Jad

Hey guys, I've wasted a lot of my time on this only to find no solutions. Note that my research was done mostly on image files. My conclusions were: - the virus evolved and there are several versions of it. If given time it would attack / rewrite most common user extensions. Those that spotted it early are lucky. - the file is high-jacked ( header + footer ) not fully encrypted, you can recognize a lot of the old content in the 'encrypted one'. If you open to edit you'll land inside the "cover" instead of the real content, re-saving the file will land you with a 51.7 kB png. Problem is without the proper header, the data is unreadable my classic software. As proof, you can look into just editing in a text editor the raw data on doc files and you could manage to extract some of the raw text. - It's highly possible there's a RSA connection on how you unlock it, so far I found no tool to operate on the data. - The guys on bleeping-computers are really cool, you can find a lot of information on their findings. - The virus could be tracked down to its origin but I lack the financial resources and time to do so. - I have a theory that the programmers who originally designed JPG, PNG files, might be able to see through this and create a easy restore solution. I am not sure when I'll be able to research more towards a solution as I'm pretty booked right now. I wish you all the best, I hope a solution is found soon.

I'm JStormrage, the guy looking into finding a solution, on that blog Thanks anyway.

Thank you for the reply. Its my first rendezvous with such an attack. I'm trying to help one of the victims, a photographer who lost a lot of albums of events. There are a lot of sad people. Any update on this is welcomed.

Greetings, I'm new here, reporting something which i think it's a serious problem. Dirty Decrypt, possibly a new breed of virus, most articles about it start with the 28th of April 2013 Even tho I have no knowledge on how its infecting systems,this virus takes over a host computer, blocks its access and can be removed through a series of methods, all found through Google in articles related to it. The big problem is the damage left behind. In the background the virus modifies XLS, DOC, PDF, JPG, PNG and possibly more files. The modified files can not be opened. Instead, a strange message claiming you need to run the virus to decrypt your files, comes up. This falls under ransom-ware, and the poor victim can loose family pictures, important documents and sadly, so far to my knowledge no one created a tool to restore the affected files. I don't believe the files are encrypted as per say, but modified, more like hijacked the exif file header is modified and some junk data is written at the end of the file, I managed to restore jpg files, but doing this manually takes ages, especially for images bigger than 3 MB. The core of the file is there, its original header data is missing. Just do an ANSI file content compare from a virused file and itself, unaffected, you'll see what i mean. I'm opening this topic in the hope that a security company will develop a tool for mass restoration of affected data. There are many people hit by this problem but not all are so tech inclined to know how to approach a solution.