Forum rules
Please do not post questions about data recovery cases here (use this forum instead). This forum is for topics on finding new ways to recover data. Accessing firmware, writing programs, reading bits off the platter, recovering data from dust...Ransomware all files .d3ad
September 21st, 2023, 15:41
Hi to all!
No ID ransomware
SHA1: 3b3123bedd02b9f3137ec4db3d2eaef0aed6c4f5
https://id-ransomware.malwarehunterteam.com -> no identify
All files file.ext.d3ad
any known solution?
No ID ransomware
SHA1: 3b3123bedd02b9f3137ec4db3d2eaef0aed6c4f5
https://id-ransomware.malwarehunterteam.com -> no identify
All files file.ext.d3ad
any known solution?
Re: Ransomware all files .d3ad
September 21st, 2023, 18:11
AFAIK, no.
What kind of files?
What kind of files?
Re: Ransomware all files .d3ad
September 22nd, 2023, 6:50
Arch Stanton wrote:AFAIK, no.
What kind of files?
.mdf
.ldf
One file.
Re: Ransomware all files .d3ad
September 22nd, 2023, 6:53
It's D3adcrypt ransomware, no solution available.
I thought this strain is inactive, but it looks like it is activated again. I have last year's samples of encrypted files, could you upload an encrypted .pdf or .jpg to take a look? I'd need a large file, preferable larger than 2MB.
Just curious to see what they've changed in their encryption algo.
I thought this strain is inactive, but it looks like it is activated again. I have last year's samples of encrypted files, could you upload an encrypted .pdf or .jpg to take a look? I'd need a large file, preferable larger than 2MB.
Just curious to see what they've changed in their encryption algo.
Re: Ransomware all files .d3ad
September 22nd, 2023, 8:46
northwind wrote:It's D3adcrypt ransomware, no solution available.
I thought this strain is inactive, but it looks like it is activated again. I have last year's samples of encrypted files, could you upload an encrypted .pdf or .jpg to take a look? I'd need a large file, preferable larger than 2MB.
Just curious to see what they've changed in their encryption algo.
Send PM.
Please look.
Re: Ransomware all files .d3ad
September 22nd, 2023, 10:13
Care to share a JPEG with me for research purposes?
Re: Ransomware all files .d3ad
September 22nd, 2023, 11:00
Arch Stanton wrote:Care to share a JPEG with me for research purposes?
sending to you!
Thanks!
Re: Ransomware all files .d3ad
September 23rd, 2023, 14:33
Wow, I've never seen anything like this.
Sempre sent me a 50GB sample image of the encrypted drive.
It looks like they're using some intelligent algo that messes up each file in its entity. They're encrypting the header and then they salt the main body of the file with something that looks like 256AES, or at least that's my quick impression. Out of 50GB I was able to re-create just 10 .jpg files, some useless .png files and some .pdf files that need repair in their main body (all sent to sempre). And a lot of .txt files that obviously couldn't be salted/messed up due to small file size.
To be honest, I doubt this can be decrypted even with the private encryption key.
Sempre sent me a 50GB sample image of the encrypted drive.
It looks like they're using some intelligent algo that messes up each file in its entity. They're encrypting the header and then they salt the main body of the file with something that looks like 256AES, or at least that's my quick impression. Out of 50GB I was able to re-create just 10 .jpg files, some useless .png files and some .pdf files that need repair in their main body (all sent to sempre). And a lot of .txt files that obviously couldn't be salted/messed up due to small file size.
To be honest, I doubt this can be decrypted even with the private encryption key.
Re: Ransomware all files .d3ad
September 23rd, 2023, 16:25
sempre wrote:Arch Stanton wrote:Care to share a JPEG with me for research purposes?
sending to you!
Thanks!
How? My email is joep@disktuna.com.
Re: Ransomware all files .d3ad
September 23rd, 2023, 17:12
Arch Stanton wrote:Care to share a JPEG with me for research purposes?
Sorry
Ok sending
PM
Re: Ransomware all files .d3ad
September 24th, 2023, 4:46
NVM, a 37 kilobytes JPEG isn't going to to do it.
Re: Ransomware all files .d3ad
September 25th, 2023, 9:02
Arch Stanton wrote:NVM, a 37 kilobytes JPEG isn't going to to do it.
Hi!
Sorry for the larger 69kb .jpg
has interest?
Re: Ransomware all files .d3ad
September 25th, 2023, 17:55
No, probably not.
Re: Ransomware all files .d3ad
September 26th, 2023, 7:04
unsolved case
Powered by phpBB © phpBB Group.