Open finepointcgi opened 8 months ago
Hi @finepointcgi Can you share your pdf file? We will try to help and see what might have happened. We sometimes see PDF files that were fully encrypted and not damaged by intermittent encryption, for example, the ransomware attacking group uses a full encryption algorithm, or it could be that the pdf is too small so the ransomware didn't have "enough" file to start encrypting in a partial way.
Summary
I have a .play PDF and it does not validate as a supported file. It was a valid file before it was encrypted with the play malware.