Distressing Ransomware Attack: Help Needed to Recover Encrypted Files
Recently, my teacher found himself in a troubling situation after downloading some PDF files from an unreliable website. Unfortunately, this led to his laptop being infiltrated by malicious software, which transformed all his files to have a “.nobu” extension. The Task Manager is now cluttered with suspicious programs, making the situation even more dire.
The Challenge at Hand
I quickly took action by running a malware removal tool, Malwarebytes, to combat the threat. However, my teacher does not have a backup of his important files, which means restoring the system to a previous state is not an option. This raises the big question: is there any way to remove the “.nobu” extension from his files? Any guidance or support would be greatly appreciated. I plan to share some images for reference if that would help.
Update on the Situation
As it turns out, some of the most critical files affected are Eagle files that my teacher uses for PCB design. Even more concerning, the associated program has been compromised and is no longer operational.
Attempts to Resolve the Issue
In my efforts to resolve this, I discovered that the encryption appears to rely on an online key. I also tried using Emsisoft’s decryption tool, but unfortunately, it did not yield any results.
Community Support
I want to express my gratitude to everyone who has reached out with assistance. My teacher was genuinely touched by the response he saw when I shared the situation on my phone. Initially, I hesitated to reveal his background since he holds an IT role on the side and teaches as a second job focused on electronics, C programming, and Arduino.
Visual Evidence
To provide some clarity, I’ve attached images that showcase what we’re dealing with. Since I had trouble capturing screenshots, I’ve used my phone to take pictures instead:
Moving Forward
I plan to explore various decryption software options before considering the drastic step of formatting the laptop. Thank you all once again for your help and support during this perplexing incident!
Share this content:
