Scribd Logo
Upload

Welcome to Scribd!

  • Tool For Decrypting Files Affected by Trojan-Ransom - Win32.rannoh Infection

    Uploaded by

    george_adi_2200
    126 views1 page
    This document provides information about a tool called RannohDecryptor that can decrypt files encrypted by certain ransomware infections, including Trojan-Ransom.Win32.Rannoh, Trojan-Ransom.Win32.AutoIt, Trojan-Ransom.Win32.Fury, Trojan-Ransom.Win32.Crybola, Trojan-Ransom.Win32.Cryakl, and Trojan-Ransom.Win32.CryptXXX. It describes how each of these ransomware variants encrypt files and change file names and extensions. The document also mentions that RannohDecryptor has command line options but does not provide details

    Original Description:

    Tool for Decrypting Files Affected by Trojan-Ransom

    Original Title

    Tool for Decrypting Files Affected by Trojan-Ransom.win32.Rannoh Infection

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides information about a tool called RannohDecryptor that can decrypt files encrypted by certain ransomware infections, including Trojan-Ransom.Win32.Rannoh, Trojan-Ransom.Win32.AutoIt, Trojan-Ransom.Win32.Fury, Trojan-Ransom.Win32.Crybola, Trojan-Ransom.Win32.Cryakl, and Trojan-Ransom.Win32.CryptXXX. It describes how each of these ransomware variants encrypt files and change file names and extensions. The document also mentions that RannohDecryptor has command line options but does not provide details

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    126 views1 page

    Tool For Decrypting Files Affected by Trojan-Ransom - Win32.rannoh Infection

    Uploaded by

    george_adi_2200
    This document provides information about a tool called RannohDecryptor that can decrypt files encrypted by certain ransomware infections, including Trojan-Ransom.Win32.Rannoh, Trojan-Ransom.Win32.AutoIt, Trojan-Ransom.Win32.Fury, Trojan-Ransom.Win32.Crybola, Trojan-Ransom.Win32.Cryakl, and Trojan-Ransom.Win32.CryptXXX. It describes how each of these ransomware variants encrypt files and change file names and extensions. The document also mentions that RannohDecryptor has command line options but does not provide details

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 1

    Tool for decrypting files affected by Trojan-Ransom.Win32.

    Rannoh infection

    1 of 1

    CompanyAccount|My Kaspersky
    Products & Services Online Shop Blog Trials Support Partners About Kaspersky Lab

    Home Support Safety 101

    Safety 101: Virus-fighting utilities


    Tool for decrypting files affected by Trojan-Ransom.Win32.Rannoh infection
    Back to "Virus-fighting utilities"

    2016 May 18

    ID: 8547

    If the system is infected by a malicious program of the family Trojan-Ransom.Win32.Rannoh, Trojan-Ransom.Win32.AutoIt, TrojanRansom.Win32.Fury, Trojan-Ransom.Win32.Crybola, Trojan-Ransom.Win32.Cryakl or Trojan-Ransom.Win32.CryptXXX, all files
    on the computer will be encrypted in the following way:
    In case of a Trojan-Ransom.Win32.Rannoh infection, file names and extensions will be changed according to the template locked<original_name>.<four_random_letters>.
    In case of a Trojan-Ransom.Win32.Cryakl infection, the tag {CRYPTENDBLACKDC} is added to the end of file names.
    In case of a Trojan-Ransom.Win32.AutoIt infection, extensions will be changed according to the template
    <original_name>@<mail server>_.<random_set_of_characters>.
    Example: ioblomov@india.com_.RZWDTDIC.
    In case of a Trojan-Ransom.Win32.CryptXXX infection, extensions will be changed according to the template
    <original_name>.crypt.

    RannohDecryptor tool is designed to decrypt files dectypted by Trojan-Ransom.Win32.Rannoh, Trojan-Ransom.Win32.AutoIt, TrojanRansom.Win32.Fury, Trojan-Ransom.Win32.Crybola, Trojan-Ransom.Win32.Cryakl or Trojan-Ransom.Win32.CryptXXX.

    Disinfection

    Command line options

    You might also like