On data from a client hit by cryptolocker, I found that zip files were not encrypted. I was able to copy and open several zip files. Some they hadn't bothered to rename. Others I deleted everything after .zip and they worked perfectly.
A large important SQL database file which is zipped, however opens and I can see the filename inside and encryption is 33%, but it fails to extract.
I do not believe the file has been encrypted since another smaller file also in the same folder and only renamed unzipped and worked correctly. I think some error may have happened in creation since it is 44gb.
Are there any tools/services that might either repair the zip or extract part of the file?
This is an urgent situation for my client. I appreciate any help that can be offered. Thanks.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
7-Zip is very prone to errors and incompatibilities in archive. If it can't extract file then try any other archiver/extractor which you can find. There are many of it, especially on windows. If you were lucky, then maybe you will succeed, but even then archive may be corrupted...
Last edit: mdadm 2021-06-12
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I may have to revise my description. The other files I was able to open I also cannot extract files from. So, I don't think this is an error in zipping. What I think is that the encryption put a wrapper around the zip, some binary at the front and end of the file. I still feel the zips may contain unencrypted data. If I can read the file contents, then at least part of the file was not encrypted. So, it is possible the file contents are not, either. If that were the case, the trick would be to find a way to binary edit the file to find the beginning and end of an actual zip archive.
Beyond my skills. Perhaps, someone familiar with zip file structure may be able to suggest something.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
On data from a client hit by cryptolocker, I found that zip files were not encrypted. I was able to copy and open several zip files. Some they hadn't bothered to rename. Others I deleted everything after .zip and they worked perfectly.
A large important SQL database file which is zipped, however opens and I can see the filename inside and encryption is 33%, but it fails to extract.
I do not believe the file has been encrypted since another smaller file also in the same folder and only renamed unzipped and worked correctly. I think some error may have happened in creation since it is 44gb.
Are there any tools/services that might either repair the zip or extract part of the file?
This is an urgent situation for my client. I appreciate any help that can be offered. Thanks.
7-Zip is very prone to errors and incompatibilities in archive. If it can't extract file then try any other archiver/extractor which you can find. There are many of it, especially on windows. If you were lucky, then maybe you will succeed, but even then archive may be corrupted...
Last edit: mdadm 2021-06-12
I may have to revise my description. The other files I was able to open I also cannot extract files from. So, I don't think this is an error in zipping. What I think is that the encryption put a wrapper around the zip, some binary at the front and end of the file. I still feel the zips may contain unencrypted data. If I can read the file contents, then at least part of the file was not encrypted. So, it is possible the file contents are not, either. If that were the case, the trick would be to find a way to binary edit the file to find the beginning and end of an actual zip archive.
Beyond my skills. Perhaps, someone familiar with zip file structure may be able to suggest something.
try the command: