These set of tools help you with recovering ransomware effects files from Box. These tools implement suggestions from this Box article
Pre-requisites Python >= 3.8
- Install Box python SDK
% pip3 install -r requirements.txt- Create a Box OAuth application, as described here
- create env.sh file with following info
export BOX_CLIENT_ID='XXXXX Fill from above step XXX'
export BOX_CLIENT_SECRET='XXXXX Fill from above step XXX'
- run env.sh in local shell
% source env.sh
Tools
- box-get-enc-files.py
% python3 box-get-enc-files.py -h
usage: box-get-enc-files.py [-h] [-t] [-d FOLDER_ID [FOLDER_ID ...]] [-r RANSOMWARE_EXT]
Get details on files in folders hit with ransomware.
optional arguments:
-h, --help show this help message and exit
-t, --test tests the oauth connection to Box servers
-d FOLDER_ID [FOLDER_ID ...], --folder_id FOLDER_ID [FOLDER_ID ...]
folder ID(s) to work on
-r RANSOMWARE_EXT, --ransomware_ext RANSOMWARE_EXT
ransomware file extension, default is deadbolt- box-ransomeware-recovery.py
% python3 box-ransomware-recovery.py -h
usage: box-ransomeware-recovery.py [-h] [-t] [-d FOLDER_ID [FOLDER_ID ...]]
[-r RANSOMWARE_EXT]
recover files in folders hit with ransomware.
optional arguments:
-h, --help show this help message and exit
-t, --test tests the oauth connection to Box servers
-d FOLDER_ID [FOLDER_ID ...], --folder_id FOLDER_ID [FOLDER_ID ...]
folder ID(s) to work on
-r RANSOMWARE_EXT, --ransomware_ext RANSOMWARE_EXT
ransomware file extension, default is deadbolt- box-rename-file.py
% python3 box-rename-file.py -h
usage: box-rename-file.py [-h] [-t] -f FILE_ID -r RENAME
rename a specific file-id to a desired name, as box does not allow clean UI re-naming.
optional arguments:
-h, --help show this help message and exit
-t, --test tests the oauth connection to Box servers
-f FILE_ID, --file-id FILE_ID
file id to rename
-r RENAME, --rename RENAME
file name to rename to