Got ransomware and Shadow explorer doesn’t work

anti-virusdata-recoveryvirus

I got infected by the CTB Locker and probably I have removed the virus itself. But the files all got polluted. I tried to use shadow explorer but it shows all blank in CDEF any drives and got no dates listed. I have turned on all system restoration now but still showing nothing.

Best Answer

There is unfortunately no known solution available to repair or recover files affected by CTB Locker. Once the files are encrypted, they cannot be decrypted without the key. CTB Locker uses a varying algorithm to encrypt the files and thus cannot be decrypted using a fixed pattern or algorithm.

Some data may be recoverable using low level recovery techniques (data carving) directly from the infected hard drive/media.

The drawback of this method is that the files recovered falls outside of the normal data and naming structure and thus have no filenames, but are simply numbered in sequence as they are recovered by signature. This means that you will manually have to go through each file to verify the contents.

It is advisable not to work and save any new data to the affected drive in order to minimize further data loss.

All the best