Recovery after extortion

Extortionist is a computer malicious virus that blocks your system and requires ransom to unlock your files. In fact, there are two different types. First, PC-Locker, which locks the whole machine, and Data-Locker, which encrypts certain data but allows the machine to run. The main goal is to get money from the user, which is usually paid in a cryptocurrency such as bitcoin.

Identification and decryption

You will first need to know the last name of the ransomware program that infected you. It’s easier than it seems. Just locate Malwarehunterteam and upload a ransom note. He will detect the last name and will often guide you through the transcript. If you have a family name that matches the note, the files can be decrypted using Teslacrypt 4.0. You must first set the encryption key. Selecting an extension added to encrypted files will allow the tool to automatically set the master key. If in doubt, just choose <як арыгінал>.

Data recovery

If that doesn’t work, you’ll need to try to recover the data yourself. But often the system can be too damaged to get much back. Success will depend on a number of variables such as operating system, partitions, file overwrite priority, disk space processing, etc.). Recuva is probably one of the best tools available, but it’s best to use it on an external hard drive rather than installing it on your own OS drive. Once installed, just run a deep scan, and hopefully the files you are looking for will be restored.

New ransomware encryption focused on Linux systems

Known as the Linux.Encoder.1 malware, personal and business sites are under attack, and decrypting files requires a bitcoin fee of about $ 500.

The vulnerability in CMS Magento was discovered by attackers who quickly took advantage of the situation. Although a critical vulnerability patch was released for Magento, it was too late for those webmasters who woke up to find a message that included a scary message:

“Your personal files are encrypted! Encryption was done with a unique public key … to decrypt the files you need to get a private key … you need to pay 1 bitcoin (~ 420 USD)”

It is also speculated that attacks could have taken place on other content management systems, making the number of victims unknown.

How malware strikes

Malware gets through execution with administrator levels. All home directories as well as related website files have been damaged by 128-bit AES cryptocurrency. That alone would be enough to do a lot of damage, but the malware goes further in that it then scans the entire directory structure and encrypts different files of different types. Each directory into which it enters and harms through encryption is dropped a text file that the administrator first sees when logging in.

There are certain items that malware looks for, and these are:

  • Apache installations

  • Nginx settings

  • MySQL installations that are located in the structure of the target systems

The reports also seem that magazine directories are not immune to attack, as is the content of individual web pages. The last places he hits – and perhaps the most critical – include:

  • Executable windows files

  • Document files

  • Program libraries

  • Javascript

  • Active server file pages (.asp).

The end result is that the system is kept for ransom, and businesses know that if they can’t decrypt the files themselves, then they have to either give in and pay the claim, or have serious downtime for an unknown period of time.

Presented requirements

Intruders dump the README_FOR_DECRYPT.txt text file into each encrypted directory. A payment request is the only way to decrypt through a hidden site through a gateway.

If an affected person or company decides to pay, the malware is programmed to start decrypting all the files and then starts eliminating the damage. It seems that he decrypts everything in the same encryption order, and the farewell photo deletes all encrypted files, as well as the ransom note itself.

Consult specialists

This new ransomware program will require the services of a data recovery specialist. Be sure to let them know of any steps you have taken to recover the data yourself. This can be important and will undoubtedly affect your level of success.