jlouija
asked on
Cryptolocker recovery and management
Although we are not 100 percent certain, it appears that my small company has been hit with the Cryptolocker virus or something that behaves exactly like it. What we really need is a decryption tool, but from previous threads on the topic it appears that only the creators of the virus can decode it, which leaves me with two questions: 1. Short of paying the ransom, which for reasons below is no longer possible, how can I be sure that the virus is not longer operable, and 2. Can you recommend the kind of service that would be best to transfer Gigabytes of magnetic tape storage to a hard drive? If you know of a specific vendor, all the better. In relation to the first question, I attach an OTL.text file of my laptop hard drive. Here is the chronology:
1. Somewhere around 3pm last Friday, something entered our company network and began encrypting Microsoft Office files. We know this from the date-modified stamps on the files. (I can attach one of the files if that would help.)
3. While I was working I noticed that I was getting corrupted file errors on some of the office docs I was working on, but I copied the contents into new files and was good to go, so I thought it just a fluke. It had, however encrypted all the Word, Excel, and possibly Access files on my hard drive.
4. Somewhere around 6:30 pm on the same day, I detached my laptop from the network and left the office for a week.
5. I received no ransom notice.
6. When our IT guy came in last Monday, he saw that the network office files had been encrypted, and that the encryption stopped just about the time I unplugged from the network.
5. On Monday, I deed a deep scan with Emsisoft, which found only this: adware.generic.416455; Also did deep scan with Malware Bytes and quarantined two PUPs which Malware labeled "optional"
6. Have also completed scan with Emsisoft on all other computers connected to the network, which revealed nothing.
7. I also restored my computer to an earlier setting.
My questions then:
1. New files put on the network and on my hard drive are perfectly readable now. How can we assume that the virus is no longer active?
2. What is the best way to transfer large volumes of data from a magnetic tape back-up to a digital hard drive. Using the tools we have now, it takes a while to locate files and make the transfer so we would be looking maybe to a service that can convert the entire tape or large segment of it at once.
Thanks
OTL1.Txt
1. Somewhere around 3pm last Friday, something entered our company network and began encrypting Microsoft Office files. We know this from the date-modified stamps on the files. (I can attach one of the files if that would help.)
3. While I was working I noticed that I was getting corrupted file errors on some of the office docs I was working on, but I copied the contents into new files and was good to go, so I thought it just a fluke. It had, however encrypted all the Word, Excel, and possibly Access files on my hard drive.
4. Somewhere around 6:30 pm on the same day, I detached my laptop from the network and left the office for a week.
5. I received no ransom notice.
6. When our IT guy came in last Monday, he saw that the network office files had been encrypted, and that the encryption stopped just about the time I unplugged from the network.
5. On Monday, I deed a deep scan with Emsisoft, which found only this: adware.generic.416455; Also did deep scan with Malware Bytes and quarantined two PUPs which Malware labeled "optional"
6. Have also completed scan with Emsisoft on all other computers connected to the network, which revealed nothing.
7. I also restored my computer to an earlier setting.
My questions then:
1. New files put on the network and on my hard drive are perfectly readable now. How can we assume that the virus is no longer active?
2. What is the best way to transfer large volumes of data from a magnetic tape back-up to a digital hard drive. Using the tools we have now, it takes a while to locate files and make the transfer so we would be looking maybe to a service that can convert the entire tape or large segment of it at once.
Thanks
OTL1.Txt
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER