Simple Ransomware ProtectionBy Dag, on January 16th, 2017
Download the script HERE and run it as administrator.
@ECHO OFF MODE CON:COLS=50 LINES=10 TITLE Simple Ransomware Protection COLOR 17 ECHO Attempting to relate .js, .jse files to notepad. assoc .js=jsfile >nul assoc .jse=jsfile2 >nul ftype jsfile="%windir%\system32\notepad.exe" %1 >nul ftype jsfile2="%windir%\system32\notepad.exe" %1 >nul ECHO Done. ECHO. ECHO Will now try to open a test .js file. ECHO If it opens in notepad, .js ransomware scripts ECHO will as well without executing, making you safe. ECHO. PAUSE ECHO Starting test.js start %~dp0\test.js ECHO. ECHO If it asks you what program you want to open ECHO with, choose notepad or another text editor. ECHO If you or another user of your computer opens ECHO a ransomware file, WSO (Windows Scripting Host) ECHO will no longer open it by default. WIN! ECHO. PAUSE
Should be opened in notepad when clicked after running protection script.
If you have been unlucky and have already been infected, there's a company named Dr. Web that may help you for ~150 EUR with their rescue pack. I've tested it twice on clients willing to pay, and it has worked painlessly. It's roughly half price of what hackers usually demand. It's only an .exe file and the decryption key. I created the below script to use it.
@ECHO OFF MODE CON:COLS=100 LINES=50 TITLE Dr.Web Decryption and Cleanup Script by Thronic.com COLOR 17 ECHO. ECHO Dr.Web Decryption and Cleanup Script ECHO ==================================== ECHO (C)2017 Dag J Nedrelid - Thronic.com ECHO. SET CRYPTED_FILES_PATH=C:\ echo Have you configured the correct folder path? (%CRYPTED_FILES_PATH%). PAUSE te225decrypt.exe -path "%CRYPTED_FILES_PATH%" echo. echo CLOSE THE WINDOW NOW IF DECRYPTION WAS UN-SUCCESSFUL! echo Otherwise, press enter to clean up the encrypted files in %CRYPTED_FILES_PATH%. PAUSE dir "%CRYPTED_FILES_PATH%" /s /b | findstr \.[a-z][a-z][a-z][a-z][a-z][a-z]$ | FOR /f "tokens=*" %%F IN ('more') DO del "%%F" dir "%CRYPTED_FILES_PATH%" /s /b | findstr GJENOPPRETTING_AV_FILER.* | FOR /f "tokens=*" %%F IN ('more') DO del "%%F" dir "%CRYPTED_FILES_PATH%" /s /b | findstr HOW_TO_RESTORE_FILES.* | FOR /f "tokens=*" %%F IN ('more') DO del "%%F" echo. echo Finished. PAUSE