Ransomware Attacks and Post Recovery

Ransomware Attacks and Post Recovery

Deal Cadet

Let’s disccus the types of Ranswomwares.



Locky is a type of ransomware that was first released in a 2016 attack by an organized group of hackers.

With the ability to encrypt over 160 file types, Locky spreads by tricking victims to install it via fake emails with infected attachments. This method of transmission is called phishing, a form of social engineering.

Locky targets a range of file types that are often used by designers, developers, engineers, and testers.


WannaCry is ransomware attack that spread across 150 countries in 2017.

Designed to exploit a vulnerability in Windows, it was allegedly created by the United States National Security Agency and leaked by the Shadow Brokers group. WannaCry affected 230,000 computers globally.

The attack hit a third of hospital trusts in the UK, costing the NHS an estimated £92 million. Users were locked out and a ransom was demanded in the form of Bitcoin. The attack highlighted the problematic use of outdated systems, leaving the vital health service vulnerable to attack.

The global financial impact of WannaCry was substantial -the cybercrime caused an estimated $4 billion in financial losses worldwide.

3)Bad Rabbit

Bad Rabbit is a 2017 ransomware attack that spread using a method called a ‘drive-by’ attack, where insecure websites are targeted and used to carry out an attack.

During a drive-by ransomware attack, a user visits a legitimate website, not knowing that they have been compromised by a hacker.


Ryuk ransomware, which spread in August 2018, disabled the Windows System Restore option, making it impossible to restore encrypted files without a backup.

Ryuk also encrypted network drives.


The Troldesh ransomware attack happened in 2015 and was spread via spam emails with infected links or attachments.

Interestingly, the Troldesh attackers communicated with victims directly over email to demand ransoms. The cybercriminals even negotiated discounts for victims who they built a rapport with — a rare occurrence indeed.


Jigsaw is a ransomware attack that started in 2016. This attack got its name as it featured an image of the puppet from the Saw film franchise.

Jigsaw gradually deleted more of the victim’s files each hour that the ransom demand was left unpaid. The use of horror movie imagery in this attack caused victims additional distress.


CryptoLocker is ransomware that was first seen in 2007 and spread through infected email attachments. Once on your computer, it searched for valuable files to encrypt and hold to ransom.

Thought to have affected around 500,000 computers, law enforcement and security companies eventually managed to seize a worldwide network of hijacked home computers that were being used to spread Cryptolocker.


Petya (not to be confused with ExPetr) is a ransomware attack that first hit in 2016 and resurged in 2017 as GoldenEye.
Rather than encrypting specific files, this vicious ransomware encrypts the victim’s entire hard drive. It does this by encrypting the Master File Table (MFT) making it impossible to access files on the disk.


The resurgence of Petya, known as GoldenEye, led to a global ransomware attack that happened in 2017.

Dubbed WannaCry’s ‘deadly sibling’, GoldenEye hit over 2,000 targets, including prominent oil producers in Russia and several banks.

Frighteningly, GoldenEye even forced workers at the Chernobyl nuclear plant to check radiation levels manually as they had been locked out of their Windows PCs.


GandCrab is a rather unsavory ransomware attack that threatened to reveal victim’s porn watching habits.

Claiming to have highjacked users webcam, GandCrab cybercriminals demanded a ransom or otherwise they would make the embarrassing footage public.

File Extensions:

Older Versions – File decryptor Supports:

shadow, .djvu, .djvur, .djvuu, .udjvu, .uudjvu, .djvuq, .djvus, .djvur, .djvut, .pdff, .tro, .tfude, .tfudet, .tfudeq, .rumba, .adobe, .adobee, .blower, .promos, .promoz, .promorad, .promock, .promok, .promorad2, .kroput, .kroput1, .pulsar1, .kropun1, .charck, .klope, .kropun, .charcl, .doples, .luces, .luceq, .chech, .proden, .drume, .tronas, .trosak, .grovas, .grovat, .roland, .refols, .raldug, .etols, .guvara, .browec, .norvas, .moresa, .vorasto, .hrosas, .kiratos, .todarius, .hofos, .roldat, .dutan, .sarut, .fedasot, .berost, .forasom, .fordan, .codnat, .codnat1, .bufas, .dotmap, .radman, .ferosas, .rectot, .skymap, .mogera, .rezuc, .stone, .redmat, .lanset, .davda, .poret, .pidom, .pidon, .heroset, .boston, .muslat, .gerosan, .vesad, .horon, .neras, .truke, .dalle, .lotep, .nusar, .litar, .besub, .cezor, .lokas, .godes, .budak, .vusad, .herad, .berosuce, .gehad, .gusau, .madek, .darus, .tocue, .lapoi, .todar, .dodoc, .bopador, .novasof, .ntuseg, .ndarod, .access, .format, .nelasod, .mogranos, .cosakos, .nvetud, .lotej, .kovasoh, .prandel, .zatrov, .masok, .brusaf, .londec, .krusop, .mtogas, .nasoh, .nacro, .pedro, .nuksus, .vesrato, .masodas, .cetori, .stare, .carote

For newer Versions, the decryptor can’t help us because the hacker has the private key for our encrypted files in their server. some encountered .bboo and .cerebro extensions which is of newer versions


You can get rid off the virus, but your files will be lost in case of newer viruses. Unless you have your system restore point, you won’t get your files back.

So, immediately create a backup or System Restore point.

Create System Restore Point:

For Windows 7,
1. Choose Start→Control Panel→System and Security. …

2. Click the System Protection link in the left panel.

3. In the System Properties dialog box that appears, click the System Protection tab and then click the Create button. …

4. Name the restore point, and click Create. …

5. Windows alerts you when the restore point is created.

For Windows 8/8.1:

•Right-click the Start  button, then select Control Panel > System and Maintenance > System.

•In the left pane, select System protection.

•Select the System Protection tab, and then select Create.

•In the System Protection dialog box, type a description, and then select Create.


For Windows 10:

•In the search box on the taskbar, type Create a restore point, and select it from the list of results.

•On the System Protection tab in System Properties, select Create.

•Type a description for the restore point, and then select Create > OK.