Solved

Cryptovirus file retrieval

Posted on 2013-11-07
2
521 Views
Last Modified: 2013-11-07
Hi guys,

I've just received a client's PC after they had a cryptovirus removed by another IT service company.

I don't know the name of the cryptovirus, but I'm sure I can find out.

The files are all encrypted but all remain in their original location.

Do you have suggestions of how to troubleshoot this without having to pay the 'ransomer', on the off chance that they may release the encryption codes (I wouldn't like to test this)?

Someone suggest data recover through a data recovery agent, but that doesn't sound right - that data's there and the file sizes look about right, they're just encrypted.

Look forward to hearing your thoughts on a way forward.
0
Comment
Question by:Servant-Leggie
2 Comments
 
LVL 15

Accepted Solution

by:
Skyler Kincaid earned 500 total points
ID: 39632631
We have had a few computers come in like this and your only option is restoring from backups. The virus uses 2048bit encryption with a unique key that is generated from some punks server.

Paying the ransomer may allow you to restore the files but typically even that option is limited by a deadline.

We have all our clients setup with SOS backup. We have been formatting the machines, restoring the files, installing the Cryptoblocker tool, installing a better antivirus and sending it back out. Here is the link to the prevention tool but we haven't done any testing with it:

http://www.foolishit.com/vb6-projects/cryptoprevent/
0
 

Author Comment

by:Servant-Leggie
ID: 39632703
Thanks, xKincaidx, your solution was pretty much what I was thinking, only I didn't know it was 2048bit encryption (although I did know that it was apparently 'uncrackable' and is apparently the use of impressive and legitimate encryption algorithms for illegitimate purposes).
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have published numerous articles here at Experts Exchange that present programs/scripts written in a language called AutoHotkey. Each of those articles has a brief paragraph describing where to download the product and how to install it. I have al…
I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now