Solved

Nasty Virus

Posted on 2013-11-05
6
348 Views
Last Modified: 2014-04-30
Has anyone come accross a virus Trojan-Ransom.Win32.Agent what it has done is encypt all files and we have removed the virus but obviously the damage is done.

Backup unfortunally is not an option after an idiot has not been checking it.

Not sure if anyone has seen how to decrypt the files.
0
Comment
Question by:Alex Young
6 Comments
 
LVL 22

Expert Comment

by:David Atkin
ID: 39624860
Hello,

Unfortunately there isn't a way of decrypting the files that I am aware of without paying the fee.

I had one of these last week. Fortunately I had a backup and was able to remove the infected machine off the network and then restore the files.

Your options are:

1) Pay the fee and hope that it decrypts the files
2) Restore from a backup.

The following article is helpful at preventing this in the future:

http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information

Also, stress how important the backup is to the individual that was meant to be checking it.  I do strongly suggest applying the software restrictions policy's on PCs which is explained in the article.
0
 
LVL 24

Expert Comment

by:aadih
ID: 39624893
As Scorpeo says: Without a backup you are out of luck. You may reinstall, but you will lose all your data. Sorry. :-(
0
 
LVL 26

Expert Comment

by:Thomas Zucker-Scharff
ID: 39624942
Check this out - I don't have experience with procedures but the article is good.

http://www.one-tab.com/page/qQd-mP19ROmXPpUf1by3sg
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 22

Expert Comment

by:David Atkin
ID: 39624975
Note by removing the infection, you remove the option of paying for the decryption.  I haven't found anything that will decrypt it.

This being said, there is no guarantee that paying the ransom will decrypt the files.  Although from what I have read, it does.
0
 
LVL 26

Expert Comment

by:Thomas Zucker-Scharff
ID: 39624999
I have also read that the only way is to pay - but don't pay by credit card!  This is particularly nasty and it is my understanding that by taking the steps outlined in the article in the link I posted you can prevent this from happening on other machines.
0
 
LVL 95

Accepted Solution

by:
Lee W, MVP earned 500 total points
ID: 39625172
If you had previously enabled Volume Shadow Copy (on the server) you may be able to recover the files from an earlier time even if backup wasn't running...

Also, if you have any laptops, that haven't reconnected to the network, it MAY be possible offline files has good copies of the network share(s) on a laptop - DO NOT RECONNECT TO YOUR NETWORK - plug in an external drive and copy them from the offline system if you do.

Otherwise... I hope this doesn't put you out of business, losing most of your files.
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now