My server has been hit by a virus that added .crypted extension to all .tif and .pdf files rendering them unusable. How can I restore access to these files? Thank you.
Accepted AnswerPCrisk SupportTomas MeskauskasOffline0Hi Jan, according to Fortinet:
The encrypted files can be decrypted as long as you have the XOR key that is embedded in the executable component.
You can restore your PC using system restore.
You can restore your files via Volume Shadow Copies.
Here's their research on .crypted ransomware - https://blog.fortinet.com/post/nemucod-adds-ransomware-routine