Solved

Ransomware encrypted files

Posted on 2014-03-13
15
1,332 Views
Last Modified: 2014-03-27
Hi,

We have come across a machine that obtained a ransomware virus. We removed the virus using malwarebytes and ms security essential however the files .... jpg, doc, excel, pdf,  etc..... are all still encrypted.

We ran kaspersky's decrytpors xtoris, rector and rohnna (pardon the mispelling) still nothing. we also submitted sample files to kaspersky but haven't heard anything back.

Our question - Does anyone have a good solution on how to decrypt our files?

Thanks.
0
Comment
Question by:sio2y
  • 7
  • 6
  • 2
15 Comments
 
LVL 5

Expert Comment

by:Joe Jenkins
ID: 39928253
Do you know by chance which version of ransomware you have or which variant?  We will need that if we're going to be able to direct you to the right resources to fix this.
0
 

Author Comment

by:sio2y
ID: 39928255
We dont. We have an image of the actual lock page but don't know the variant.
0
 
LVL 5

Expert Comment

by:Joe Jenkins
ID: 39928257
Can you attach that image?
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 

Author Comment

by:sio2y
ID: 39928267
Hope this helps
HOWTODECRYPT.GIF
0
 
LVL 5

Accepted Solution

by:
Joe Jenkins earned 500 total points
ID: 39928278
Ewww, these type are really nasty.  

The absolute best article and forum I have found on the subject is located here:
http://www.bleepingcomputer.com/virus-removal/cryptorbit-ransomware-information

I use this one when removing it from client machines.   I was able to use the application in one instance and Volume Shadow Copy method to restore previous versions of the files.  

I hope this helps you out.  These sort of things are quite difficult to handle but with some persistence and a little luck you have a decent chance of getting your data back.
0
 

Author Comment

by:sio2y
ID: 39928284
Thanks! We will give it a shot tomorrow.
0
 
LVL 5

Expert Comment

by:Joe Jenkins
ID: 39928286
Best of luck on that one!
0
 
LVL 10

Expert Comment

by:cpmcomputers
ID: 39928688
0
 
LVL 10

Expert Comment

by:cpmcomputers
ID: 39928714
Sorry didn't realise the same link has been posted :-)

You have the best advice above
0
 
LVL 5

Expert Comment

by:Joe Jenkins
ID: 39928715
Appreciate the acknowledgement on the answer. Thanks CPM.
0
 

Author Closing Comment

by:sio2y
ID: 39930675
THANK YOU!! the test files look good.  Odd how I looked all through bleeping computer and didn't find the article but viola you did and it's working .... only a gazillion more files to go.

Shadow copy wasn't enabled so it was straight to the decryptor tool.

http://download.bleepingcomputer.com/cryptorbit/Anti-CryptorBitV2.zip

Once again - Thank you.
0
 
LVL 5

Expert Comment

by:Joe Jenkins
ID: 39930686
Glad to help! I have had to use it on about 5 people's computers so I happened to have it in bookmarks.

Have fun!
0
 

Author Comment

by:sio2y
ID: 39930697
woo hooo :-)
0
 

Author Comment

by:sio2y
ID: 39934596
An FYI update - The Anti - Cryptor tool was able to decrypt the picture (60gb worth) but on the majority it changed the image size to approx 200 x200. The tool was unable to decrypt any of the docs and pdf's.

The user has decided to seek another opinion. It will be interesting to see what the folks at Fry's say considering the boys in blue wouldn't even touch it.
0
 
LVL 5

Expert Comment

by:Joe Jenkins
ID: 39960183
Sio2y, thanks for the update.  I'm following up on old threads to see if there was any headway made.  Hopefully a tech with it in their hands was able to do more for you.  I had one of these come through on Monday that I spent 3 hours on and was able to get about half of the data.  It's sort of hit or miss, honestly.  If the decryption tool wasn't able to retrieve it, it may not leave much hope for those.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article outlines the process to identify and resolve account lockout in an Active Directory environment.
Ransomware is a growing menace to anyone using a computer or mobile device. Here are answers to some common questions about this vicious new form of malware.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question