Solved

Ransomware encrypted files

Posted on 2014-03-13
15
1,340 Views
Last Modified: 2014-03-27
Hi,

We have come across a machine that obtained a ransomware virus. We removed the virus using malwarebytes and ms security essential however the files .... jpg, doc, excel, pdf,  etc..... are all still encrypted.

We ran kaspersky's decrytpors xtoris, rector and rohnna (pardon the mispelling) still nothing. we also submitted sample files to kaspersky but haven't heard anything back.

Our question - Does anyone have a good solution on how to decrypt our files?

Thanks.
0
Comment
Question by:sio2y
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
  • 2
15 Comments
 
LVL 5

Expert Comment

by:Joe Jenkins
ID: 39928253
Do you know by chance which version of ransomware you have or which variant?  We will need that if we're going to be able to direct you to the right resources to fix this.
0
 

Author Comment

by:sio2y
ID: 39928255
We dont. We have an image of the actual lock page but don't know the variant.
0
 
LVL 5

Expert Comment

by:Joe Jenkins
ID: 39928257
Can you attach that image?
0
Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

 

Author Comment

by:sio2y
ID: 39928267
Hope this helps
HOWTODECRYPT.GIF
0
 
LVL 5

Accepted Solution

by:
Joe Jenkins earned 500 total points
ID: 39928278
Ewww, these type are really nasty.  

The absolute best article and forum I have found on the subject is located here:
http://www.bleepingcomputer.com/virus-removal/cryptorbit-ransomware-information

I use this one when removing it from client machines.   I was able to use the application in one instance and Volume Shadow Copy method to restore previous versions of the files.  

I hope this helps you out.  These sort of things are quite difficult to handle but with some persistence and a little luck you have a decent chance of getting your data back.
0
 

Author Comment

by:sio2y
ID: 39928284
Thanks! We will give it a shot tomorrow.
0
 
LVL 5

Expert Comment

by:Joe Jenkins
ID: 39928286
Best of luck on that one!
0
 
LVL 10

Expert Comment

by:cpmcomputers
ID: 39928688
0
 
LVL 10

Expert Comment

by:cpmcomputers
ID: 39928714
Sorry didn't realise the same link has been posted :-)

You have the best advice above
0
 
LVL 5

Expert Comment

by:Joe Jenkins
ID: 39928715
Appreciate the acknowledgement on the answer. Thanks CPM.
0
 

Author Closing Comment

by:sio2y
ID: 39930675
THANK YOU!! the test files look good.  Odd how I looked all through bleeping computer and didn't find the article but viola you did and it's working .... only a gazillion more files to go.

Shadow copy wasn't enabled so it was straight to the decryptor tool.

http://download.bleepingcomputer.com/cryptorbit/Anti-CryptorBitV2.zip

Once again - Thank you.
0
 
LVL 5

Expert Comment

by:Joe Jenkins
ID: 39930686
Glad to help! I have had to use it on about 5 people's computers so I happened to have it in bookmarks.

Have fun!
0
 

Author Comment

by:sio2y
ID: 39930697
woo hooo :-)
0
 

Author Comment

by:sio2y
ID: 39934596
An FYI update - The Anti - Cryptor tool was able to decrypt the picture (60gb worth) but on the majority it changed the image size to approx 200 x200. The tool was unable to decrypt any of the docs and pdf's.

The user has decided to seek another opinion. It will be interesting to see what the folks at Fry's say considering the boys in blue wouldn't even touch it.
0
 
LVL 5

Expert Comment

by:Joe Jenkins
ID: 39960183
Sio2y, thanks for the update.  I'm following up on old threads to see if there was any headway made.  Hopefully a tech with it in their hands was able to do more for you.  I had one of these come through on Monday that I spent 3 hours on and was able to get about half of the data.  It's sort of hit or miss, honestly.  If the decryption tool wasn't able to retrieve it, it may not leave much hope for those.
0

Featured Post

IoT Devices - Fast, Cheap or Secure…Pick Two

The IoT market is growing at a rapid pace and manufacturers are under pressure to quickly provide new products. Can you be sure that your devices do what they're supposed to do, while still being secure?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
Article by: Justin
In light of the WannaCry ransomware attack that affected millions of Windows machines, you might wonder if your Mac needs protecting. Yes, it does and here is how to do it.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question