I definitely recommend adding this AT LEAST to your crypto-cleanup tool bag. The BRU program is a bit complicated looking at first glance but I found it to be relatively intuitive since I didn't read the instructions and got it to do exactly what I wanted within 10 minutes or so. Yes PowerShell could do it but this was already put together, worked beautifully, and my PowerShell is still in the noob phases. I used this utility (free for personal use) to rename every file in the folder structure to its current name but remove the "Decrypted_" part. Even though they wiped their PC and reinstalled in the end, they still needed to clean up the file names after decryption and asked for my help. They had paid for the key from the hackers but during decrypting it simply copied the encrypted file and decrypted each file renaming them with "Decrypted_OriginalFileName" (Teslacrypt variant does this). It uses PCRE2 (revised version of PCRE) regex to provide search (and replace) functionality. This was a HUGE help when performing cleanup for someone’s personal PC post-infected with Ransom virus. Naming scheme (Name String) can be applied or regex replace can be performed to modify file names on the fly.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |