Solved

Ransomware encrypted files

Posted on 2014-03-13
15
1,335 Views
Last Modified: 2014-03-27
Hi,

We have come across a machine that obtained a ransomware virus. We removed the virus using malwarebytes and ms security essential however the files .... jpg, doc, excel, pdf,  etc..... are all still encrypted.

We ran kaspersky's decrytpors xtoris, rector and rohnna (pardon the mispelling) still nothing. we also submitted sample files to kaspersky but haven't heard anything back.

Our question - Does anyone have a good solution on how to decrypt our files?

Thanks.
0
Comment
Question by:sio2y
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
  • 2
15 Comments
 
LVL 5

Expert Comment

by:Joe Jenkins
ID: 39928253
Do you know by chance which version of ransomware you have or which variant?  We will need that if we're going to be able to direct you to the right resources to fix this.
0
 

Author Comment

by:sio2y
ID: 39928255
We dont. We have an image of the actual lock page but don't know the variant.
0
 
LVL 5

Expert Comment

by:Joe Jenkins
ID: 39928257
Can you attach that image?
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

 

Author Comment

by:sio2y
ID: 39928267
Hope this helps
HOWTODECRYPT.GIF
0
 
LVL 5

Accepted Solution

by:
Joe Jenkins earned 500 total points
ID: 39928278
Ewww, these type are really nasty.  

The absolute best article and forum I have found on the subject is located here:
http://www.bleepingcomputer.com/virus-removal/cryptorbit-ransomware-information

I use this one when removing it from client machines.   I was able to use the application in one instance and Volume Shadow Copy method to restore previous versions of the files.  

I hope this helps you out.  These sort of things are quite difficult to handle but with some persistence and a little luck you have a decent chance of getting your data back.
0
 

Author Comment

by:sio2y
ID: 39928284
Thanks! We will give it a shot tomorrow.
0
 
LVL 5

Expert Comment

by:Joe Jenkins
ID: 39928286
Best of luck on that one!
0
 
LVL 10

Expert Comment

by:cpmcomputers
ID: 39928688
0
 
LVL 10

Expert Comment

by:cpmcomputers
ID: 39928714
Sorry didn't realise the same link has been posted :-)

You have the best advice above
0
 
LVL 5

Expert Comment

by:Joe Jenkins
ID: 39928715
Appreciate the acknowledgement on the answer. Thanks CPM.
0
 

Author Closing Comment

by:sio2y
ID: 39930675
THANK YOU!! the test files look good.  Odd how I looked all through bleeping computer and didn't find the article but viola you did and it's working .... only a gazillion more files to go.

Shadow copy wasn't enabled so it was straight to the decryptor tool.

http://download.bleepingcomputer.com/cryptorbit/Anti-CryptorBitV2.zip

Once again - Thank you.
0
 
LVL 5

Expert Comment

by:Joe Jenkins
ID: 39930686
Glad to help! I have had to use it on about 5 people's computers so I happened to have it in bookmarks.

Have fun!
0
 

Author Comment

by:sio2y
ID: 39930697
woo hooo :-)
0
 

Author Comment

by:sio2y
ID: 39934596
An FYI update - The Anti - Cryptor tool was able to decrypt the picture (60gb worth) but on the majority it changed the image size to approx 200 x200. The tool was unable to decrypt any of the docs and pdf's.

The user has decided to seek another opinion. It will be interesting to see what the folks at Fry's say considering the boys in blue wouldn't even touch it.
0
 
LVL 5

Expert Comment

by:Joe Jenkins
ID: 39960183
Sio2y, thanks for the update.  I'm following up on old threads to see if there was any headway made.  Hopefully a tech with it in their hands was able to do more for you.  I had one of these come through on Monday that I spent 3 hours on and was able to get about half of the data.  It's sort of hit or miss, honestly.  If the decryption tool wasn't able to retrieve it, it may not leave much hope for those.
0

Featured Post

Create Professional Looking Email Signatures

Create "Professional HTML Email Signatures" with ease.
7 Day Money Back Guarantee if not 100% Satisfied.
Affordable - Try it out for 7 Days Totally Risk Free.
Installers provided for over 45 Email clients.
Both Windows & MAC Supported.
Highly Recommended!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many businesses neglect disaster recovery and treat it as an after-thought. I can tell you first hand that data will be lost, hard drives die, servers will be hacked, and careless (or malicious) employees can ruin your data.
No single Antivirus application (despite claims by manufacturers) will catch or protect you from all Virus / Malware or Spyware threats. That doesn't stop you from further protecting yourself however - and this article is to show you how.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question