Solved

Cryptovirus file retrieval

Posted on 2013-11-07
2
533 Views
Last Modified: 2013-11-07
Hi guys,

I've just received a client's PC after they had a cryptovirus removed by another IT service company.

I don't know the name of the cryptovirus, but I'm sure I can find out.

The files are all encrypted but all remain in their original location.

Do you have suggestions of how to troubleshoot this without having to pay the 'ransomer', on the off chance that they may release the encryption codes (I wouldn't like to test this)?

Someone suggest data recover through a data recovery agent, but that doesn't sound right - that data's there and the file sizes look about right, they're just encrypted.

Look forward to hearing your thoughts on a way forward.
0
Comment
Question by:Servant-Leggie
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 15

Accepted Solution

by:
Skyler Kincaid earned 500 total points
ID: 39632631
We have had a few computers come in like this and your only option is restoring from backups. The virus uses 2048bit encryption with a unique key that is generated from some punks server.

Paying the ransomer may allow you to restore the files but typically even that option is limited by a deadline.

We have all our clients setup with SOS backup. We have been formatting the machines, restoring the files, installing the Cryptoblocker tool, installing a better antivirus and sending it back out. Here is the link to the prevention tool but we haven't done any testing with it:

http://www.foolishit.com/vb6-projects/cryptoprevent/
0
 

Author Comment

by:Servant-Leggie
ID: 39632703
Thanks, xKincaidx, your solution was pretty much what I was thinking, only I didn't know it was 2048bit encryption (although I did know that it was apparently 'uncrackable' and is apparently the use of impressive and legitimate encryption algorithms for illegitimate purposes).
0

Featured Post

[Webinar] Learn How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
With Windows evolving further, the built-in protective mechanisms get better and better. Still, Microsoft is not very good at introducing those to the technical community. This article is about a new bitlocker functionality that could revolutionize …
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question