Since we have seen tons and tons of ransomware, we have also seen users who were able to recover at least some of their files using data recovery software. Here is a video about it:

  Recover Your Data and Find Hidden Files

Bear in mind that you should also check the  Tips and Tricks regarding ransomware which Execute has kindly created to assist you with this mess.

Best Regards,
Never

Hi to all,
I need your advice for my friend's sad case  . He got 7ev3n-HONE$T which renames files to R5A extension. If anyone know how to decrypt, it will be veeeery nice. His files are on D partition of lap top. But if there is no help, what will happen if we install new windows on infected C system drive? Will it make documents on D visible or it will be the same?
Thanx in advance and brgds,
Fidelio

Hello, @Fidelio.

For now there is no known method for decryption of .r5a locked files.
It doesn't matter on which partition he has the files. If you reinstall the Operating System with the partition of where that OS is located, it might not get rid of the ransomware. But one thing is 100% sure - even if you manage to remove it, the files will remain locked. There is nothing keeping them in that state - it's a done matter. (Just like a door - if you lock it - it stays locked).

However, removing the virus is good, so it stops spreading to different networks and external devices if you connect them to the laptop.
You might try some Data Recovery tools. Although paid ones are recorded to be better, free ones also have successfully recovered files encrypted by ransomware. First try with some Free tools. If you see it works and the result is pleasing to you - make a decision if you want to pay for better tools.

Important things you should consider:

1. Data Recovery Tools will only work if you haven't reinstalled your OS.
2. Ransomware usually deletes files and encrypts their copies and that's why a Data Recovery software might work.
3. If you have already re-installed the OS, recovery software might work for files found initially in the other drive.
(If free programs don't recover anything after reinstallation, do not think paid ones to work - they work on almost the same exact principle).

Here is more information about the virus - http://sensorstechforum.com/7ev3n-honest-virus-the-return-of-the-ransomware/

You should also try to prevent this from happening to your friends, by looking at these tips and these Anti-Ransomware Tools.

Best Regards,
Execute

Hi, is there any way of converting encrypted files (.crypz) as all my photos have been hacked into and encrypted.

Thanks

Hi, is there any way of converting encrypted files (.crypz) as all my photos have been hacked into and encrypted.

Thanks

Hello there, Raj.
As the ransomware is a variant of Cryp1 Ransomware it might be possible to recover some files with TrendMicro's File Decryptor for previous variants. You might get a partial decryption this way.

Other than that - no official way exists to recover 100% of the data. As ransomware often deletes files before encrypting them, I can suggest a Data Recovery program, like Stellar Phoenix Photo Recovery or a similar one specifically made for photo restoration.

Researchers have previously decrypted some of the past variants of the ransomware, so there is hope yet. If nothing works - save your files somewhere and wait. Don't pay the ransom as the ransomware makers' own decryptor doesn't work according to recent reports.

If you have any other questions - feel free to ask.

Best Regards,
Execute

i received the osirus virus the end of january.  a new compjuter was built because i needed it badly.  the data that could be restored was and is working fine, however none of my tax data was restored.  I sent the hard drives out to be recovered and according to the report it looks like all the tax data is there.  with the normal extensions i believe.  the recovering company cannot guarantee that the virus is still not there.  they are going to send me a file to see if it worked but not sure i will be able to load it without all the rest of the files i would need to run the program efficiently.  not sure what the encryption would look like in these files.  can someone please help. 

Hello @Niscpa,

With this particular case, an encrypted file will have an extension .osiris, and you will see it if you have enabled to see extensions on your computer.
Encrypted files will have a different size compared to their original ones (typically larger size). Because these files can't be opened and have a changed extensions, their icon might be changed, too.

If you haven't removed the ransomware, and the place you gave your disks did not remove it, open the disks with no Internet connection on, and scan them with a security software. As the ransomware doesn't seek to encrypt files with a lot of different file extensions, some files won't be encrypted even if the virus is still on the system.

A decryptor for the ransomware does not exist for now and none is expected in the near future.

I hope I helped with the information you needed.
If there is something you are curious about you can always ask and also refer to the following link, where you can read more about the .osiris version of Locky ransomware.

Can someone PLEASE help me?  I have Cryptolocker on my computer and it is holding my files and pictures for a ransome.  I my both grandmother's pictures dating back to 1928 and csannot get to them.

Can someone PLEASE help me?  I have Cryptolocker on my computer and it is holding my files and pictures for a ransome.  I my both grandmother's pictures dating back to 1928 and csannot get to them.

Hello, paynep.

There are a couple of things you can do, but depending on which variant of Cryptolocker you have, decryption may not be possible.

You can read more information about this ransomware virus from the article below:

http://sensorstechforum.com/remove-cryptolocker-ransomware-virus/

Does the ransom note have any similarity with the ones displayed in the article? What extension are your files encrypted with?

With Regards,
Execute

hola buenas tardes me gustaria saber si puededn ayudarme con unos archivos corruptos que tengo, me sale esto en algunas partes del testo !~!1, garcias por su ayuda

hola buenas tardes me gustaria saber si puededn ayudarme con unos archivos corruptos que tengo, me sale esto en algunas partes del testo !~!1, garcias por su ayuda

Buenas tardes, TEKILA.

Could you provide more information? And please write in English if you can?

Currently I cannot find a ransomware virus that encrypts with the "!~!1"extension specifically.

Maybe it is a known variant of an old ransomware, which places different extensions to different victims.

If you have a text file with ransomware instructions - can you copy/paste the text?

Hello,
i'm a victim of the ransomware that encrypted all my file. i've try diferent versions of globimposter, but no way. i receive the message "the decrypter could not determine a valid key for your system, please drag and drop both encrypted file as well as its uncencrypted counterpart onto the decrypter to determine the correct key. Files need to be at least 128 bytes long" .

The extension of my file is .BIG_SITE
Can you tell me plz how to do to decrypt?

the email adress bigbig_booty@aol.com is for the harker, I paid the ranson but he no longer responds to the email I sent him and especially he did not send the right decryptor

thanks in advance

Hello @Vtchoula,

have you been trying to decrypt with the Emsisoft decryption tool hosted here:
https://decrypter.emsisoft.com/globeimposter ?

On that page there is even a "Detailed usage guide" that you can open to see if you were missing something.
If it still doesn't work, then I am afraid you have a newer variant of the virus and decryption is not yet possible.

Tell us what has happened after you read the guide.

Hello friends
Sunday this happened to my company.
All shared data files on a Windows Server 2008 R2 server have been encrypted.
All were left with the extension: .fastrecovery @ xmpp.jp
an example below:
y+=iziiCEMAz5hAKZwYt9qviAMwLZx8DqmlY93psEKIWN6smZKlZHWo7AjQpAUT=ApSoqDLKREes+lsaK15hIco3tp3J8i7LUJ995GJ2ACjIZoIgC9mn567FhlAjNGvwJnEyWA.fastrecovery@xmpp.jp

The rescue .txt file is this:
      
      The file is encrypted with the RSA-2048 algorithm, only we can decrypt the file.

====================================================================================================
            To decrypt files, please contact us by jabber:

               fastrecovery@xmpp.jp

====================================================================================================
               
      If you do not have a jabber. To write to us to register: https://www.xmpp.jp

====================================================================================================
Your files are encrypted!
Your personal identifier:
+4IAAAAAAAC9wDrhJZLBE0QkCAN=AaEExNzY=2Y2aT4EJF60=rJHn7jjpVqeZ6sJrvnX0=Jacb6zp39ti7arIvhHVROvjiBXxWpi
Cg9XtUdhtv7p1OeqZtURy0ywbXQe0yxWtOnhwqso5wqSku+FOSenX49RT25p88zL=UIZt+Pj9vuh6G0drb260FxMPVFQpGXHazMU
ghyTr5u=SGypy5e=+RBwVOtnzgmZWfYrv7ENgWZ6g90GlTfU1DG7ZeCesAOlqeb2v+Isd1vZL1EB4HRBOv5va1i6AgwbWbtZFyAo
mP0BxQAwN+BBbC4aElSyBf0=Qp4cp+zITRk1sKEG+I1gsZ=ZbHLugYQEBqTrFNgEFYU7OsW60nL1zOQucDtMJxkGwBMjBPdnAIl9
Jh4S9Xtwc6WoWNip5jjAPXJzmpb4lPoA
====================================================================================================

From what I browsed on various sites and forums, there is still no solution to decrypt these my "hijacked" files.
Does anyone here know of any tool that turns my files back to what it was before?
I'm really desperate because even the backup that was done was also infected.
Sorry to bother you, and I really appreciate any help from you.