I came accross this article. And I am wondering now, how would you upload a file from your system if all files have been encrypted? I have 0 experience with randomwares but as far as I've heard your desctop is showing only a pop up window asking you to pay some amount of money or are you able to browse through your pc but not able to open files?
Slavi 94 Master Poster Featured Poster
JorgeM 958 Problem Solver Team Colleague Featured Poster
An encrypted file can be copied and deleted. If you try to open an encrypted file, you need to have the appropriate private key.
If you can't get to the files because there are other programs interfering with your GUI, you could take the drive out of your computer, plug it into another system via a variety of connections including an IDE/USB connection. Then access the files and copy, upload, etc..
Slavi 94 Master Poster Featured Poster
Ok, I am asking this because I was attending a Crypto lecture, when the Randomware was mentioned in there, it was said that for example in those programs if you try to shut down your pc, everything will be deleted and if you don't pay everything will be deleted as well. What confuses me is the state of your system when infected with it, what I thought was that everything is locked and the only thing you can do is basically nothing other than looking to a pop up on your pc saying you have been compromised and a textfield where you are supposed to enter the private key to unlock your pc files. Apparently I am wrong, ye? Because in the case of you being able to access everything, well obviously not open/use it, then yeah that free decryptor seems really good tool to have
Hiroshe 499 Posting Whiz in Training
The idea behind cryptolocker is that encrypts cartian files on the system, not all of them (otherwise the system would be inoperatable). For example, it will search for pictures, music, videos, plaintext files and things like that. It generally won't target executable files, and the malware will not try to make your computer inoperatable.
The ransomware might be setup to delete the public key and identifiers if the computer is reset (if the attackers refuse to give the private key, or cannot becasue the public key or identifiers are no longer existant, then the files are "deleted" in a sense that they cannot be recovered.).
Slavi 94 Master Poster Featured Poster
Oh, I see, Thanks @Hiroshe
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.