Decryption Script for Powershell Ransomware fed from 21e1a87bd0418381a1bc8df088ee5c91
PowerShell
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
README.md
poshcrypt_decrypt.ps1

README.md

poshcrypt_decrypt

Decryption Script for Powershell Ransomware fed from 21e1a87bd0418381a1bc8df088ee5c91.

Modified to allow arbitrary salt via cmd line (ref change in 9fe45fc4c402932248cd2c26b65f883d)

Decrypt script for flawed encryptor 'ransomware' powershell script being delivered by the above CHM. For details (including how to identify salt value) see: http://blog.malwareclipboard.com/2015/09/how-to-fail-at-ransomware.html

Usage: Powershell.exe -ExecutionPolicy Bypass -file poshcrypt_decrypt.ps1 -filename <encrypted_file> -origsalt <salt from encrypt/ransom script>