rans.crypto

Help please
I have rans.crypto
i cant open my files says them are corrupt!!!
any help
tsm
edo
ErnestoAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
☠ MASQ ☠Connect With a Mentor Commented:
Recovering encrypted files - no (unless you've left the malware running and pay the ransom)

If you don't have backups then they cannot be restored.

If you removed the trojan before the ransom message appeared then not all of your images/office data will have been encrypted.  Once the ransom message is displayed all the files that Crypto indexed have already been encrypted.

See also: http://www.experts-exchange.com/Security/Encryption/Q_28295419.html
0
 
ErnestoAuthor Commented:
please any advice in here
0
 
ErnestoAuthor Commented:
is any way to recover the files damaged?
please!!
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
Mohammed HamadaSenior IT ConsultantCommented:
Follow the instruction in this link please.

http://www.bleepingcomputer.com/forums/t/518406/virus-or-ratroot-from-hell/

IF you face any issue, please post it here and we'll follow up with you.
0
 
☠ MASQ ☠Commented:
moh10ly - did you read that thread? - Their computer ended up being scrapped!

If you want the latest on Rans.Crypto/Cryptolocker the current knowledge base on it is here:
http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information
0
 
Mohammed HamadaSenior IT ConsultantCommented:
Sorry I didn't notice that in the end! But I think it's obvious the asker will need to pay to get the files decrypted or get yours files encrypted forever and lose the key.
0
 
ErnestoAuthor Commented:
Oh man, so bad News, the payment banner  do not display never?? So i do not have the payment option, i never saw something like that before.  
In the future you think is Google to be a solution?
0
 
☠ MASQ ☠Commented:
It's unlikely - the encryption keys are unique to each machine - preventing the infection is currently the only way - it's clever in that even though the files are being encrypted the trojan decrypts them when you want to access them so a lot of users don't realise they are affected until it completes the encryption of all the files it can index.
0
 
Mohammed HamadaSenior IT ConsultantCommented:
I think you will need a very good decryption tool and a SUPER Computer to work on the decryption. as you may know the decryption process usually takes lot of time sometimes weeks, months or a year or even more depending on the encryption methods.

The NSA scandal about spying on governments had them to use super powerful computers that decreases the process of key decryption for the most complicated encryption algorithms.

Your problem lies on two main factors 1- time. 2- Resources.
If you have both you maybe able to solve it. otherwise I would say the only one would be the payment.

And I would just give a personal recommendation to use Linux OS as your personal Desktop. have been using it for 2 years now and i can say i'm very happy with it as an end user.
0
 
Thomas Zucker-ScharffSystems AnalystCommented:
Using Linux is a good suggestion - my best suggestion (since once you have this it is virtually impossible to get rid unless you pay the ransom, recover your files then reformat the system) is backup with versioning.  Whether you use something like spideroak (spideroak.com), crashplan (crashplan.com) or dropbox - not as good - (dropbox.com), something is much better than nothing.  

We are piloting crashplan here and have already used it to recover from a nasty crypto infection - the versioning was the key.
0
 
ErnestoAuthor Commented:
how can i be sure that i have no more that virus in my machine
is any tool for know that for sure?

tsm
0
 
Thomas Zucker-ScharffSystems AnalystCommented:
Nothing will guarantee it.  Use RogueKiller, then do not reboot and do a deep scan with MBAM.  

Your best bet is to use something like DBAN to wipe the system and then reinstall from scratch.
0
 
ErnestoAuthor Commented:
please i need to contact this guy for payment
do any know how do that?
tsm
0
 
Thomas Zucker-ScharffSystems AnalystCommented:
I believe they only take bitcoin.  Whatever you do, do NOT reveal any information that is personally identifiable, or fiscal information.  Make sure you are making a onetime payment and you should double check the security on your bitcoin account.

Normally you get the decrypt code fairly quickly once you pay (last I looked it was about $300.00).
0
 
Mohammed HamadaSenior IT ConsultantCommented:
If anyone knows him he'd be in prison long ago! I think all the payment info is anonymous and the owner of this virus knows well how to hide his identity.

I'm not sure what other experts think. this is my theory though.
0
 
ErnestoAuthor Commented:
the virus go thru maped network drive?

in this moment i dont care about the machine even is a serious lost of data that do no have backup, but i want to know if is going thru my server by a mapping connection
tsm
0
 
☠ MASQ ☠Commented:
If you have removed the trojan then you shouldn't see any additional network traffic as a result, however left to run unchecked Rans.Crypto.Win32 will continue to encrypt all files it has read/write access to even if they are remote from the affected machine.

The BleepingComputer link includes details on contacting the CryptoLocker Decryption Service however the current ransom is 10 BTC which is about US$ 6500.

Rans.Crypto.Win32 is a trojan and so does not spread by infecting other files.  Nor is it known to be packaged with other viruses (and this would be counter productive for the authors of Cryptolocker as they want your computer healthy if you pay the ransom to decrypt) .  However the behaviour that causes Crypto infections (opening unknown email attachments) means that if a machine is infected with a ransomware trojan the user is more likely to be at risk of further infections.  As tzucker says - it's not possible to guarantee your system is clean.
0
 
Thomas Zucker-ScharffSystems AnalystCommented:
For one bitcoin you can buy a pretty good NEW computer for 10 BTC you can one of the best out there.  Is the data worth that much?  

I have a colleague who has as part of his email signature:

"Data that is not backed up in at least two places, is data that you don't care about."
0
 
ErnestoAuthor Commented:
oh man, hope the data do not care, is the director lap top.
i cant belive there is not a genious in the world that made a vaccine
is my hope
0
 
Thomas Zucker-ScharffSystems AnalystCommented:
This was apt to happen sooner rather than later.  I always tell my director that if he is not backing up his data then the onus is on him.  I installed CrashPlanPROe on his laptop.  If you don't have an institutional license then get it just for him.  The cost is not bad at all for large data chunks.  It is even less if you register under an edu address.
0
 
Mohammed HamadaSenior IT ConsultantCommented:
I think you can try and contact on-track company, those guys are geniuses in recovering data but i'm not sure about decrypting it though.

I have once formatted a computer and installed windows on it and with their help was able to restore every single data that was lost.

Try giving them a phone call. you wont lose nothing
http://www.krollontrack.com/data-recovery/
0
 
Thomas Zucker-ScharffSystems AnalystCommented:
The data recovery people are generally not a help with encrypted data.  We have used DriveSavers in the past for data recovery in extreme cases and they have never failed us (they do charge a hefty price though - not as much as crypto).  If you have any success, let us know.
0
 
☠ MASQ ☠Commented:
Seriously the only way to decrypt these is a brute force attempt to guess the 128AES key that has been randomly generated  - you've more chance of getting the NSA to help.

You do have the added advantage of telling your director that, "following investigation it seems to have been caused by someone opening an infected email attachment on this computer" though.
0
 
ErnestoAuthor Commented:
yes, it was his fault by open a suspicius mail and run the attachments, even if he warned,
but as you understand, blame it guy. thats a sh#$#t
0
 
ErnestoAuthor Commented:
Hi experts,
How about this article, could be help to recover my files? Dónde any one has any adivice about it?
http://www.adlice.com/cryptolocker-removal-roguekiller/

Tsm
0
 
Mohammed HamadaSenior IT ConsultantCommented:
This is just to avoid the crypto program from running it self on startup using the registry but it doesn't solve your problem.

You have encrypted files and you will need the key to decrypt them. that's it.
0
 
ErnestoAuthor Commented:
ohh man, i cant belive it. is the worst think that ever seen.
that mfer must be in jail.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.