Recently, there has been a surge in the activity of a new generation of malicious computer programs. They appeared quite a long time ago (6-8 years ago), but the pace of their implementation has reached its maximum right now. Increasingly, you may encounter the fact that the virus has encrypted files.
It is already known that these are not just primitive malware, for example, blocking a computer (causing a blue screen), but serious programs aimed at damaging, as a rule, accounting data. They encrypt all available files that are within reach, including 1C accounting data, docx, xlsx, jpg, doc, xls, pdf, zip.
The particular danger of the viruses in question
, RSA-, , () . , , .
, - (), (, , ).
.
, , . - , , , , hh.ru. . . , OLE- (pdf- ).
, , : , .
, , ( ). , .
"" ( ), " " (- ) . , Gen:Variant.Zusy.71505.
?
. , pdf.
«»
. , , . :
- ( ).
- .
- .
- .
- .
. _.txt, CONTACT.txt. , . , , , , .
. ( , 2 ). , .
-. , ID , :
, ?
: , perfect, nochance . , ( Dr. WEB).
1 , , , exe , .
– , ( , , ). – ( ) . – .
, ( exe) , , WinAPI.
: ?
:
- ( ). .
- () , , , .
- Patcher.exe.
- , «».
- «patched», .
- , «».
- , .
- ?
, , , . , , , ( , , ), .
, – , , , , . , , , .
, ( , , .). ( , ).
*.paycrypt@gmail.com:
, cbf, doc, jpg . ., :
- – ( , ).
- , , Dr. WEB. , KEY.PRIVATE.
- . . , 200 – 500 . . , , , . – .
. (paycrypt@gmail_com ), .
RectorDecryptor
jpg, doc, cbf . ., . , . . , . «» ( , : – ).
, , ( CCleaner).
, . « », . «». .
, , , . ( ).
, . , « », « ». , , .
, doc, cbf, jpg . ., . , .
. . : del «<>:\*.< >» /f /s.
, «-.txt», : del «<>:\*.< >»/f /s.
Thus, it can be noted that if the virus renamed and encrypted the files, then you should not immediately spend money on the purchase of the key from attackers, first you should try to figure out the problem yourself. It is better to invest in the purchase of a special program for decrypting damaged files.
In conclusion, it is worth recalling that this article addressed the question regarding how to decrypt files encrypted with a virus.