Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 372
  • Last Modified:

Nasty Virus

Has anyone come accross a virus Trojan-Ransom.Win32.Agent what it has done is encypt all files and we have removed the virus but obviously the damage is done.

Backup unfortunally is not an option after an idiot has not been checking it.

Not sure if anyone has seen how to decrypt the files.
0
Alex Young
Asked:
Alex Young
1 Solution
 
David AtkinTechnical DirectorCommented:
Hello,

Unfortunately there isn't a way of decrypting the files that I am aware of without paying the fee.

I had one of these last week. Fortunately I had a backup and was able to remove the infected machine off the network and then restore the files.

Your options are:

1) Pay the fee and hope that it decrypts the files
2) Restore from a backup.

The following article is helpful at preventing this in the future:

http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information

Also, stress how important the backup is to the individual that was meant to be checking it.  I do strongly suggest applying the software restrictions policy's on PCs which is explained in the article.
0
 
aadihCommented:
As Scorpeo says: Without a backup you are out of luck. You may reinstall, but you will lose all your data. Sorry. :-(
0
 
Thomas Zucker-ScharffSystems AnalystCommented:
Check this out - I don't have experience with procedures but the article is good.

http://www.one-tab.com/page/qQd-mP19ROmXPpUf1by3sg
0
Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

 
David AtkinTechnical DirectorCommented:
Note by removing the infection, you remove the option of paying for the decryption.  I haven't found anything that will decrypt it.

This being said, there is no guarantee that paying the ransom will decrypt the files.  Although from what I have read, it does.
0
 
Thomas Zucker-ScharffSystems AnalystCommented:
I have also read that the only way is to pay - but don't pay by credit card!  This is particularly nasty and it is my understanding that by taking the steps outlined in the article in the link I posted you can prevent this from happening on other machines.
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
If you had previously enabled Volume Shadow Copy (on the server) you may be able to recover the files from an earlier time even if backup wasn't running...

Also, if you have any laptops, that haven't reconnected to the network, it MAY be possible offline files has good copies of the network share(s) on a laptop - DO NOT RECONNECT TO YOUR NETWORK - plug in an external drive and copy them from the offline system if you do.

Otherwise... I hope this doesn't put you out of business, losing most of your files.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now