Ransomware & Entropy: Your Turn

Published: 2015-10-30
Last Updated: 2015-10-31 09:49:40 UTC
by Didier Stevens (Version: 1)
1 comment(s)

A couple of people expressed interest in the ransomed files I recovered in my last diary entry.

I can not release those files, but I did create a similar file: ransomed-file.bin.

If you want to try to recover the picture in ransomed-file.bin, be aware that I released a new version of my byte-stats tool: byte-stats-V0_0_2.zip. It can find simple sequences and contains a man page now: run byte-stats.py -m to display the man page.

And if you manage to recover the jpeg file: let me know what you think this picture is ;-)


Didier Stevens
Microsoft MVP Consumer Security
blog.DidierStevens.com DidierStevensLabs.com
IT Security consultant at Contraste Europe.

Keywords: Ransomware
1 comment(s)


Looks like a thermal image of a laptop to me. 39C is pretty hot too (the highest temp, not the one shown, 37.4).

Tricky how you made it look more random and forced me to use -s. Had I not known this was a jpeg, I might have given up without trying -s. Oh well, that's call learning.

Diary Archives