Darrell James
asked on
Help Cryptolocker virus
Hello fellow experts,
Yesterday my organization was hit with the cryptolocker virus despite our attempts to keep the network free of such nuisance, needless to say, it manage to do damage to a majority of our shared network files. We were successful in remove it from the infect computer, is there anyway to repair the damaged files?
So far I have tried Shadow Copy and that didn't work.
Any assistance or advice would be greatly appreciated.
Darrell
Yesterday my organization was hit with the cryptolocker virus despite our attempts to keep the network free of such nuisance, needless to say, it manage to do damage to a majority of our shared network files. We were successful in remove it from the infect computer, is there anyway to repair the damaged files?
So far I have tried Shadow Copy and that didn't work.
Any assistance or advice would be greatly appreciated.
Darrell
According to Malwarebytes unless you have a good backup that is not attached (thumb drive, network mapped drive, etc. are considered attached) you have very little chance of recovery.
Even if you use something like Dropbox and remain connected all the time you may have lost your data.
http://blog.malwarebytes.org/intelligence/2013/10/cryptolocker-ransomware-what-you-need-to-know/
Even if you use something like Dropbox and remain connected all the time you may have lost your data.
http://blog.malwarebytes.org/intelligence/2013/10/cryptolocker-ransomware-what-you-need-to-know/
ASKER
Yeah I think I am screwed, anyone got the link to just pay it? We removed the virus so the pop up window is gone.
All my clients have had to restore effected files from backups
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks buddy, tried the f2d2v7soksbskekh.onion/ URL and it just results in a search page, I think that site might be down now.
tried the f2d2v7soksbskekh.onion/ URL and it just results in a search page, I think that site might be down now.
Did you use the Tor software? You can't see nor connect without it.
ASKER
Opps, didn't realize I had to download the Tor browser, trying now.
ASKER
Thanks for the information, this is very helpful.
Long story short, long term preventative solutions for this (and the majority of malware in general) would be the following approach:
1. FireEye
2. Invincea
3. EMET
4. OpenDNS
Poor man's approach would be to create a virtual DMZ at the endpoint. This could be done via VirtualBox by creating an isolated and dedicated VM for interacting with the Internet and Internet based downloads. When the VM is infected or compromised, simply revert the VM image back to a clean state.
And of course. Backup! Backup! Backup! :o)
1. FireEye
2. Invincea
3. EMET
4. OpenDNS
The core of the FireEye platform is the patented Multi-Vector Virtual Execution (MVX) engine, which provides dynamic, real-time analysis of advanced malware. The MVX engine captures and confirms zero-day and targeted advanced persistent threat (APT) attacks by detonating suspicious files, Web objects, and email attachments within instrumented virtual machine environments.
Poor man's approach would be to create a virtual DMZ at the endpoint. This could be done via VirtualBox by creating an isolated and dedicated VM for interacting with the Internet and Internet based downloads. When the VM is infected or compromised, simply revert the VM image back to a clean state.
And of course. Backup! Backup! Backup! :o)
http://www.majorgeeks.com/files/details/system_restore_explorer.html