Bill Jordan

I may have to revise my description. The other files I was able to open I also cannot extract files from. So, I don't think this is an error in zipping. What I think is that the encryption put a wrapper around the zip, some binary at the front and end of the file. I still feel the zips may contain unencrypted data. If I can read the file contents, then at least part of the file was not encrypted. So, it is possible the file contents are not, either. If that were the case, the trick would be to find...

I am dealing with ransomware for a client on their NAS. I discovered that any zip files could be opened by simply removing the extraneous extension naming. e.g. renamed "File.zip FJDKFS.waiting" to "File.zip" and it opened. I think they counted on me assuming that because docs and other files were encrypted, that zip files would be also. There are many kinds of ransomware, so this likely will not work for all. I was honestly surprised it worked for me. And unfortunately, it did not work for an important...

On data from a client hit by cryptolocker, I found that zip files were not encrypted. I was able to copy and open several zip files. Some they hadn't bothered to rename. Others I deleted everything after .zip and they worked perfectly. A large important SQL database file which is zipped, however opens and I can see the filename inside and encryption is 33%, but it fails to extract. I do not believe the file has been encrypted since another smaller file also in the same folder and only renamed unzipped...