Question
Issue: How to recover files encrypted by Meds ransomware?
Hello, I have been recently affected by malware. Meds ransomware encrypted my important files and now, I cannot recover them since STOP decrypter is not working for those never Djvu versions. I lack in files backed up on external devices too, not all of them are up-to-date. Are there any methods besides data backups? Help me, please!
Solved Answer
When people encounter the cryptovirus attacks, the only question after that is how to recover files encrypted by ransomware, because this is the main symptom of the virus – encryption.[1] Meds ransomware is one of the most active right now because it belongs to a family called DJVU that recently changed the file encryption process to make the decryption tool useless on newer variants.
Unfortunately, in a few weeks, hackers released at least five new versions of the same malware. People are eager to know about other possibilities to recover files encrypted by Meds ransomware because the tool was very popular among victims online.
However, when it comes to this ransomware family, there is no easy way to remove the malware as well as to recover files encrypted by Meds ransomware. All the data gets marked using .meds file extension after encryption, and the needed information appears in the form of ransom note – _readme.txt file. The message itself and the name of that file remain unchanged for a while now.
Meds ransomware developers have other things to worry about so contact emails and other details are identical to all the versions since the spring of 2019.[2] This is the ransomware-type virus because developers demand payment for alleged file recovery. Do not trust them, though.
Files encrypted by Meds ransomware are not going to be recovered if you pay. It is more likely that crypto-extortionists will disappear without restoring your data after that because they need your money. Criminals like that target big businesses and other larger companies to gain more from one victim because their goal is to get money.[3]
Makes sure that the system is virus-free before you recover files encrypted by Meds ransomware
Any file recovery cannot be attempted on the infected system because ransomware can detect restored files and encrypt them too or even encode all the files once again, what makes the decryption impossible forever. For the proper ransomware elimination, we recommend professional anti-malware tools, programs that can find, detect, and delete all sorts of cyber threats. A full system scan ensures a proper Meds virus removal. Then you can check for possible traces of malware with FortectMac Washing Machine X9 or a similar program. This tool also repairs needed system files that get affected by the threat.
Once that is done, possible solutions for encrypted files are backups stored on an external device or system features like System Restore that allows recovering the machine in a previous state when the virus was not active. Also, researchers release decryption tools for particular ransomware threats, but criminals are smart enough to update their encryption processes and make those tools again useless. This is what happened with STOP virus decryptor.
Meds ransomware can also leave a module on the system that steals personal information from browsers and other programs or modify the particular host file to prevent browsers from opening websites and forums that help victims with such malware. This is why you should:
- after checking and cleaning the PC, when it is confirmed that there are no malware traces, you need to replace all your passwords with more complex ones (at least 10 characters, including numbers, capital letters, signs).
- you need to reset or delete the modified host file, without it, all legitimate sites will be available to you. The needed path for that is: C:\\Windows\\System32\\drivers\\etc\\
Rely on Restore feature to recover to a previous state
- Go to Control Panel.
- Then System and Security.
- Find Backup and Restore and click Restore my files.
Try Data Recovery Pro for encoded files
- Download Data Recovery Pro software and install the program.
- Choose the hard disk that you want to scan for files in need for recovery.
- Start Scan.
- Recover to get your data back.
Try a security service and recover data
Security software provider offers a file recovery service for Djvu ransomware family threats. Unfortunately, this is not free and can help with specific types of data. Dr.Web decryption service can restore .pdf, .doc, .xls, .ppt and similar documents, but cannot help with audio or photo, video files. The help costs 150 euros for personal decryption and 2-year protection tool.
ShadowExplorer method fir Meds ransomware encrypted files
- Get ShadowExplorer and install the software.
- Select the particular drive where those files you want to recover are.
- Choose Export and choose the location to receive the data.
- Click OK and files should be restored.
Previous versions file recovery
- Locate to the directory that stores those files.
- Righ-click the file and choose Properties.
- Click Previous Versions. The list of available files will get displayed.
- From there you can:
View: View the file directly and then save it by clicking File> Save As.
Copy: Create a copy of the file in the same directory.
Restore: This option can restore the recovered file and replace the current file.
Recover files and other system components automatically
To recover your files and other system components, you can use free guides by ugetfix.com experts. However, if you feel that you are not experienced enough to implement the whole recovery process yourself, we recommend using recovery solutions listed below. We have tested each of these programs and their effectiveness for you, so all you need to do is to let these tools do all the work.
Access geo-restricted video content with a VPN
Private Internet Access is a VPN that can prevent your Internet Service Provider, the government, and third-parties from tracking your online and allow you to stay completely anonymous. The software provides dedicated servers for torrenting and streaming, ensuring optimal performance and not slowing you down. You can also bypass geo-restrictions and view such services as Netflix, BBC, Disney+, and other popular streaming services without limitations, regardless of where you are.
Don’t pay ransomware authors – use alternative data recovery options
Malware attacks, particularly ransomware, are by far the biggest danger to your pictures, videos, work, or school files. Since cybercriminals use a robust encryption algorithm to lock data, it can no longer be used until a ransom in bitcoin is paid. Instead of paying hackers, you should first try to use alternative recovery methods that could help you to retrieve at least some portion of the lost data. Otherwise, you could also lose your money, along with the files. One of the best tools that could restore at least some of the encrypted files – Data Recovery Pro.
Alice Woods is a security expert who specializes in cyber threat investigation and analysis. Her mission on Ugetfix - to share the knowledge and help users to protect their computers from malicious programs.
- ^ Encryption. Wikipedia. The free encyclopedia.
- ^ Francesco Bussoletti. A new ransomware is on the wild: Djvu. It spreads through fake cracks. Difesa&Sicurezza. Security defense.
- ^ Renee Dudley. The new target that enables ransomware hackers to paralyze dozens of town and businesses at once. Propublica. Journalism in the public interest.
