[Burp-users] ransomware restore encrypted files only
Brought to you by:
grke
Menu
▾
▴
[Burp-users] ransomware restore encrypted files only
|
From: Jorge F. C. <ali...@ho...> - 2016-04-23 18:10:59
|
My Windows xp sp3 machine was infected by a Torrentlocker ransomware variant. As result, about 3000 files were encrypted. Torrentlocker added extension .encrypted to that files. Fortunately that machine was running burp client version 1.4.24 . I wanted to restore encrypted files only, so on Windows console root folder I typed: dir *.encrypted /s /b > encrpted_files.txt Next I opened encrypted_files.txt on Notepad++ and replaced \ chars to / and carriage returns to , To restore each file I executed this command: for /f "delims=," %i in (encrypted_files.txt) do burp.exe -a -r -b 1 -r "%i" -d c:\tempdir Some filenames and paths contained regional special characters, parenthesis , etc. I had to restore them manually . It took a lot of time, but finally I got all files restored. Thanks to burp backup developers. |
