Recursively add suffix after extension to all files in a directory

Question

I had a ransomware attack and all files were encrypted.

The encryption added a suffix to all the files after the extension for example 123.jpg became 123.jpg.[xyz@gmail].xyz

I got the key and decrypted the files.

The key looks for the suffix and the encryption key in the file to unlock it. Once decrypted the suffix comes off.

The problem is some files were encrypted twice, so I need to run the key a second time but since they don't have the suffix the key does not work.

I need to go and add the [xyz@gmail].xyz to all the files regardless of their extension so I can run the key a second time.

Also, may I ask how you got the key? Did you have to pay the ransom for it or did they use a form of encryption where the decryption or private key or whatever was stored locally? — Vomit IT - Chunky Mess Style, Dec 09 '19 at 02:46
Yes I paid. The attack was on windows 7 and NAS attached to the network. Now I am on windows 10 — LabMan, Dec 10 '19 at 07:51

phuclv · Accepted Answer · 2021-02-22T16:19:18.477

2

Run the below command in PowerShell

Get-ChildItem -File -Recurse | ForEach-Object `
   { Rename-Item $_.FullName $($_.BaseName + ".[xyz@gmail].xyz") -WhatIf }

The -WhatIf option is to do a dry run. After checking that the new names are correct, just remove -WhatIf to do the real rename. The equivalent shortened version is

ls -Fi -R | % { ren $_.FullName $($_.BaseName + ".[xyz@gmail].xyz") -wi }

edited Feb 22 '21 at 16:19

answered Dec 10 '19 at 13:05

phuclv

26,555
15
113
235

Thanks. It worked! Been busy recovering to thank you earlier :) – LabMan Dec 22 '19 at 15:26

jwzumwalt · Answer 2 · 2019-12-13T02:43:36.753

0

One of the FREE top 5 Windows utilities I use is called "Bulk Rename Utility". You have the option of selecting one or more files and can also do high powered regex search and replace. It can be downloaded from https://www.bulkrenameutility.co.uk/

It looks daunting at first, but you will quickly understand how it works and you can quickly do very simple tasks, or if needed extremely complex ones too. It is truly FREE. No trials, nag screens or crippled ware. The full functioning program is FREE.

edited Dec 13 '19 at 02:43

answered Dec 13 '19 at 02:38

jwzumwalt

275
1
8

Thank you I tried that but it makes the change before the extension and not after for example if I add suffix abc to file xxxx.jpg, it becomes xxx.abc.jpg. I need to make it xxx.jpg.abc – LabMan Dec 22 '19 at 15:25
I don't have a windows machine in front of me at this moment but look at item 11 "extension". There is also a way for it to treat the extension inclusive in search and replace but I do not rember how I did that a few years ago. – jwzumwalt Dec 22 '19 at 19:11

Recursively add suffix after extension to all files in a directory

2 Answers2