With the enhancement of Internet, the attack of ransomware is growing rapidly. The ransomware attack means you no longer have access to your System or stored files unless you pay the huge amount of ransom money or another way to decrypt them. But recently, an effective tool has been created by most popular security researcher Michael Gillespie named as CryptoSearch that allows the System user to move their encrypted files to a new location.
Dubbed as CryptoSearch, it identifies the files which encrypted by various type of ransomware families and provides the System user with an option to move or copy the files to a new location in hope that decrypter can recover the locked files. This tool acts as a recovery and cleaning utility for Systems that have been infected with undecryptable ransomware strains.
It is really impossible for System users to recover their locked files, so it is better to move all encrypted data to a backup drive and wait until experts find a way to break the encryption. CryptoSearch comes to help you by automating search process and movement of these files to new location. On the completion of this operation. System owners have a backup of encrypted data and they can clean their PC by removing affected files or wiping the hard drive and reinstalling the Operating System.
CryptoSearch works together with ID Ransomware service which means that you have to be online when executing this application. According to the researcher, this app will query the ID Ransomware service to retrieve needed data and to identify the type of ransomware that has locked the user’s Computer.
This app uses the database to search the local file System, detect the ransomware infection and then find all locked files. Once CryptoSearch successfully identified all types of files, the user is prompted via the menu and asked if he wants to copy or move files and then asked where to relocate encrypted data. It is really very smart to transfer files by keeping the initial folder structure.
Currently, CryptoSearch is in a beta stage which means that the more features of this app will arrive in the future. Currently, it featured with an ‘offline mode’ that includes static copies of ID Ransomware database so that this app can be easily used on Systems that not connected to the Internet. It is really a very standard practice in the case of ransomware infections in order to isolate Systems by taking them offline.