Select Page

Our analyst Dimiter Andonov has developed a tool to decrypt files encrypted by Data Doctor 2010 that at least one blog reader found very useful:

george
Can vipre recover mp3 and jpg files that were encrypted by this very annoying ransomware?
Today, 5:11:00 AM

[This user is an administrator] Tom Kelchner
Hi George.

We have a tool available to do just that. Go to:
http://www.sunbeltsecurity.com/DownLoads.aspx

Today, 11:16:12 AM

george
You are the best! It’s working great…just to find a way to make a batch out of it for the thousands of files that need it.
THANKS
Today, 2:11:33 PM

How to use dd2010_decrypter.exe to do batch processing:

1. Place the encrypted files in a directory (i.e. c:encrypted_files)

2. Copy dd2010_decrypter.exe into another directory and FROM THAT DIRECTORY, run the following command:

for %f in (“c:encrypted_files*.*”) do dd2010_decrypter.exe %f %f.decrypted

All files in the encrypted_files folder will be processed and the new decrypted files will have the same name but their extension will be ā€œ.decrypted.ā€

CAUTION: be sure you put ONLY files that are to be decrypted into the target directory before you run dd2010_decrypter.exe

Our Dec. 18 blog post Data Doctor 2010 will make you sick

Thanks Dimiter.

Update 01/07:

We’ve just posted a page with detailed directions for using the Data Doctor 2010 file decrypter:

http://www.sunbeltsecurity.com/DownLoads.aspx

Update 01/08:

Our good friends at F-Secure have posted a very good, detailed analysis of Data Doctor 2010. It can be found at: http://www.f-secure.com/weblog/archives/00001850.html

Tom Kelchner