Solved

Crypto Locker Advice

Posted on 2013-10-25
6
835 Views
Last Modified: 2013-11-22
Hi all,

A machine has been infected by the crypto locker virus.

Now I have read up on an dunderstand how this virus works.

Unfortunately there are quite a few files on this machine required, and no backup on the shadow volume.

Now my question is has anyone made the payment and does it work? (I have read reports it does).

I have installed malware bytes which is now detecting and blocking an outgoing port (1803 if it helps).

If we are to pay the 300 USD dollars, will i need to disable malwarebytes whilst we do this?

Also i have read that the servers contaiing the eys have been taken out? is this the case so will it be impossible to recover?

Thanks in advance.

Matt.
0
Comment
Question by:flynny
6 Comments
 
LVL 24

Expert Comment

by:aadih
ID: 39600181
Read the following article, "CryptoLocker: A particularly pernicious virusplease":

http://windowssecrets.com/top-story/cryptolocker-a-particularly-pernicious-virus/ >

Excerpt:

"Some users have paid the ransom and, surprisingly, were given the keys to their data. (Not completely surprising; returning encrypted files to their owners might encourage others to pay the ransom.) This is, obviously, a risky option. But if it’s the only way you might get your data restored, use a prepaid debit card — not your personal credit card. You don’t want to add the insult of identity theft to the injury of data loss."

[Note: Italics added]
0
 
LVL 5

Accepted Solution

by:
mebaby333 earned 167 total points
ID: 39600380
The difficult part is that in your position do you feel you have a choice? Most people will say out of the principal of the matter don't pay yet if your position deems it necessary then you do what you need to do.

I have read articles that express that the server that receives the payment is down and has been since September and also articles that state it will decrypt . Yet somehow the dangers or risk of injustice is not lessened whether you pay it or not.

reference to additional articles....

http://community.spiceworks.com/topic/381787-crypto-locker-making-the-rounds-beware
0
 
LVL 14

Assisted Solution

by:Giovanni Heward
Giovanni Heward earned 167 total points
ID: 39606463
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 
LVL 14

Expert Comment

by:Giovanni Heward
ID: 39606484
See my comments here as to why it's unlikely a decryption tool will be made available in your lifetime:

http://www.experts-exchange.com/Virus_and_Spyware/Anti-Virus/Q_28269083.html#a39578512
0
 

Assisted Solution

by:eddie-f
eddie-f earned 166 total points
ID: 39607452
I Have found this to be the best information on the Cryptolocker virus.

Cryptolocker Ransomware Information Guide and FAQ


or you can read the 90+ pages from the forum here


Hope this helps.
Edd
0
 

Author Comment

by:flynny
ID: 39608817
Many thanks for all ther advice guys.

In the end we just removed and luckily most of the files had been backed up.

thanks again.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Zepto Ransomware - Decrypt/Restore files 5 253
Is CCleaner a virus?  Do you use CCleaner? 18 272
We got ransomware on the server fileserver 2012 17 147
EICAR File 5 67
PREFACE The purpose of this guide is to explain what the SEPC Status Utility is and how it works. I have written the utility using AutoIt and have included the source code for your review. You are welcome to modify the code to your liking, but I wi…
UPDATE - 6/15/2011 Added support for Release Update 6 Maintenance Patch 2 Point Patch 1 (RU6 MP2 PP1). Fixed a defect in the username field that was hard-coded to look for a specific domain (left over code from testing). This release will be the …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question