Recovering after ransomware

Ransomware is a computer malware virus that locks your system and demands a ransom to unlock your files. There are basically two different types. First is the PC-Locker which locks the entire machine and the Data-Locker which encrypts specific data, but allows the machine to function. The main objective is to collect money from the user, which is usually paid in cryptocurrencies like Bitcoin.

Identification and Decryption

You first need to know the family name of the ransomware that infected you. It’s easier than it seems. Just search for malwarehunterteam and upload the ransom note. It will identify the family name and often guide you through the decryption. Once your family name, note, is matched, the files can be decrypted using Teslacrypt 4.0. First the encryption key must be set. Selecting the extension attached to the encrypted files will allow the tool to automatically set the master key If in doubt, just <আসল হিসাবে> select

data recovery

If that doesn’t work, you’ll have to try data recovery yourself. Although often the system may be too corrupt to yield much return. Success will depend on various variables like operating system, partitioning, priority of file overwriting, disk space handling etc. Recuva is probably one of the best tools available, but it’s best to use it on an external hard drive rather than installing it on your own OS drive. Once installed run a deep scan and hopefully the files you are looking for will be recovered.

New Encryption Ransomware Targeting Linux Systems

Known as the Linux.Encoder.1 malware, personal and business websites are being attacked and demanded to pay around $500 in bitcoins for the decryption of files.

A vulnerability in the Magento CMS was discovered by attackers who quickly exploited the situation. Although a patch has now been issued for the critical vulnerability for Magento, it is too late for those web administrators who woke up to find the message containing the chilling message:

“Your private files are encrypted! Encryption was created using a unique public key… You need to get the private key to decrypt the files… You need to pay 1 Bitcoin (~420USD)”

It is also thought that the attacks may have taken place on other content management systems making the number affected currently unknown.

How Malware Strikes

The malware strikes by executing with administrator level. All home directories as well as related website files are affected due to the vulnerability using 128-bit AES crypto This alone can cause enough damage, but the malware goes further in that it scans the entire directory structure and encrypts a variety of different files. In every directory it enters and causes damage through encryption, a text file is dropped that is the first thing the administrator sees when logging in.

There are a few elements that malware looks for and they are:

  • Apache installation

  • Nginx installation

  • Installs MySQL that is located on the target system’s framework

From reports, it also seems that log directories are not immune to attacks and neither is the content of individual webpages The last places it hits – and perhaps the most critical – include:

  • Windows executable

  • document file

  • program library

  • JavaScript

  • Active server (.asp) file page

The end result is that a system is being held to ransom with businesses knowing that if they can’t decrypt the files themselves, they will either have to give up and pay the demands or face severe business disruption for an unknown period of time.


In each encrypted directory, the malware attackers drop a text file called README_FOR_DECRYPT.txt. Payment is demanded with the only way to decrypt through a hidden site through a gateway.

If the affected person or business decides to pay, the malware is programmed to start decrypting all the files and it starts to undo the damage. It seems that it decrypts everything in the same order of encryption and the parting shot is that it deletes all encrypted files as well as the ransom note itself.

Contact the experts

This new ransomware will require the services of a data recovery expert. Make sure you inform them of any steps you take to recover the data yourself. This can be important and will undoubtedly affect the success rate.