[ALUG] Ransomware: most dangerous cyber threat

Andreas Tauscher ta at geuka.net
Thu Nov 10 15:21:04 EAT 2016


On 10.11.2016 13:05, James Julius wrote:
> Hi Andreas,
> 
> Thanks very much for your input,  true the backup should be on separate
> physical device and disconnected from the network.
> 
> Are you aware of way to restore the encrypted files? the one i came
> across was encrypted with .thor extensions.

Depends on the version of the ransomware. For example Cerber.
If you are lucky and you are hit by an old version: The files can be
decrypted. If you are hit by the version released begin of August:
Actual no way. And ther is no real hope the files ever can be decrypted.
The guys are learning. The first versions had mistakes in the crypto
implementation. This bugs have been fixed in later versions.

Or you are lucky in another way. Don't remember now which ransomware
this was. The programmers have been arrested and had then the choice. If
they are cooperative trail in the US and a chance to be released from a
US prison after 10 years. Or trial in Russia and being released earliest
after 20 years. They became very cooperative.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.habari.co.tz/pipermail/linux/attachments/20161110/f1111544/attachment.pgp>


More information about the Linux mailing list