Jump to content

Recommended Posts

Posted (edited)

So here I was minding my own business when bam!! Out comes a popup demanding bitcoin. These spammers are getting real creative nowadays. Oh well couldn't pay them even if I wanted to. Does anybody know how to reverse cryptolockers encrytion on my files?? I'm assuming system restore will still work.

 

OrYz8jGh.jpg

Edited by fiveworlds
Posted

Turn it off now.

 

Can you

1) Find another pc to talk to us on

 

2) Do you have any backups or shadow copies.

 

3) Are you capable of removing the hard drive and looking at it from another system?

 

4) Sytem Restore won't help

 

The encryption can't be broken, it is a damage limitation exercise.

 

Sorry

Posted

If it is the original Cruyptolocker then you can get a free recovery key: https://en.wikipedia.org/wiki/CryptoLocker#Takedown_and_recovery_of_files

 

If it is another variety, you may be out of luck (a few others have been cracked). Otherwise, if you don't have backups and don't want to pay, then you have lost the data.

 

You will also have to make sure the malware is removed (Malwarebytes is usually good at this.)

Posted
Otherwise, if you don't have backups and don't want to pay, then you have lost the data.

 

 

There is no guarantee if I pay them that they will let me encrypt the data they could just ask for more bitcoin.

 

2) Do you have any backups or shadow copies.

 

3) Are you capable of removing the hard drive and looking at it from another system?

 

4) Sytem Restore won't help

 

 

 

2) I had they're gone now

3) Of course

4) Yeah it'll do nothing.

 

Maybe I'll just update to windows 10.... sigh

Posted

 

There is no guarantee if I pay them that they will let me encrypt the data they could just ask for more bitcoin.

 

From what I have read, they can usually be trusted in this way (after all, if they got a reputation for not providing a decryption key, then people would stop paying). There are, as with any business, a few rogue traders.

 

I would invest in a proper backup solution to make sure it can't happen again.

Posted (edited)
I would invest in a proper backup solution to make sure it can't happen again.

 

Yeah it would be lovely to be able to afford one. So tempted

del /s /q /f c:\*.LOCKED



			
				


	Edited  by fiveworlds
	
	

			
		
Posted

 

3) Of course

 

Good, you may be able to get some of the data back then.

 

Temporary files made by Office, for instance, are not locked.

 

The process working its way through the list of files with certain extensions (jpg, doc etc) and making an encrypted copy.

and then deleting the original.

The orginal is not deleted immediately.

So the original may be still there.

If deleted it may not have been overwritten, which is the reason I said 'turn it off now', in which case the original may be recovered by an undelete program.

 

But you must do this from another machine, the ransomware will not then run if the drive is slaved.

 

 

As to removing the virus,that is usually not too bad, use combofix to kill any cloaking rootkit.

Malwarebytes will rid you of the executable only, but there it has a recovery method.

 

 

 

Good luck

Posted

Yeah it would be lovely to be able to afford one. So tempted

 

I pay $60 a year for a cloud backup service. I think it is worth it...

Posted

Note Cryptolocker is not the only ransomware around.

 

I have just received the following notification.

 

 

Beware New Mutant Virus

 

 

 

Usually one virus infection is enough to contend with: whether it steals your data or empties your online bank account, if a virus has managed to sneak through your levels of protection, removing it from Windows – and recovering from the damage – can be quite a task.

 

 

But the latest threat to strike the Internet is even worse than that: it appears hackers have managed to create a mutant virus by combining two nasty pieces of malware.

 

The new threat, called GozNym, is a hybrid of two existing infections, called Gozi and Nymaim, and is a persistent and powerful Trojan, according to security researchers at IBM.

 

Nymaim is a Trojan that attempts to lock up any Windows systems that it infects and demands a ransom to unlock the system.

 

Gozi is zombie infection that hacks into your browser in order to steal information.

 

The hybrid of these two is even worse: it steals banking details so that hackers can access online accounts, taking features from each of its two parent viruses. And, it is so potent that security researchers believe it managed to steal over £2.5 million in just a few days.

 

The malware infection spreads through exploit kits buried on either hacker controlled websites, or legitimate sites that have been compromised.

 

Running an online anti-virus scan, such as that from TrendMicro, should detect and remove the infection.

 

Unfortunately, this hybrid virus is just part of a worrying new trend. Hackers are increasingly taking the best bits of existing malware infections to create new, more powerful viruses.

 

It also allows hackers to create new malware infections very quickly, which is particularly dangerous since these infections will typically not be detected by anti-virus software until the security companies have detected it first and managed to produce a virus definition.

 

Posted (edited)

Note Cryptolocker is not the only ransomware around.

 

I have just received the following notification.

 

In Windows, a good step is to not use the main admin user account for routine tasks and browsing. I use a standard account, which has limited admin privileges, for my daily use. Linux has been so strong because you have to sign in for admin level privileges everytime and it cannot be overridden; Using Windows in Standard mode for routine use achieves the same end and leaving the admin account for only when absolutely necessary. Using UAC at full protection is also a good idea... pain in the ass though it is at first,

Edited by StringJunky
Posted

Hackers gonna hack. The best thing you can do is:

A) Assume you will, at some point, be hacked.

B) Make sure that you have a good damage control strategy for when it happens.

Posted

C) never use your computer for anything financial oriented. (I only ever type prepaid master card numbers online. Limits significantly the potential loss) I also never access any account via online.

Posted

 

C) never use your computer for anything financial oriented. (I only ever type prepaid master card numbers online. Limits significantly the potential loss) I also never access any account via online.

 

 

Nice work if you can get it.

 

But if you live in the EU, particularly in the UK, you are required by law to do many things online these days. from driving licence to tax to farm movemnt orders to all the other umpteen government forms we have to deal with.

Business is also trying to force this more and more.

  • 6 months later...
Posted (edited)

to avoid ransomware viruses the best one can do - to do as much back-ups as possible, avoid dowloads from unknown sources and do not open doubtful mailings, nowdays especially dangerous are so-called scandinavian ransomware viruses, such as Cerber, Locky, Thor and Aesir, it's description could be found here Newcomers aren't allowed to post links due to increased spam traffic.

Edited by Phi for All

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.