Repair photos (JPEG) affected by ransomware [STOP Djvu]

In this video I show how I use JPEG-Repair to repair a JPEG that is affected by ransomware. This specific variant does encrypt the first 150 KB of the file. That leaves room for repair: 150 KB means the JPEG header is corrupt + some 150 KB of actual image data. Since the original photo is 6 MB+ there is plenty of data left. After repairing a couple of files I found that these files were encrypted by a variant for which a decryptor is available. However I still posted the video as not all variants can be decrypted and the same process can be useful to repair files that are partially encrypted by other ransomware. Note that JPEG-Repair can not help you if the entire file is encrypted! Blog post about this case: https://www.disktuna.com/repairing-jpegs-encrypted-by-ransomware-stop-djvu/ JPEG-Repair: https://www.disktuna.com/go/jpeg-repair-toolkit/

All Comments

  • This variant of STOP is weaker than i thought it was.
    Interesting.

    Black Hat January 8, 2020 1:57 pm Reply

Leave a Comment

Your email address will not be published. Required fields are marked *