Like many across the world we have had all our files on the QNAP NAS encrypted with a 7z and have to pay Bitcoin to get a password to open them. It seems some have paid and the password doesn't work even.
What happens when one cannot normally get into a 7z file because they have forgotten their password etc?
Surely there has to be a way 7z knows how to bypass the pwd need.
Any help on this please?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I have found some programs that say they can do this. It seems like all of them belong to the same company. maybe the same program under different names.
They offer a demo that shows the first 3 digits of the password.
I have had it running for 3 hours and still no joy however I will let it run for days if I have to to see if it helps.
If you try it, let us know if it works.
EDIT: IT has now run about 20 hours and checked 421852 passwords.
Last edit: David 2021-04-25
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
David any luck? And which programs? Im in the same boat and sadly I didnt even know this happened until today and now the site to take money is closed so I'm SOL unless I can get the decryption password
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
AES encryption
7-Zip supports encryption with the AES-256 algorithm. This algorithm uses a cipher key with length of 256 bits. To create the key, 7-Zip uses a derivation function based on an SHA-256 hash algorithm. A key derivation function produces a derived key from a text password defined by the user. To increase the cost of an exhaustive search for passwords, 7-Zip uses a big number of iterations to produce the cipher key from the text password.
Tips for selecting password length
Here is an estimate of the time required for an exhaustive password search attack, when the password is a random sequence of lowercase Latin letters.
The most complex task for password search attack is SHA-256 calculation. Special SHA-256 hardware or GPU can be used to accelerate password search attack. Now modern GPU can provide about 10 times more performance for SHA-256 calculation than modern CPU. And special SHA-256 hardware can provide about 20 times more performance than GPU.
We suppose that one user with a budget of about $2000 (for GPUs) can check 10000 passwords per second and an organization with a budget of about 10^9 USD (one thousand million US dollars) can check 3 * 10^12 passwords per second. We also suppose that the processor in use doubles its performance every two years; so, each additional Latin letter of a long password adds about 9 years to an exhaustive key search attack.
The result is this estimate of the time to succeed in an attack:
Password Length Single User Attack Organization Attack
1 1 s 1 s
2 1 s 1 s
3 2 s 1 s
4 1 min 1 s
5 30 min 1 s
6 12 hours 1 s
7 14 days 1 s
8 1 year 1 s
9 10 years 2 s
10 19 years 1 min
11 28 years 30 min
12 37 years 12 hours
13 46 years 14 days
14 55 years 1 year
15 64 years 10 years
16 73 years 19 years
17 82 years 28 years
18 91 years 37 years
19 100 years 46 years
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi,
Like many across the world we have had all our files on the QNAP NAS encrypted with a 7z and have to pay Bitcoin to get a password to open them. It seems some have paid and the password doesn't work even.
What happens when one cannot normally get into a 7z file because they have forgotten their password etc?
Surely there has to be a way 7z knows how to bypass the pwd need.
Any help on this please?
I would love to know the same thing. Is there any possible way to unlock .7z file which have been locked without consent?
I have found some programs that say they can do this. It seems like all of them belong to the same company. maybe the same program under different names.
They offer a demo that shows the first 3 digits of the password.
I have had it running for 3 hours and still no joy however I will let it run for days if I have to to see if it helps.
If you try it, let us know if it works.
EDIT: IT has now run about 20 hours and checked 421852 passwords.
Last edit: David 2021-04-25
David any luck? And which programs? Im in the same boat and sadly I didnt even know this happened until today and now the site to take money is closed so I'm SOL unless I can get the decryption password
AES encryption
7-Zip supports encryption with the AES-256 algorithm. This algorithm uses a cipher key with length of 256 bits. To create the key, 7-Zip uses a derivation function based on an SHA-256 hash algorithm. A key derivation function produces a derived key from a text password defined by the user. To increase the cost of an exhaustive search for passwords, 7-Zip uses a big number of iterations to produce the cipher key from the text password.
Tips for selecting password length
Here is an estimate of the time required for an exhaustive password search attack, when the password is a random sequence of lowercase Latin letters.
The most complex task for password search attack is SHA-256 calculation. Special SHA-256 hardware or GPU can be used to accelerate password search attack. Now modern GPU can provide about 10 times more performance for SHA-256 calculation than modern CPU. And special SHA-256 hardware can provide about 20 times more performance than GPU.
We suppose that one user with a budget of about $2000 (for GPUs) can check 10000 passwords per second and an organization with a budget of about 10^9 USD (one thousand million US dollars) can check 3 * 10^12 passwords per second. We also suppose that the processor in use doubles its performance every two years; so, each additional Latin letter of a long password adds about 9 years to an exhaustive key search attack.
The result is this estimate of the time to succeed in an attack:
Password Length Single User Attack Organization Attack
1 1 s 1 s
2 1 s 1 s
3 2 s 1 s
4 1 min 1 s
5 30 min 1 s
6 12 hours 1 s
7 14 days 1 s
8 1 year 1 s
9 10 years 2 s
10 19 years 1 min
11 28 years 30 min
12 37 years 12 hours
13 46 years 14 days
14 55 years 1 year
15 64 years 10 years
16 73 years 19 years
17 82 years 28 years
18 91 years 37 years
19 100 years 46 years