My D-Link has just been hit by Cr1ptT0r ransomware, had everything backed up twice all bar a few photo's. Does anybody know of a way to get them back or am I on a loser. Also does anybody know of a way to transfer covid 19 to the evil bastards that do this.

You have one hope and one hope only. Inspect the files via a hex editor and see if they were actually encrypted https://www.hhdsoftware.com/free-hex-editor. Simply put, change the extension of one the files back to its original extension and see if it starts/plays. If its not working then it is pretty over.

Another thing you can do actually is researching whatever exactly hit you in case there were work arounds for that exact type of ransomware. Some use the same passwords to encrypt several PCs and those passwords may be shared somewhere.

I am very interested however to know, how did it exactly happen? Did you execute a program? or you on an older windows version ? did it happen after visiting a website? (if so don't link)

It got in to my D-link DNS-320, which I have since found out is venerable to attack, (nice of D-Link to let me know). The PC is safe, just trashed the nas which is headed for the bin. I'll give Hex editor a try but I have no idea what I'm doing, I'll let you know the outcome.

You may also want to look into Emsisofts free Ransomware Decrypting tools/service:

Not sure how you can get past step one since I'm guessing you didn't receive an email because it attacked your NAS? You can always contact Emsisoft directly with what you got.

Good luck!

1 Like

Thanks. From what I've read about Cr1ptT0r it's a hard one to crack and no one has come close yet. It seems do to a D-link fault in the firm ware, it could by-pass the nas password without me knowing until it's to late. What a lovely world we live in.

The backups were encrypted too?

All the files stored on the nas were encrypted, I had them copied on another remote drive, unfortunately I had not synced all our photos.