dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
544
SipSizzurp
Fo' Shizzle
Premium Member
join:2005-12-28
Houston, TX

SipSizzurp

Premium Member

Encrypting Virus

Hadn't seen any news on the encrypting virus lately. I just picked up a good hot infected one. Booted in Linux and all data files have .ecc extension appended to the end of the file name.

Was there ever a cure for this virus ? Would this machine have any forensic value before I nuke and pave ?

Kilroy
MVM
join:2002-11-21
Saint Paul, MN

3 recommendations

Kilroy

MVM

Most of the cure for the encryption viruses are pay the money. Some have had the codes available over time as the servers are captured by law enforcement.

If the data is important, and not needed, you might want to get another drive and hold this drive in case the decryption keys become available at a later date.

norwegian
Premium Member
join:2005-02-15
Outback

1 recommendation

norwegian to SipSizzurp

Premium Member

to SipSizzurp
Not sure if it helps but there is a little in this topic and if XOR related, there is a tool.
»securelist.com/analysis/ ··· ked-out/
»support.kaspersky.com/vi ··· ion/2911
»support.kaspersky.com/vi ··· ion/4264

I'm sure there are similar off other companies.
SipSizzurp
Fo' Shizzle
Premium Member
join:2005-12-28
Houston, TX

SipSizzurp

Premium Member

Thanks for thie links. I was not aware of the Kaspersky decryptors. I will keep this for future reference. Unfortunately I had to get the machine back in operation so I have already nuked it. The customer said the data was not too important so I didn't keep any copies. I'll be sure to give the tools a try if I run across another infection. I very much appreciate your help !