Title: .wncry Bitcoin Ransomware Recovery
Author: DATABASE SOS©All rights reserved [without my consent, it may not be reproduced in any form, otherwise there is the right to further legal responsibility.]
I have also paid attention to various bitcoin ransomware before. For the oracle database, I mainly focus on pl/sql dev and File Encryption Ransomware, no matter which kind of extortion has not happened The scope of the impact is only wide and has a great impact. Even the public security network of the dynasty was severely infected, and many departments were unable to operate normally.
Here you can find that the Bitcoin encryption this time is selective encryption, not all files are encrypted, but judged based on the file suffix name, and then encrypted for blackmail.
View encrypted files
This failure is different from the previous encrypted ransomware.This time, the entire file is completely encrypted, which is quite different from the previous encryption, because the full-text encryption also brings great difficulty to the recovery.
You can find this linked list. Lisso people receive a lot of bitcoin, and it is generally not recommended to pay bitcoin: 1) it fuels this arrogance, and 2) the payment may not be decrypted (there are examples of failure around)
Fortunately, although we cannot decrypt the encrypted file, according to the encryption principle, we have run oracle (stored the oracle data file) on the hard disk, then there are traces on the hard disk. As long as this trace is not covered, we can pass the underlying Scan the block to recover the data (similar to: asm disk header completely damaged recovery ). Through this principle, we successfully restored a customer’s database today. If this aspect cannot be recovered by itself, you can contact us for technical support
Due to limited technical skills, at present we can only recover the encrypted database for extorting Bitcoin, other files cannot be recovered. For the database, we also need to evaluate the site to determine whether it can be recovered.