This project is read-only.
Project Description
This utility will FREE UP DRIVE SPACE as part of a recovery strategy from an extortionist 'Ransomware' file encryption attack that adds ".mp3" to the filename.

ABOUT Ransomware Cleanup Utility - Encrypted MP3 file Search and Delete

ANDERSON DIGITAL Pty Ltd provides this open source program under a Creative Commons license.

Warning: Anyone can compile this utility from the open source code and alter it for malicious purposes. By using it you are agreeing to its use ENTIRELY at your own risk.

This utility is intended only to FREE UP DRIVE SPACE as part of an effective recovery strategy from a extortionist 'Ransomware' style file encryption attack that renames your files to (typically) an MP3 file type. This addresses ransomware attempts to make normal bulk file deletion of encrypted files impractical and otherwise rendering the entire drive unsalvageable.

This utility CANNOT safely identify and remove an encrypted file without the original file (name) existing in the same folder. It is designed NOT to delete any encrypted files that you have NOT yet recovered from your backups.

First you MUST remove the ransomware from the infected computer and/or drive. Next, inspect/verify/test this program on a network isolated test computer to ensure you can trust it and fully understand what it does. Next recover your original files from backups into the ORIGINAL folders. Then and ONLY then, run this program (as often as needed) to remove the encrypted (*.MP3) files. This program effectively terminates any opportunity to recover the encrypted files from the extortionists or anyone else. NOTE: The program simply tests if the original recovered file NAME exists (ie minus the '.MP3') and no other validation is done or possible.

It is intended to ONLY permanently delete all the encrypted (*.MP3) files, and ONLY where an original and encrypted filename pair exists in the SAME folder, and to leave the corresponding recovered original files (having the original filename) and ALL other files COMPLETELY unaltered and untouched.

As this is a malware recovery program, beware of imitations or mimics that alter recovered files or do more than simply delete the encrypted ones. Only download this software from a trusted source.

Last edited Jun 5, 2016 at 11:39 AM by abunyip, version 4