?
Solved

Nasty Virus

Posted on 2013-11-05
6
Medium Priority
?
356 Views
Last Modified: 2014-04-30
Has anyone come accross a virus Trojan-Ransom.Win32.Agent what it has done is encypt all files and we have removed the virus but obviously the damage is done.

Backup unfortunally is not an option after an idiot has not been checking it.

Not sure if anyone has seen how to decrypt the files.
0
Comment
Question by:Alex Young
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 22

Expert Comment

by:David Atkin
ID: 39624860
Hello,

Unfortunately there isn't a way of decrypting the files that I am aware of without paying the fee.

I had one of these last week. Fortunately I had a backup and was able to remove the infected machine off the network and then restore the files.

Your options are:

1) Pay the fee and hope that it decrypts the files
2) Restore from a backup.

The following article is helpful at preventing this in the future:

http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information

Also, stress how important the backup is to the individual that was meant to be checking it.  I do strongly suggest applying the software restrictions policy's on PCs which is explained in the article.
0
 
LVL 24

Expert Comment

by:aadih
ID: 39624893
As Scorpeo says: Without a backup you are out of luck. You may reinstall, but you will lose all your data. Sorry. :-(
0
 
LVL 29

Expert Comment

by:Thomas Zucker-Scharff
ID: 39624942
Check this out - I don't have experience with procedures but the article is good.

http://www.one-tab.com/page/qQd-mP19ROmXPpUf1by3sg
0
WatchGuard's M Series Appliances - Miecom Approved

WatchGuard's newest M series appliances were put to the test by Miercom.  We had great results and outperformed all of our competitors in both stateless and stateful traffic throghput scenarios! Ready to see how your UTM appliance stacked up? Download the Miercom Report!

 
LVL 22

Expert Comment

by:David Atkin
ID: 39624975
Note by removing the infection, you remove the option of paying for the decryption.  I haven't found anything that will decrypt it.

This being said, there is no guarantee that paying the ransom will decrypt the files.  Although from what I have read, it does.
0
 
LVL 29

Expert Comment

by:Thomas Zucker-Scharff
ID: 39624999
I have also read that the only way is to pay - but don't pay by credit card!  This is particularly nasty and it is my understanding that by taking the steps outlined in the article in the link I posted you can prevent this from happening on other machines.
0
 
LVL 96

Accepted Solution

by:
Lee W, MVP earned 2000 total points
ID: 39625172
If you had previously enabled Volume Shadow Copy (on the server) you may be able to recover the files from an earlier time even if backup wasn't running...

Also, if you have any laptops, that haven't reconnected to the network, it MAY be possible offline files has good copies of the network share(s) on a laptop - DO NOT RECONNECT TO YOUR NETWORK - plug in an external drive and copy them from the offline system if you do.

Otherwise... I hope this doesn't put you out of business, losing most of your files.
0

Featured Post

Four New Appliances. Same Industry-leading Speeds.

But don't take it from us.  The Firebox M370 is Miercom tested and Miercom approved, outperforming its competitors for stateless and stateful traffic throughput scenarios.  Learn more about the M370, M470, M570 and M670 and find the right solution for your organization today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Curious about the latest ransomware attack? Check out our timeline of events surrounding the spread of this new virus along with tips on how to mitigate the damage.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question