Solved

Crypto Locker Advice

Posted on 2013-10-25
6
846 Views
Last Modified: 2013-11-22
Hi all,

A machine has been infected by the crypto locker virus.

Now I have read up on an dunderstand how this virus works.

Unfortunately there are quite a few files on this machine required, and no backup on the shadow volume.

Now my question is has anyone made the payment and does it work? (I have read reports it does).

I have installed malware bytes which is now detecting and blocking an outgoing port (1803 if it helps).

If we are to pay the 300 USD dollars, will i need to disable malwarebytes whilst we do this?

Also i have read that the servers contaiing the eys have been taken out? is this the case so will it be impossible to recover?

Thanks in advance.

Matt.
0
Comment
Question by:flynny
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 24

Expert Comment

by:aadih
ID: 39600181
Read the following article, "CryptoLocker: A particularly pernicious virusplease":

http://windowssecrets.com/top-story/cryptolocker-a-particularly-pernicious-virus/ >

Excerpt:

"Some users have paid the ransom and, surprisingly, were given the keys to their data. (Not completely surprising; returning encrypted files to their owners might encourage others to pay the ransom.) This is, obviously, a risky option. But if it’s the only way you might get your data restored, use a prepaid debit card — not your personal credit card. You don’t want to add the insult of identity theft to the injury of data loss."

[Note: Italics added]
0
 
LVL 5

Accepted Solution

by:
mebaby333 earned 167 total points
ID: 39600380
The difficult part is that in your position do you feel you have a choice? Most people will say out of the principal of the matter don't pay yet if your position deems it necessary then you do what you need to do.

I have read articles that express that the server that receives the payment is down and has been since September and also articles that state it will decrypt . Yet somehow the dangers or risk of injustice is not lessened whether you pay it or not.

reference to additional articles....

http://community.spiceworks.com/topic/381787-crypto-locker-making-the-rounds-beware
0
 
LVL 15

Assisted Solution

by:Giovanni Heward
Giovanni Heward earned 167 total points
ID: 39606463
0
[Live Webinar] The Cloud Skills Gap

As Cloud technologies come of age, business leaders grapple with the impact it has on their team's skills and the gap associated with the use of a cloud platform.

Join experts from 451 Research and Concerto Cloud Services on July 27th where we will examine fact and fiction.

 
LVL 15

Expert Comment

by:Giovanni Heward
ID: 39606484
See my comments here as to why it's unlikely a decryption tool will be made available in your lifetime:

http://www.experts-exchange.com/Virus_and_Spyware/Anti-Virus/Q_28269083.html#a39578512
0
 

Assisted Solution

by:eddie-f
eddie-f earned 166 total points
ID: 39607452
I Have found this to be the best information on the Cryptolocker virus.

Cryptolocker Ransomware Information Guide and FAQ


or you can read the 90+ pages from the forum here


Hope this helps.
Edd
0
 

Author Comment

by:flynny
ID: 39608817
Many thanks for all ther advice guys.

In the end we just removed and luckily most of the files had been backed up.

thanks again.
0

Featured Post

MS Dynamics Made Instantly Simpler

Make Your Microsoft Dynamics Investment Count  & Drastically Decrease Training Time by Providing Intuitive Step-By-Step WalkThru Tutorials.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

These are on the increase and getting more common these days. Users who use the Google search engine may complain of having their search redirected to unwanted sites, regardless of what browser is used. This happens when the system is infected with…
I recently had to create a utility which aim is to update McAfee's Virusscan and that had to be launched from a command line. I thought I’d share my experience with you. Why is it useful to be able to update an Antivirus from the command line?…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question