Solved

Crypto Locker Advice

Posted on 2013-10-25
6
827 Views
Last Modified: 2013-11-22
Hi all,

A machine has been infected by the crypto locker virus.

Now I have read up on an dunderstand how this virus works.

Unfortunately there are quite a few files on this machine required, and no backup on the shadow volume.

Now my question is has anyone made the payment and does it work? (I have read reports it does).

I have installed malware bytes which is now detecting and blocking an outgoing port (1803 if it helps).

If we are to pay the 300 USD dollars, will i need to disable malwarebytes whilst we do this?

Also i have read that the servers contaiing the eys have been taken out? is this the case so will it be impossible to recover?

Thanks in advance.

Matt.
0
Comment
Question by:flynny
6 Comments
 
LVL 24

Expert Comment

by:aadih
ID: 39600181
Read the following article, "CryptoLocker: A particularly pernicious virusplease":

< http://windowssecrets.com/top-story/cryptolocker-a-particularly-pernicious-virus/ >

Excerpt:

"Some users have paid the ransom and, surprisingly, were given the keys to their data. (Not completely surprising; returning encrypted files to their owners might encourage others to pay the ransom.) This is, obviously, a risky option. But if it’s the only way you might get your data restored, use a prepaid debit card — not your personal credit card. You don’t want to add the insult of identity theft to the injury of data loss."

[Note: Italics added]
0
 
LVL 5

Accepted Solution

by:
mebaby333 earned 167 total points
ID: 39600380
The difficult part is that in your position do you feel you have a choice? Most people will say out of the principal of the matter don't pay yet if your position deems it necessary then you do what you need to do.

I have read articles that express that the server that receives the payment is down and has been since September and also articles that state it will decrypt . Yet somehow the dangers or risk of injustice is not lessened whether you pay it or not.

reference to additional articles....

http://community.spiceworks.com/topic/381787-crypto-locker-making-the-rounds-beware
0
 
LVL 14

Assisted Solution

by:Giovanni Heward
Giovanni Heward earned 167 total points
ID: 39606463
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 14

Expert Comment

by:Giovanni Heward
ID: 39606484
See my comments here as to why it's unlikely a decryption tool will be made available in your lifetime:

http://www.experts-exchange.com/Virus_and_Spyware/Anti-Virus/Q_28269083.html#a39578512
0
 

Assisted Solution

by:eddie-f
eddie-f earned 166 total points
ID: 39607452
I Have found this to be the best information on the Cryptolocker virus.

Cryptolocker Ransomware Information Guide and FAQ


or you can read the 90+ pages from the forum here


Hope this helps.
Edd
0
 

Author Comment

by:flynny
ID: 39608817
Many thanks for all ther advice guys.

In the end we just removed and luckily most of the files had been backed up.

thanks again.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

By the time you finish reading this article, you may have already lost all your money because you don't know the simple steps to securing your BitCoin wallet. BitCoin is an incredible invention. It is a decentralized currency system, which is the…
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now