Quick question for anyone with any good knowledge regarding ransomware or if they can point me in a forum to post my question:
I was hit with a ransomware, I notice that my HDD with 2TB files encrypted. I notice that many large files like the the hundreds MB to several GB has the same date/time stamp. Which make me think that the ransomware i got hit with likely make only small changes to the most critical portion(s) of the file? I am thinking it has to be some very small quick critical changes because how else it could encrypt a whole directory with many many GB size files within a very short time rather actually making extensive changes to the whole file which would require much more time for GB size files?
I do have good prior copy of several files that was encrypted. So I am wondering if it's possible that a bit analysis of the good copy compared to the encrypted copy can shed some light on if it's possible to reverse the encryption somehow? Or maybe i am too naive? lol...
I was hit with a ransomware, I notice that my HDD with 2TB files encrypted. I notice that many large files like the the hundreds MB to several GB has the same date/time stamp. Which make me think that the ransomware i got hit with likely make only small changes to the most critical portion(s) of the file? I am thinking it has to be some very small quick critical changes because how else it could encrypt a whole directory with many many GB size files within a very short time rather actually making extensive changes to the whole file which would require much more time for GB size files?
I do have good prior copy of several files that was encrypted. So I am wondering if it's possible that a bit analysis of the good copy compared to the encrypted copy can shed some light on if it's possible to reverse the encryption somehow? Or maybe i am too naive? lol...