PDFs don't seem to be supported

cyberark / White-Phoenix

A tool to recover content from files encrypted with intermittent encryption

Apache License 2.0

212 stars 28 forks source link

PDFs don't seem to be supported #9

Open finepointcgi opened 8 months ago

finepointcgi commented 8 months ago

Summary

I have a .play PDF and it does not validate as a supported file. It was a valid file before it was encrypted with the play malware.

Hechtov commented 3 months ago

Hi @finepointcgi Can you share your pdf file? We will try to help and see what might have happened. We sometimes see PDF files that were fully encrypted and not damaged by intermittent encryption, for example, the ransomware attacking group uses a full encryption algorithm, or it could be that the pdf is too small so the ransomware didn't have "enough" file to start encrypting in a partial way.