4

I had a ransomware attack and all files were encrypted.

The encryption added a suffix to all the files after the extension for example 123.jpg became 123.jpg.[xyz@gmail].xyz

I got the key and decrypted the files.

The key looks for the suffix and the encryption key in the file to unlock it. Once decrypted the suffix comes off.

The problem is some files were encrypted twice, so I need to run the key a second time but since they don't have the suffix the key does not work.

I need to go and add the [xyz@gmail].xyz to all the files regardless of their extension so I can run the key a second time.

Vomit IT - Chunky Mess Style
  • 42,624
LabMan
  • 43

2 Answers2

2

Run the below command in PowerShell

Get-ChildItem -File -Recurse | ForEach-Object `
   { Rename-Item $_.FullName $($_.BaseName + ".[xyz@gmail].xyz") -WhatIf }

The -WhatIf option is to do a dry run. After checking that the new names are correct, just remove -WhatIf to do the real rename. The equivalent shortened version is

ls -Fi -R | % { ren $_.FullName $($_.BaseName + ".[xyz@gmail].xyz") -wi }
phuclv
  • 30,396
  • 15
  • 136
  • 260
0

One of the FREE top 5 Windows utilities I use is called "Bulk Rename Utility". You have the option of selecting one or more files and can also do high powered regex search and replace. It can be downloaded from https://www.bulkrenameutility.co.uk/

It looks daunting at first, but you will quickly understand how it works and you can quickly do very simple tasks, or if needed extremely complex ones too. It is truly FREE. No trials, nag screens or crippled ware. The full functioning program is FREE.

enter image description here

jwzumwalt
  • 295