Solved

Ransomware encrypted files

Posted on 2014-03-13
15
1,328 Views
Last Modified: 2014-03-27
Hi,

We have come across a machine that obtained a ransomware virus. We removed the virus using malwarebytes and ms security essential however the files .... jpg, doc, excel, pdf,  etc..... are all still encrypted.

We ran kaspersky's decrytpors xtoris, rector and rohnna (pardon the mispelling) still nothing. we also submitted sample files to kaspersky but haven't heard anything back.

Our question - Does anyone have a good solution on how to decrypt our files?

Thanks.
0
Comment
Question by:sio2y
  • 7
  • 6
  • 2
15 Comments
 
LVL 5

Expert Comment

by:Joe Jenkins
ID: 39928253
Do you know by chance which version of ransomware you have or which variant?  We will need that if we're going to be able to direct you to the right resources to fix this.
0
 

Author Comment

by:sio2y
ID: 39928255
We dont. We have an image of the actual lock page but don't know the variant.
0
 
LVL 5

Expert Comment

by:Joe Jenkins
ID: 39928257
Can you attach that image?
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 

Author Comment

by:sio2y
ID: 39928267
Hope this helps
HOWTODECRYPT.GIF
0
 
LVL 5

Accepted Solution

by:
Joe Jenkins earned 500 total points
ID: 39928278
Ewww, these type are really nasty.  

The absolute best article and forum I have found on the subject is located here:
http://www.bleepingcomputer.com/virus-removal/cryptorbit-ransomware-information

I use this one when removing it from client machines.   I was able to use the application in one instance and Volume Shadow Copy method to restore previous versions of the files.  

I hope this helps you out.  These sort of things are quite difficult to handle but with some persistence and a little luck you have a decent chance of getting your data back.
0
 

Author Comment

by:sio2y
ID: 39928284
Thanks! We will give it a shot tomorrow.
0
 
LVL 5

Expert Comment

by:Joe Jenkins
ID: 39928286
Best of luck on that one!
0
 
LVL 10

Expert Comment

by:cpmcomputers
ID: 39928688
0
 
LVL 10

Expert Comment

by:cpmcomputers
ID: 39928714
Sorry didn't realise the same link has been posted :-)

You have the best advice above
0
 
LVL 5

Expert Comment

by:Joe Jenkins
ID: 39928715
Appreciate the acknowledgement on the answer. Thanks CPM.
0
 

Author Closing Comment

by:sio2y
ID: 39930675
THANK YOU!! the test files look good.  Odd how I looked all through bleeping computer and didn't find the article but viola you did and it's working .... only a gazillion more files to go.

Shadow copy wasn't enabled so it was straight to the decryptor tool.

http://download.bleepingcomputer.com/cryptorbit/Anti-CryptorBitV2.zip

Once again - Thank you.
0
 
LVL 5

Expert Comment

by:Joe Jenkins
ID: 39930686
Glad to help! I have had to use it on about 5 people's computers so I happened to have it in bookmarks.

Have fun!
0
 

Author Comment

by:sio2y
ID: 39930697
woo hooo :-)
0
 

Author Comment

by:sio2y
ID: 39934596
An FYI update - The Anti - Cryptor tool was able to decrypt the picture (60gb worth) but on the majority it changed the image size to approx 200 x200. The tool was unable to decrypt any of the docs and pdf's.

The user has decided to seek another opinion. It will be interesting to see what the folks at Fry's say considering the boys in blue wouldn't even touch it.
0
 
LVL 5

Expert Comment

by:Joe Jenkins
ID: 39960183
Sio2y, thanks for the update.  I'm following up on old threads to see if there was any headway made.  Hopefully a tech with it in their hands was able to do more for you.  I had one of these come through on Monday that I spent 3 hours on and was able to get about half of the data.  It's sort of hit or miss, honestly.  If the decryption tool wasn't able to retrieve it, it may not leave much hope for those.
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
What is CEO Fraud? 8 90
Access 2016 5 56
Access ACCDE without Encryption 1 23
SSD encryption options with Windows 10 Pro 5 25
In this increasingly digital world, security hacks are no longer just a threat, but a reality. As we've witnessed with Target's big identity hack 2013, Heartbleed in 2015, and now Cloudbleed, companies and their leaders need to prepare for the unthi…
February 24, 2017 — On February 23, Travis Ormandy, a vulnerability researcher at Google, reported on Twitter (https://twitter.com/taviso/status/834900838837411840) that massive stores of data have been leaked by CloudFlare, a company that provide…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question