Re: [Burp-users] ransomware restore encrypted files only
Brought to you by:
grke
Menu
▾
▴
Re: [Burp-users] ransomware restore encrypted files only
|
From: Graham K. <gr...@gr...> - 2016-04-24 06:54:41
|
On Sun, April 24, 2016 4:10 am, Jorge Francés Calabuig wrote: > My Windows xp sp3 machine was infected by a Torrentlocker ransomware > variant. As result, about 3000 files were encrypted. Torrentlocker added > extension .encrypted to that files. > Fortunately that machine was running burp client version 1.4.24 . > I wanted to restore encrypted files only, so on Windows console root > folder I typed: > dir *.encrypted /s /b > encrpted_files.txt > > Next I opened encrypted_files.txt on Notepad++ and replaced \ chars to / > and carriage returns to , > To restore each file I executed this command: > for /f "delims=," %i in (encrypted_files.txt) do burp.exe -a -r -b 1 -r > "%i" -d c:\tempdir > > Some filenames and paths contained regional special characters, > parenthesis , etc. I had to restore them manually . It took a lot of > time, but finally I got all files restored. > > Thanks to burp backup developers. You are welcome. :) |
