I want my files back!

Instructions

Pasted image 20220908153237

Solution

[https://metaproblems.com/a813fc7a6085f695ddb6ae1fd7658943/supercriticalfile.png.AA4-MX4-GGQD]

I ran strings on the file and saw the end was appended with '=GotAllDone'. files-back-1 I searched that in Google and saw it was most likely the Prometheus ransomware. Pasted image 20220908153319 I googled for prometheus decryptor and found a github tool: https://github.com/cycraft-corp/Prometheus-Decryptor

I downloaded the released version, not a git clone.

I first tried the command using the custom format instructions on the README since they specified PNG and everything there. It seemed to work? files-back-2 Opened the png with xdg-open from zsh, and the png image had the flag in it. Pasted image 20220908153419 Flag:

MetaCTF{how_did_the_hacker_escape_he_ransomware}

Next: Source Code Shipping