杀毒软件吧 关注:30,128贴子:416,016
- 19回复贴,共1页
The file stores data on the length of the encrypted key, the encrypted key itself, information about the type of encryption, and the size of the source file. During the course of encryption, a file named f.wnry is created—it stores the list of files for the Trojan to decrypt in test mode.
The decoder permits the decryption of several test files, the list of which is stored in the file f.wnry. The private key needed to decrypt them is stored in one of the malicious program’s components. So it is possible to decrypt them even without using the Trojan. However, the test files and all the other files are decrypted with different keys. Therefore, there is no guarantee that the data corrupted by the encoder can be restored successfully, even if a ransom is paid.
The decoder permits the decryption of several test files, the list of which is stored in the file f.wnry. The private key needed to decrypt them is stored in one of the malicious program’s components. So it is possible to decrypt them even without using the Trojan. However, the test files and all the other files are decrypted with different keys. Therefore, there is no guarantee that the data corrupted by the encoder can be restored successfully, even if a ransom is paid.
