You are welcome to discuss various security topics with our professional team and other users like you!
Read our Registration Agreement and create your FREE account here!

*

Jsan

  • *
  • 1
  • +0/-0
      • View Profile
Redshitline Ransomware - how do i decrypt my files?
« on: August 23, 2016, 12:38:59 pm »
Hello, few days ago, I got hit by this redshitline ransom virus and my files are now .xtbl. I have read your post about it here:

http://sensorstechforum.com/remove-redshitlineindia-com-ransomware-and-restore-xtbl-encrypted-files/

I tried every method known so far. I tried data recovery software and managed to get back 9 files that i needed fully. I also recovered 50 more files but they are not openable. I saved the decryption files on a disk, because i used anti-malware scanner to delete this virus. Do you know other methods that I can try to decrypt my files? Thanks in advance!

*

never

  • *****
  • 122
  • +26/-0
  • Network Administrator and Malware Researcher
      • View Profile
Re: Redshitline Ransomware - how do i decrypt my files?
« Reply #1 on: August 23, 2016, 12:51:43 pm »
Hello, Jsan

At the present moment I do not see any viable direct solution. It is unfortunate that you have deleted this virus, because you could have used a method also known as network sniffing to try and intercept any information that can be sent out to the cyber-criminals, like the decryption keys, for example. Either way, you may want to give a try to some of Kaspersky's decrypters. But bear in mind that this is a risky thing because you tamper directly with the files and If they have a so called CBC mode, sort of "file protection", that breaks the files when you try to decrypt them, you may lose your files forever. Either way, you can try using Kaspersky's decryptors, starting with Rannoh decryptor - here is the link for download:

Kaspersky Utilities


But if you are going to try using the decryptors, I advise you to set your PC to stay turned on and not automatically shut down. This is how to do it:

Step 1: Click on the battery icon in your system tray (next to the digital clock) in Windows and then click on More Power Options.
Step 2:The mighty Power options menu will appear. In your power plan click on Change Plan Settings.
Step 3: In your plan’s settings make sure you set “Turn off the display” and “Put computer to sleep” to “Never” from the drop down minutes menu.
Step 4: Click on “Change Advanced Plan Settings” and click to expand the “Hard Disk” option in the list there.
Step 5: From there, set the power settings (On Battery and Powered On) to “Never”.

Now, you should configure your PC to start decrypting Cerber ransomware’s files. Bear in mind that the process may take a lot of time so arm yourself with patience.
« Last Edit: August 23, 2016, 01:05:49 pm by never »

*

Weco332

  • *
  • 1
  • +0/-0
      • View Profile
Re: Redshitline Ransomware - how do i decrypt my files?
« Reply #2 on: August 23, 2016, 12:57:42 pm »
Jsan, does this really work? If so, what program you used? I have removed the virus with antivirus program but this did not get back my files.

*

never

  • *****
  • 122
  • +26/-0
  • Network Administrator and Malware Researcher
      • View Profile
Re: Redshitline Ransomware - how do i decrypt my files?
« Reply #3 on: August 23, 2016, 01:03:49 pm »
Hello Weco

You have to understand that Antivurus programs cannot restore your files, because they have been encrypted. This means that the files are changed, similar to being broken in a way. The program that Jsan has used is a data recovery program and it is basically used when you lose your files, like accidentally delete them. Many victims of ransomware have started using data recovery programs in order to try and recover lost files. The reason Jsan has recovered 10 files is because he did not reinstall Windows and format his drive and I suppose he also got lucky. What these programs do is they scan your hard drive's memory sectors for portions of data of those lost files and restore them back to their previous working state. So it really depends whether or not you are going to be able to restore your files with them. You may restore a lot of your files, but you may not restore anything at all.

Having written this, best I can do is show you some of the best data recovery programs out there so far, just see the link below:

Top 5 Data Recovery Software - Which Program Suits Me Best?

PS: Bear in mind that different programs perform different activities and have different extras, so before trying them out, make sure to read about them first.

BR,
Never