Ransomed files can sometimes be recovered

This article on InfoSec Handlers Diary Blog I found interesting in indicating that ransomed files can sometimes be recovered if you go to the right place ...

Ransomware & Entropy

Last time I helped out someone with ransomware over at the Bleeping Computer forums, I was able to recover the ransomed JPEG files.

A first look at the file with the file command did not help me:

file image.jpg.xxx\@yyy.zz
image.jpg.xxx@yyy.zz: data

Neither did a look at the header with a hex editor tell me much more.

But when I analyzed the file with one of my tools to calculate byte statistics (byte-stats.py), I noticed something:

[ ... ]

I'll let you read the details.