The statements I have posted on this site are mine alone and do not necessarily reflect the views of Unisys
It took some time for me to convenience myself for writing this mini blog, as I am not planning to give much technical details which is already out there and there is no point me repeating same things, but as I found solution to the problem faced by many people as given in forum I thought I should do a small write-up around it.
I got involved in cracking CryptorBit when a friend of mine got affected by this. He had too many .PDF files that were corrupted by this. From blog and forum of bleepingcomputer.com, I found out that no one seems to have a fix to it. However, there is one thing in bleepingcomputer.com’s blog post that got my attention which is,
When CryptorBit modifies your files, it is actually not encrypting the entire file, but rather corrupting it by replacing the first 512 bytes of the file. What it appears to be doing is copying the first 512 bytes of the file's original file header, encrypting those bytes, and storing them at the end of the file. It will then create a different 512 byte header and replace the file's normal header with it. This effectively corrupts the file because a program that would normally open this type of file would see an unknown header and not be able to open it.
This means the files are not encrypted but they are just corrupted. Hence, there are chances that file repairing tools will be able to fix it. My quick google gave me names of few repairing tools. Out of three that I tried to fix .PDF files, the following two fixed the .PDF files for me:
Let me clearly state that by no means I am trying endorse these products or companies. It’s just that I tried them and they worked. You may try other tools which may work as well. Similarly, I tried fixing Word and Excel files too to get the same results. Hence, this logic can be applied to various other file types as well.
Happy CryptorBit Cracking..
Disclaimer: Ofcourse I am no way responsible for any (positive/negative) outcome that can occur by using any of the applications mentioned here, each one needs to take due care before buying and/or using these applications.
As per comment by decrypterfixer in bleepingcomputer.com’s forum there are some variants of this ransomware that doesn’t corrupt the file this way in which case these tools might not help. But I am yet to see something like that, but even then it is recommended to first try demo version of repair softwares and purchase them only when the output of it is satisfactory.