Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Ransomware encrypted files

Posted on 2014-03-13
15
Medium Priority
?
1,350 Views
Last Modified: 2014-03-27
Hi,

We have come across a machine that obtained a ransomware virus. We removed the virus using malwarebytes and ms security essential however the files .... jpg, doc, excel, pdf,  etc..... are all still encrypted.

We ran kaspersky's decrytpors xtoris, rector and rohnna (pardon the mispelling) still nothing. we also submitted sample files to kaspersky but haven't heard anything back.

Our question - Does anyone have a good solution on how to decrypt our files?

Thanks.
0
Comment
Question by:sio2y
  • 7
  • 6
  • 2
15 Comments
 
LVL 5

Expert Comment

by:Joe Jenkins
ID: 39928253
Do you know by chance which version of ransomware you have or which variant?  We will need that if we're going to be able to direct you to the right resources to fix this.
0
 

Author Comment

by:sio2y
ID: 39928255
We dont. We have an image of the actual lock page but don't know the variant.
0
 
LVL 5

Expert Comment

by:Joe Jenkins
ID: 39928257
Can you attach that image?
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 

Author Comment

by:sio2y
ID: 39928267
Hope this helps
HOWTODECRYPT.GIF
0
 
LVL 5

Accepted Solution

by:
Joe Jenkins earned 2000 total points
ID: 39928278
Ewww, these type are really nasty.  

The absolute best article and forum I have found on the subject is located here:
http://www.bleepingcomputer.com/virus-removal/cryptorbit-ransomware-information

I use this one when removing it from client machines.   I was able to use the application in one instance and Volume Shadow Copy method to restore previous versions of the files.  

I hope this helps you out.  These sort of things are quite difficult to handle but with some persistence and a little luck you have a decent chance of getting your data back.
0
 

Author Comment

by:sio2y
ID: 39928284
Thanks! We will give it a shot tomorrow.
0
 
LVL 5

Expert Comment

by:Joe Jenkins
ID: 39928286
Best of luck on that one!
0
 
LVL 10

Expert Comment

by:cpmcomputers
ID: 39928688
0
 
LVL 10

Expert Comment

by:cpmcomputers
ID: 39928714
Sorry didn't realise the same link has been posted :-)

You have the best advice above
0
 
LVL 5

Expert Comment

by:Joe Jenkins
ID: 39928715
Appreciate the acknowledgement on the answer. Thanks CPM.
0
 

Author Closing Comment

by:sio2y
ID: 39930675
THANK YOU!! the test files look good.  Odd how I looked all through bleeping computer and didn't find the article but viola you did and it's working .... only a gazillion more files to go.

Shadow copy wasn't enabled so it was straight to the decryptor tool.

http://download.bleepingcomputer.com/cryptorbit/Anti-CryptorBitV2.zip

Once again - Thank you.
0
 
LVL 5

Expert Comment

by:Joe Jenkins
ID: 39930686
Glad to help! I have had to use it on about 5 people's computers so I happened to have it in bookmarks.

Have fun!
0
 

Author Comment

by:sio2y
ID: 39930697
woo hooo :-)
0
 

Author Comment

by:sio2y
ID: 39934596
An FYI update - The Anti - Cryptor tool was able to decrypt the picture (60gb worth) but on the majority it changed the image size to approx 200 x200. The tool was unable to decrypt any of the docs and pdf's.

The user has decided to seek another opinion. It will be interesting to see what the folks at Fry's say considering the boys in blue wouldn't even touch it.
0
 
LVL 5

Expert Comment

by:Joe Jenkins
ID: 39960183
Sio2y, thanks for the update.  I'm following up on old threads to see if there was any headway made.  Hopefully a tech with it in their hands was able to do more for you.  I had one of these come through on Monday that I spent 3 hours on and was able to get about half of the data.  It's sort of hit or miss, honestly.  If the decryption tool wasn't able to retrieve it, it may not leave much hope for those.
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
Your business may be under attack from a silent enemy that is hard to detect. It works stealthily in the shadows to access and exploit your critical business information, sensitive confidential data and intellectual property, for commercial gain. T…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question