Recovering Encrypted Files **PLEASE HELP** - OS X Lion 10.7 - Hackintosh Zone Jump to content
  • 0
mikesmithibo

Recovering Encrypted Files **PLEASE HELP**

Question

Recovering Encrypted Files **PLEASE HELP**

I have a major debacle I ran into this morning. I accidentally downloaded Spora Ransomware when using my Windows 7 from my Hackintosh. I'm actually only using Windows right now on my machine because my OS X side won't boot all the way through (currently trying to tackle that issue but that's for another day, because I found a way to access my Mac partition through Windows with Paragon so that's all I really cared about at the moment).

But anyway, it makes you try to pay them to recover the files they encrypted, but of course as any good PC user, I found a way to recover my files without messing with that. In my case, it looks like they only encrypted picture files like .jpg. In fact, .png files weren't even encrypted, video files are unaffected, etc. Some other random files like zipped font folders were encrypted but I'm not worried about all of that. Ironically this all happened 2 days after my MalwareBytes expired (I should have renewed).

Now first thing, I have yet to remove the Ransomware because I heard if you remove it before your files are recovered, it may permanently delete those files, so I recovered them and put them all on my external so I can remove the Spora crap. BUT, now I have to tackle recovering the files from the Mac partition (that I'm accessing from Windows 7) and it's not working the same because there are no previous versions due to them not being originally from my Windows hard disk). Yes, the Ransomware even encrypted the files from the Mac partition (jagoffs).

I tried using things like Recuva, but of course it can't read my Mac drive. So my question is, is there any possible way anybody knows of that will help me recover the picture files that are encrypted from my Mac partition THROUGH my Windows 7? Remember, I can't access my Mac side, so I can't just download some recovery software that's applicable with OS X.

Please if you have any ideas I would love to hear them, so much history is on my computer and it's my dumb fault for not backing those up previously or failing to renew MalwareBytes, but I'm a believer that in most cases, there's always a way to make things happen.

I would love to find out where these guys are and give them the business.

Thank you for any insight.

Share this post


Link to post
Share on other sites

4 answers to this question

Recommended Posts

  • 0
Rico Cremer    8

For what I've read, the encryption is done in a pretty complex way:

1. It generates a public-private RSA keypair that is unique to your computer
2. It generates a random AES symmetric key for each file and encrypts the file
3. It encrypts each file’s AES key with the public key generated for your computer
4. It encrypts your unique public-private keypair with a public key stored in the Spora file

There is no program that can recover the files, because it needs to know all the keys.
In Windows, your only hope would be that it stored the previous (unlocked) version of the file, which you then could restore. I don't know if Windows stores files from another filesystem too, but I think it does not. So unless you have a back-up, which you don't, I'm afraid that you are doomed to lose your files.

If, however, you found a solution for your problem, I'd like to know how you did it :D

Share this post


Link to post
Share on other sites
  • 0
13 minutes ago, Rico Cremer said:

For what I've read, the encryption is done in a pretty complex way:

1. It generates a public-private RSA keypair that is unique to your computer
2. It generates a random AES symmetric key for each file and encrypts the file
3. It encrypts each file’s AES key with the public key generated for your computer
4. It encrypts your unique public-private keypair with a public key stored in the Spora file

There is no program that can recover the files, because it needs to know all the keys.
In Windows, your only hope would be that it stored the previous (unlocked) version of the file, which you then could restore. I don't know if Windows stores files from another filesystem too, but I think it does not. So unless you have a back-up, which you don't, I'm afraid that you are doomed to lose your files.

If, however, you found a solution for your problem, I'd like to know how you did it :D

Hey Rico, yeah I already stated that I successfully recovered my files in Windows, no problem. I lost nothing in the end and got rid of the Ransomware. All is well for my Windows side. But because I had Paragon installed to access my OS X partition from Windows, that was exposed to the Ransomware as well so it encrypted those files also. So my question was is there any way to do the same type of thing, but just through Windows instead of OS X (because I currently can't boot into OS X). But obviously there isn't a way, I was just trying my luck. I unplugged the hard drive for now and I'm going to tackle it once I can boot into OS X. In the end, what was more important to me was on my Windows side, so if I lose those files on the OS X side, oh well. It would only be picture files for the most part anyway (that's all they really encrypted in Windows). Everything else was untouched by the Ransomware. It was clever, but in the end they didn't do a very good job in my experience.

Share this post


Link to post
Share on other sites
  • 0
Rico Cremer    8

The purpose of Spora actually is to only encrypt image and compressed archives files (on local drives as well as network drives). Spora does not touch your actual Windows system files, because they want you to be able to successfully boot into (and use) your system. Pictures, videos, zip files et cetera are pretty valuable for most people, so big chance that a victim is willing to pay :D 

  • Like 1

Share this post


Link to post
Share on other sites
  • 0
55 minutes ago, Rico Cremer said:

The purpose of Spora actually is to only encrypt image and compressed archives files (on local drives as well as network drives). Spora does not touch your actual Windows system files, because they want you to be able to successfully boot into (and use) your system. Pictures, videos, zip files et cetera are pretty valuable for most people, so big chance that a victim is willing to pay :D 

Makes sense. It's definitely clever. I'm just glad I found a way to get around it with necessarily having a back-up drive. I will forever back-up and stay protected from now on. You go so long without any issues and think you're invincible lol but reality is nobody is safe! Cheers man.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Donation Goals

    Hosting

    Please donate to support the community.
    We appreciate all donations!



    $22.65 of $100.00 goal reached.
    Donate Now
×

Important Information

By using this site, you agree to our Terms of Use.