Solved! File extension error

Dec 5, 2018
3
0
10
Hi, I am a windows 10 user and I am lately facing a problem with my few pdf files which seems to have automatically changed its extensions to ".NJFITAVTX" in addition to .pdf

For Ex: "xxyyzz.pdf" got changed to "xxyyzz.pdf.NJFITAVTX"

I am unable to open those pdf files and I also found a NJFITAVTX-DECRYPT.txt file in that same folder

I tried renaming the file to .pdf yet the file says corrupted while opening.

So, could I use read my pdf normally again by removing this extension and yet read the file at the same time

Couldn''t find any similar problems anywhere on the net, so please let me know if there is a solution to this

Thanks
 
Solution
Depends on if the encryption key was made public / reverse engineered, leaked...etc by anti-virus vendors. If so, they might be able to be decrypted. Otherwise, they files are lost forever unless you have a backup of them.

I recommend installing Bitdefender AV and performing a full scan. Oh, and cross your fingers.

stdragon

Proper
Apr 5, 2018
94
0
160
Depends on if the encryption key was made public / reverse engineered, leaked...etc by anti-virus vendors. If so, they might be able to be decrypted. Otherwise, they files are lost forever unless you have a backup of them.

I recommend installing Bitdefender AV and performing a full scan. Oh, and cross your fingers.
 
Solution

stdragon

Proper
Apr 5, 2018
94
0
160
Most ransomware don't install rootkits unless aiming to completely hijack the OS with a ransom message and instructions upon boot. But for the majority, they run from a browser and execute remaining only in RAM. None of the binaries of the malware stay on the system so as to explicitly prevent reverse engineering. Many of the ransomware kits in fact look to see if it's running on a VM and terminate; again, to prevent reverse engineering.

Simply rebooting the machine will terminate the ransomware process, but that still leaves the files encrypted. And just because the file hasn't been renamed yet doesn't mean the files haven't been encrypted too. There is an order to the process so as to provide little identification of the damage until the very end...by design. They go so far as to whack all VSS copies, external drives and all enumerated volumes, and even trigger after-hours or low activity so it has time to silently grind away at the data before being interrupted.

TLDR; Ransomware is ENGINEERED to destroy data. Entire suites of the "platform" are sold on the dark web. Coded by some of the best programmers in the world.

 

USAFRet

Illustrious
Moderator
^^^^
Yep.

Unless there is an already published decryption routine for that specific ransomware variant, you have two options:

1. Recover from the backup you made before this happened.
2. Accept the total loss of your data, and start over.
 

TRENDING THREADS