Troubleshoot How to unencrypt files after Crypto virus removed?

[Alkajak]

Briefly explain your current issue(s)

Cannot open .docx and .jpg files, all listed as "VVV file type"

Steps taken to resolve, but have been unsuccessful

The computer is 100% clean, guaranteed. I just need help getting the files unencrypted.

Recuva doesn't even recognize the HDD. The computer boots up and works fine, no hardware failures or anything. I've tried a few Recuva alternatives, they get stuck somewhere throughout the scan for files to recover.

Edit: I have read the guide on this forum, which is why I used Recuva, as recommended. I need a solution outside of that guide.

 

[SloppyMcFloppy]

Restore from the backup or you will lose it forever.

 

[DracusNarcrym]

I'm very much afraid that, unless the encryption algorithm the cryptoware utilized is flawed, your files cannot be recovered without a decryption key. Also, attempting to crack the encryption by brute force mehods is going to take so long it is practically impossible.

I recommend you recover them from a backup or attempt to use methods outlined in any guides that are relevant to the cryptoware of this case.

 

[Alkajak]

This is a family computer, so no real backups have been made other than the automatic restore points that happen once in a while. I know system restore doesn't affects any files, but does it affect/remove encryption that has been made on files?

 

[DracusNarcrym]

As far as I know, encryption is applied to files usually by modifying the files themselves, it's not like an external layer of protection that can be managed independently.

As for restore points, I am utterly clueless as to how they might help since I have never used them before for anything.

 

[pneuma1985]

Correct me if I'm wrong here: depending on the encryption it may absolutely be impossible! As far as I understand the crypto viruses of which there are several. There are modified versions of each crypto malware as well upping the encryption lvl and type of encryption in the original source of malware. As per usual when malware is released it tends to evolve. So what worked last year for decryption, may not work now. I have no idea. I've never had the opportunity or need to look at the source of the cryptolocker malware.
I'd like to point out though they have reverse engineered the encryption in some of them I believe... Read that somewhere; so depending on which crypto-virus, it may be possible to completely decrypt your files for free if my memory serves me right.

Wait i just found something about it on bleeping computer with my first google search: Decryption keys are now freely available for victims of CryptoLocker - Archived News

 

[Rishi]

.VVV is diagnostic of Teslacrypt as can be found here New TeslaCrypt version adds the .VVV Extension to Encrypted Files
Unfortunately, it has not been decrypted as yet(RSA-2048 key), but you can try getting your files back by using shadow volume copies or any undelete utility, see the MalwareTips guide for more details:
Remove Howto_Restore_FILES and .VVV extension (Guide)
Hope this helps you.

 

[pneuma1985]

.VVV is diagnostic of Teslacrypt as can be found here New TeslaCrypt version adds the .VVV Extension to Encrypted Files
Unfortunately, it has not been decrypted as yet(RSA-2048 key), but you can try getting your files back by using shadow volume copies or any undelete utility, see the MalwareTips guide for more details:
Remove Howto_Restore_FILES and .VVV extension (Guide)
Hope this helps you.

Thankyou for setting that straight as I said I wasn't exactly sure what encryption the crypto-viruses were using: since a 2048 rsa key is impossible for now and I hesitate to say forever, but as far as we're concerned with current computing power [FOREVER]. Would take supercomputers like a billion years to break that key lol. Heres the exact math behind how long theoretically it would take to crack ROFL Just How Strong is 2048-bit SSL Certificate Encryption?
6.4 quadrillion years to crack a 2048bit rsa key!
Sorry about that didn't mean to get your hopes up lol wasn't aware they were using 2048bit encryption! Never dealt with a crypto virus, I've only read a bit about them. I'd just take the loss and do an image restore.

 

[Rishi]

Thankyou for setting that straight as I said I wasn't exactly sure what encryption the crypto-viruses were using: since a 2048 rsa key is impossible for now and I hesitate to say forever, but as far as we're concerned with current computing power [FOREVER]. Would take supercomputers like a billion years to break that key lol. Heres the exact math behind how long theoretically it would take to crack ROFL Just How Strong is 2048-bit SSL Certificate Encryption?
6.4 quadrillion years to crack a 2048bit rsa key!
Sorry about that didn't mean to get your hopes up lol wasn't aware they were using 2048bit encryption! Never dealt with a crypto virus, I've only read a bit about them. I'd just take the loss and do an image restore.

There have been instances where a badly-coded ransomware has been decrypted by the security researchers, there is hope, also depends upon the kind of flaws left behind in the obfuscation and anti-reverse engineering techniques. For example, ARCHIVED - Radamant Ransomware Author Has a Fit When Researcher Cracks His Encryption and the researcher is a member here on MalwareTips community. It remains to be seen what the experts can find or Teslacrypt can reveal.Fingers crossed.