I have 2 different images, one original, and one locked by a malware detected by eset as "Win32/Filecoder.Q".
How to detect the encryption method that is used and the key, that is not using any public key/rsa/rc4 algorithm. There is diff:
If needed I can attached files (locked and original).
Filecoder.Q ransomware used one of three encryption algorithms: XOR ,Tiny Encryption Algorithm(TEA) and AES,but this ransomware does not encrypt beginning of the files so in your picture beginning of original and locked file are equal.if this ransomware uses XOR Algorithm then you can decrypt locked file with XORing original file and locked file(key Extraction) else if it uses TEA Algorithm then decryption of file is hard(but possible),but decryption of file when it uses AES is impossible.