My MS Office files and pdf files has been encrypted by some ransomware in my pc which was running window XP. I removed the ransomware,formated the OS and put windows 7, but my files are still encrypted. Is there any way of decrypting it as it very important files and i dont have a backup of these files. Some one pls help me out of this mess.
Excel,word,pdf files got encrypted by ransomware
encryptionvirus
Related Solutions
This may be an older question; but I recently had the same need.
My goal was to be comprehensive (search all files) and not require additional software, so it uses the command prompt and any text editor.
Here is what I found as a workable solution:
- open a cmd prompt
- Enter the command: cipher /s:c:\ > encryption.txt
- Open the file "encryption.txt"
- To find encrypted folders, search for "will be encrypted"
- To find encrypted files, search for "E" at the beginning of a line
Without parameters, Cipher lists state of the current directory and all files in it. The /s parameter tells it to recurse, and c:\ gives it the starting point. From there, "> ..." just redirects the output.
Cipher's output for encrypted files and folders look like this:
Listing c:\Dev\Encrypted\
New files added to this directory will be encrypted.
E Default.aspx
E Default.aspx.cs
E Default.aspx.designer.cs
Cipher's output for normal files and folders look like this:
Listing c:\Dev\Plaintext\
New files added to this directory will not be encrypted.
U Default.aspx
U Default.aspx.cs
U Default.aspx.designer.cs
Hope that helps.
This is a very nasty virus category, known as Ransomware. There is further information on it here.
The bad news is that the encryption used is realistically uncrackable. If you don't have backups, there is not a lot you can really do. The virus will demand payment to decrypt your files, which, lets face it, they may not do and may just take the money and run. There is no other way to decrypt it without the exact keys they provide. Paying the ransom is the only chance you would have to get the data back without backups, but if they don't comply after payment, you have no action of recourse and have just lost your files and your money.
The instructions above detail how to remove the virus, however, it is likely too late for your data. You can try the following as a last resort if you don't have backups (Remove the virus first using the above link, or it may just re-encrypt them):
There is only one known way to remove this virus successfully, barring actually giving in the to the demands of the people who created the virus – reversing your files to a time when they were not infected.
There are two options you have for this:
The first is to do a full system restore. This can take care of the file extension for you completely. To do this just type System Restore in the windows search field and choose a restore point. Click Next until done.
Your second option is a program called Shadow Volume Copies.
Open the Shadow Explorer part of the package and choose the Drive (C or D usually) you want to restore information from. Right click on any file you want to restore and click Export on it.
Best Answer
Wikipedia says that CryptoLocker encrypts files "using RSA public-key cryptography, with the private key stored only on the malware's control servers", and that "although CryptoLocker itself is readily removed, files remain encrypted in a way which researchers have considered infeasible to break."
Sounds like your files probably can't be recovered.