• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1002
  • Last Modified:

HOW_DECRYPT malware prevents all my pics from being displayed

All of a sudden, none of my pics (mostly jpg) in my picture folders display.  

An error message is generated which says, “Photo Gallery can’t open this picture or video.  This file format is not supported, or you don’t have the latest updates to Photo Gallery”.

In each of my pic folders now reside an icon identified as ‘HOW_DECRYPT’.  The http
address for this icon is:  https://rj2bocejarqnpuhm.browsetor.com/2d93.  The webpage
indicates it is a decrypt service.  I have never clicked ‘Enter’ to go further with it.  I can not
relate to any form of decryption service anyhow.

I have run a complete virus scan (ESET), a complete malware check (SpyHunter), a
complete register check (RegCure), and a maintenance run (Tuneup 1-Click Utilites),
all to no avail.  Oh, some errors were rectified, but nothing that relates to How_Decrypt
and displaying of all my pics.  The issue remains.  

I have the Vista operating system on a HP Pavilion dv9310us laptop.

With Easter coming up, and not being able to display any pics (mostly jpg), can anyone
help me ?  I have thousands of pics being stored and need to ‘free’ them for display,
printing, etc..

Thanks !
0
danhrmr
Asked:
danhrmr
  • 2
  • 2
3 Solutions
 
Tony GiangrecoCommented:
It sounds like you have been hit with CryptoLocker.  It's an encryption scheme hackers place on all your docs and pics of local and network folders.

There are multiple lines of defense before getting hit:

1. Installing a good firewall like Cisco, Sonicwall or Barracuda that includes content filtering to inspect packets as they are received and drop suspicious and known file types before they reach your network.

2. There are also some software firewalls that help but we believe a stand alone hardware firewall is best.

3. Installing a web based anti spam service that inspects email before it's received like the content filtering above. We use GFI Mail Essentials Online for this service.

4. Educate your users not to open email that looks irregular and from someone they do not expect. This is just plain common sense feature that some people don't use.

If you get hit with CryptoLocker, there are two solutions:

1. Restore from a backup
2. Pay the ransom and hope they unlock your files.
0
 
runleveltechCommented:
This is a bad one,   Sorry to say that there is no current way to decrypt your files.

Bleeping computer has a program that will fix the previous HOW_Decrypt virus ( 512 & 1024 bit encryptions ) but this new varient has 2048bit encryption and cannot be undone.

 ( take this with a grain of salt,  the files are actually just corrupted in the headers not truly encrypted to Mil-spec cryptogrtaphy) But the result is the same, cant open the files.

Appearantly some people have paid the 300$ and got the decrytion key, but I wouldnt risk it.

This has all the info :  http://www.bleepingcomputer.com/virus-removal/cryptorbit-ransomware-information

There is a program for varients previous to April 1 2014,

http://www.malwarekillers.com/how-to-decrypt-cryptodefense-files/

can try it out anyway. It did not work for me I tried it on 4 different infected machines.

Best of luck
0
 
Thomas Zucker-ScharffSystems AnalystCommented:
I have yet to see recovery from cryptolocker but let me reiterate runleveltech's advice - check this page:  

http://www.bleepingcomputer.com/virus-removal/cryptodefense-ransomware-information

Also the last I looked they were charging 10 bitcoins which translates to about 5053.00 (505.3 dollars/bitcoin) see the dynamic converter on preev.com.  So unless your pictures are worth over $5000 you will not be able to recover them (unless the above works for you).
0
 
Tony GiangrecoCommented:
As I mentioned in my advice above, there are only two ways to recover:

1. Pay the ransom
2. Restore from a backup.

Many people have been hit with this. Hope you understand.

Have I answered your question? Anything else?
0
 
Thomas Zucker-ScharffSystems AnalystCommented:
Also - although this a "close the barn door after the cow is gone" situation, I highly recommend, when you consider what backup to use, something that uses versioning.  This will allow you to go back several versions if you get hit by something like this and don't realize it immediately.  There are several cloud backup options that have the capabilities - you will need to match them to your needs and pocketbook.

Spideroak
Crashplan
Comodo - I don't have first hand knowledge of this backup option
etc.

Remember anything that is not backed up in at least 2 other places is not important.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now