accepted Answer
0
PS. You can also try using a decrypter created by Fabian Wosar from Emsisoft - https://decrypter.emsisoft.com/nemucod Let me know if it works for you.
Responses (1)
-
Accepted Answer
0Hi Jan, according to Fortinet:
The encrypted files can be decrypted as long as you have the XOR key that is embedded in the executable component.
You can restore your PC using system restore.
You can restore your files via Volume Shadow Copies.
Here's their research on .crypted ransomware - https://blog.fortinet.com/post/nemucod-adds-ransomware-routine
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »