• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 773
  • Last Modified:

cryptolocker infection

one of my users opened an email attachment (voicemail) but was an application and got infected with cryptolocker. it has affected several shares and all of the files on the computer.

they are demanding $300.

i do have backups i can restore from. my question is how do i know the virus is only on this machine and hasn't infected the server where the file shares are? 2 of the 5 shares seem to be infected.

is it worth paying the $300?

btw still not sure how the infection got past the spam filter, fortinet firewall, and panda cloud antivirus.
0
datatechdc
Asked:
datatechdc
  • 8
  • 7
4 Solutions
 
Thomas Zucker-ScharffSolution GuideCommented:
If you have backups use them.  Whatever you do DO NOT use a credit card to pay for decrypting (if you go that route).  Your network shares have a good chance of being infected - if you can open files you are okay.  Make sure the infected machines are not on the network.

Check out these links for preventitive measures (I know it is a bit of closing the barn doors after the cow is gone, but...)

http://windowssecrets.com/top-story/cryptolocker-a-particularly-pernicious-virus/

This one purports to be a fix, although I have no first hand experience with it and have some doubts as to it's veracity (as do many of the commentors at the bottom of the article):

http://malwarefixes.com/remove-cryptolocker-virus/
0
 
datatechdcAuthor Commented:
i have located the infected files. it only got to 2 out of the 5 shares and i located the email that it came from. the email disguised itself as a voicemail in a zip file. when you open it the file type is an exe and not an audio file.

how can i check to see if other machines on the network got infected?
0
 
datatechdcAuthor Commented:
btw they want payment in the form of bitcoin. the question is if i wanted to pay the $300 and get the key just in case, how would i decrypt all of the data they infected. is there a utility or software or do you have to do it one at a time?
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
Thomas Zucker-ScharffSolution GuideCommented:
They supposedly give you the key and then you can unencrypt all files on a drive at once by using a standard decryptor and inputting the key they provide (see the supposed solution link - they are using a sophos decryptor that will request a decryption key.
0
 
Thomas Zucker-ScharffSolution GuideCommented:
Oh and if you have backups you won't need the decryption key - but just in case make another backup before the restore.
0
 
datatechdcAuthor Commented:
im checking my backups now. absolutely ridiculous how they can do this.

what are the chances if you pay the money, they will actually provide the key?
0
 
Thomas Zucker-ScharffSolution GuideCommented:
From the people I've spoken to the key has been provided.  Just don't give them any info that will allow them to steal $$ or your identity.  It is ridiculous, so if you can use backups all the better.
0
 
datatechdcAuthor Commented:
have you used bitcoin? seems to be a safe way to send money without compromising identity.
0
 
Thomas Zucker-ScharffSolution GuideCommented:
Never used it.  I do use paypal and feel that is fairly safe.
0
 
datatechdcAuthor Commented:
they only accept bitcoin or moneypak
0
 
datatechdcAuthor Commented:
the panda utility doesnt work at all. even though i have a good version of the same files it still doesnt work.

looks like im fully depending on my backup.
0
 
Thomas Zucker-ScharffSolution GuideCommented:
Sorry to hear.  Good luck.
0
 
datatechdcAuthor Commented:
i obtained the key. what utility can i use to decrypt the files?
0
 
Thomas Zucker-ScharffSolution GuideCommented:
There are a number of tools.  Although I have no personal experience with it, Kaspersky recommends their own klwk utility (http://support.kaspersky.com/viruses/utility and http://support.kaspersky.com/55).
0
 
datatechdcAuthor Commented:
i dont see how these utilities will allow me to use the encryption key i paid for to decrypt the files?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

  • 8
  • 7
Tackle projects and never again get stuck behind a technical roadblock.
Join Now