A VSS-based restoration tool created specifically for restoring files encrypted by ransomware from Windows' Virtual Shadow Service
-
Updated
Jul 12, 2018 - Python
A VSS-based restoration tool created specifically for restoring files encrypted by ransomware from Windows' Virtual Shadow Service
Finds encryption keys in memory and decrypts files encrypted by Sodinokibi (REvil)
This repo is created to perform I/O Request Packet (IRP) driven ransomware analysis where the IRP logs were collected during ransomware execution.
Add a description, image, and links to the ransomware-mitigation topic page so that developers can more easily learn about it.
To associate your repository with the ransomware-mitigation topic, visit your repo's landing page and select "manage topics."