You are on page 1of 11

What Is RSA Encryption Algorhytm?

RSA encryption algorithm is a type of language that, in this case, changes the normal code of the
file with a unique key. This key can be decrypted via special software, but it requires a powerful
machine since it is a time-costly process. RSA algorithm has been employed by the most
traditional ransomware viruses that have caused massive devastations on a global scale – The
CryptoWall Variants(2.0, 3.0), Bitcrypt and others. In this tutorial, we show you a possible
method of decrypting your files and restoring them to their previous working state in case you
have no backup on your operating system (OS). After the tutorial, we have provided instructions
on how to enable Windows file history so your files can be backed up so you can protect yourself
from future attacks. Make sure you take your time and do everything from the steps below and
things should be fine for you.

Ransomware Removal Manual
Before doing this, make sure you backup your information on a USB stick or anything of this
similarity. After that, make sure you download a reputable anti-malware software that will detect
anything out of the ordinary and assist you with the removal of the threat. Download it to a safe
PC and put it on yours and boot your computer in Windows online Safe Mode using the
following manual:
1. Start Your PC in Safe Mode to Remove Ransomware

1. Start Your PC in Safe Mode to Remove Ransomware.
For Windows XP, Vista, 7 systems:

select the Safe Mode option you want using the arrow keys. .1. click on Power and then click on Restart. 2. Log on to your computer using your administrator account While your computer is in Safe Mode. From there you should choose Troubleshoot. Press “F8” just as described for a single operating system. Select one of the two options provided below: – For PCs with a single operating system: Press “F8” repeatedly after the first boot screen shows up during the restart of your computer. the words “Safe Mode” will appear in all four corners of your screen.1 and 10 systems: Step 1: Open the Start Menu Step 2: Whilst holding down Shift button. Remove all CDs and DVDs. you have to repeat the same task again. – For PCs with multiple operating systems: Тhe arrow keys will help you select the operating system you prefer to start in Safe Mode. For Windows 8. press “Enter“. 8. the aftermentioned menu will appear. As you make your selection. 3. In case the Windows logo appears on the screen. Step 3: After reboot. As the “Advanced Boot Options” screen appears. 4. and then Restart your PC from the “Start” menu.

click on Startup Settings. Step 6: Click on Restart. .Step 4: You will see the Troubleshoot menu. Step 5: After the Advanced Options menu appears. From this menu you can choose Advanced Options.

Remove Ransomware automatically with SpyHunter Removal Tool. You should choose Safe Mode by pressing its corresponding number and the machine will restart. 2. 2. .Step 7: A menu will appear upon reboot. Remove Ransomware automatically with Spy Hunter Malware – Removal Tool.

we have used . called Bitcrypt. Ransomware Files Restoration For this particular tutorial. -Install it on a virtual drive (Recommended). You can get it from their website’s download page and you can either: -Install it along with your operating system by booting a live USB drive.04 which assisted us in using special software appropriate for this distribution. Step2: Download the free software.bitcrypt extension files. called Rufus from here and install it on your windows. Here we have brief tutorials for both: Installation of Ubuntu on your machine: Step1: Get a USB flash drive that has above 2GB of space. encrypted by ransomware. We have also used Ubuntu version 14.To clean your computer with the award-winning software Spy Hunter – It is highly recommended to run a system scan before purchasing the full version of the software to make sure that the current version of the malware can be detected by SpyHunter. .

you need to download VMware Workstation from their download page or any other Virtual Drive Management program. After that boot the Linux image from the following button: Make sure you locate it and select it from where you downloaded it. After installed you should: . you should go to the BIOS menu by pressing the BIOS hotkey on startup for your PC (Usually it is F1) and from there select the first boot option to be the USB bootable drive or CD/DVD in case you have burnt Ubuntu on such. Step4: After the flash drive is ready. If it does not. and it should run the Ubuntu installation. restart your computer. Installation Of Ubuntu on your Virtual Drive For this installation.Step3: Configure Rufus by choosing NTFS as a system and selecting the USB drive as the one to be created as a bootable USB.

Step2: Set the drive size. Now that we have Python and the script. it is time to find out the key of the .2 Also. To do this click on this link. Make sure you have a minimum of 20 gigabytes of free space fro Ubuntu on your computer. Download the file in your ‘Home’ folder after it prompts you where to save it. you should know where it is. Step 4: After that play the Virtual Machine and it will install automatically.Step1: Create a new virtual drive. Step 3: Select the ISO image.2 by typing the following in the terminal: →sudo apt-get update sudo apt-get install python3. Keep this as decrypt. if your Linux does not have sqlite3 module.py in case it is not saved in this format. we need to download a script created by 2014 Airbus Defence and Space Cybersecurity. Also choose ‘Run as a single drive’.bytrcypt encrypted file. install it by typing: →sudo apt-get install sqlite3 libsqlite3-dev sudo gem install sqlite3-ruby Now after we have Python installed. File Decryption Once you have Ubuntu or any other Linux distribution on your computer open the terminal by doing the following: Then update your Linux and install greater version than Python 3. To do this move your encrypted files ot the home folder by using the file manager: . For this option.

/decrypt.py” file type the following into the terminal to initiate the script: →python .After you located all of the encrypted files there along with the “decrypt.py “Your_Encrypted_Document_Name_and_Format” It will show an error. and this is entirely normal as long as you see this code: .

This is the RSA code for this file. Now. and we are halfway there.tar files are very similar to . It should look like this: . we need to decrypt it.zip files). It will download a .rar or .gz from their download page here. However. the newest version is also on a good level.tar.0 version. Simply open it and click on the Extract button on top and choose the ‘Home’ folder. We recommend the 2.tar archive file (. To do this download a program called cado-nfs2.0.

0 make After this is set. To do this. Do this by opening decrypt.py in a text editor and finding this part of it: →known_keys = { many long numbers } We need to add before the second bracket (“}”) these lines: .sh YOUR_UNIQUE_KEY_WHICH_IS_LETTERS_OR_NUMBERS_HERE -s 4 -t 6 After the process completes./factor. we need to insert in the “decrypt. Important – this process can take from several hours to days to be finished. we need to compile cado-nfs. you should see the following: →Info:Complete Factorization: Total cpu/real-time for everything: hhhh/dddd LongNumber1 LongNumber2 After we have the decrypted key.After the we have all the files extracted in the ‘Home’ folder. it is time to run the key cracker. To begin the process type in your cd cado-nfs terminal: →. open another terminal and type: →cd cado-nfs-2.py” script.

But remember that first you should find out their initial keys to decrypt them. opened parenthesis. After this it is time to decode the files. closed parenthesis.clear extension and you should be all set. It should look like this: →The Previous Key:(LongNumber1. a column. Repeat the process for your other files as well.bitcrypt” Executing this command will make a file that is called “Your_Encrypted_Document. . You should be able to open them now. LongNumber2.py “Your_Encrypted_Document.bitcrypt. To do this type: →python . Comma.docx.The Previous Key.CLEAR” Just rename the file by removing the . We hope this works for you./decrypt.LongNumber2) Be advised that you should do this only one time. LongNumber1.docx.