Our analyst Dimiter Andonov has developed a tool to decrypt files encrypted by Data Doctor 2010 that at least one blog reader found very useful:
george
Can vipre recover mp3 and jpg files that were encrypted by this very annoying ransomware?
Today, 5:11:00 AM
[This user is an administrator] Tom Kelchner
Hi George.
We have a tool available to do just that. Go to:
http://www.sunbeltsecurity.com/DownLoads.aspx
Today, 11:16:12 AM
george
You are the best! It’s working great…just to find a way to make a batch out of it for the thousands of files that need it.
THANKS
Today, 2:11:33 PM
How to use dd2010_decrypter.exe to do batch processing:
1. Place the encrypted files in a directory (i.e. c:encrypted_files)
2. Copy dd2010_decrypter.exe into another directory and FROM THAT DIRECTORY, run the following command:
for %f in (“c:encrypted_files*.*”) do dd2010_decrypter.exe %f %f.decrypted
All files in the encrypted_files folder will be processed and the new decrypted files will have the same name but their extension will be ā.decrypted.ā
CAUTION: be sure you put ONLY files that are to be decrypted into the target directory before you run dd2010_decrypter.exe
Our Dec. 18 blog post Data Doctor 2010 will make you sick
Thanks Dimiter.
Update 01/07:
We’ve just posted a page with detailed directions for using the Data Doctor 2010 file decrypter:
http://www.sunbeltsecurity.com/DownLoads.aspx
Update 01/08:
Our good friends at F-Secure have posted a very good, detailed analysis of Data Doctor 2010. It can be found at: http://www.f-secure.com/weblog/archives/00001850.html
Tom Kelchner