Project Description
A recent malware incident on our server has left several database files renamed with a “.p2k” extension and rendered unreadable. These files hold mission-critical operational data and, unfortunately, there are no usable backups to fall back on.
I need an experienced specialist who can:
• Analyse the infected samples, identify the exact encryption or packing method the malware used, and safely extract or reproduce any required keys.
• Restore every affected .p2k file to a fully functional database format that can be opened in its original application.
• Document the full recovery workflow so we can repeat the process should more files surface and so we can harden the environment against reinfection.
Acceptance criteria
• At least one damaged file is returned in its original, verified database structure for validation before the final batch is processed.
• A concise report details the malware family (if identifiable), the decryption technique, and any remaining risks.
• All restored databases pass integrity checks inside our production software with no data loss.
Typical toolsets might include IDA Pro, Ghidra, x64dbg, Volatility, or custom Python scripts—feel free to use whatever forensic or reverse-engineering stack you prefer, as long as the outcome meets the above criteria. Security and confidentiality are paramount; I can provide sample encrypted files and system logs in a controlled environment immediately after project start.