Solved

My files are encrypted with aimmkvi

Posted on 2015-02-04
10
164 Views
Last Modified: 2015-02-06
Hi,

My young nephew downloaded a game and whilst installing the game my Desktop (windows 7 x64 bits) got infected with bit-loggers. I presume the game which my nephew downloaded has bit-logger along side with it.

I downloaded and purchased spyhunter to get rid of the Bit-Logger / Spyware. Spyhunter completed the scan and was able to get rid of the bit - loggers executable files. However, the problem i am facing now is that all my files, including pictures, word documents, etc are encrypted and i cannot open them anymore. Their extension files are prefixed with .aimmkvi

Upon the completion of scanning my pc with Spyhunter, I have also downloaded trojan killer, super anti-professional softwares to scan my pc and was able to get rid of all the junks and spyware. However that did not get my files back to their original extensions (ie Pictures) - rather they remain as .aimmkvi

This is very frustrating and I am requesting if any of you have ever come across this problem and how to troubleshoot it.

Regards,
B
0
Comment
Question by:Bakaka
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 24

Expert Comment

by:VB ITS
ID: 40590368
Sorry to say that once your files are encrypted with this type of "ransomware" you have little choice but to pay the person that infected your machine in order to get the decryption key.

Your only other option is to restore from backups if you have any.
0
 
LVL 88

Expert Comment

by:rindi
ID: 40590582
As mentioned above, just restore your files from your last good backup.

If all your backups have also been encrypted, and you haven't yet been given the instructions for how to pay the ransom, chances are that your files still have a previous version. Right click your file, select properties, and the previous versions tab. Now check if you can use an older version.
0
 
LVL 25

Expert Comment

by:Dr. Klahn
ID: 40591279
Which brings up the side issue:  Never leave a drive with backups on it connected to the system after doing a backup, or it will be encrypted along with everything else when the system is infected.
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 
LVL 88

Expert Comment

by:rindi
ID: 40591321
The disks you backup to should of course always be removed from the system, but more for other reasons. Backups should always be stored away from the PC, actually as far away as possible, in case something happens to the location the PC is in. But not necessarily because the backups can be encrypted. Those ransomware viruses in the wild today encrypt common data files, like doc, pdf, bmp, zip files etc. But most backup software use large container files into which the backups are packed into, so the contents aren't directly accessible to the encryption tool, and I also haven't yet heard of the files created by the backup tool being encrypted by those viruses (although those files might be included in future variants).

Of course on the other hand if you don't use a proper backup tool, but rather the very basic ones which don't really do much more than copy data to the other disk or into zip files, then of course it does apply. Cloud storage like DropBox can also be affected that way, so don't regard that as a backup.
0
 

Author Comment

by:Bakaka
ID: 40591802
Thanks guys for the comment. As most of you said that i should replace with my old backups. The trick is i dont think i have a backup in place but i will find out more. I also see that this kind of problem cannot be fixed but rather pay the bit-logger company for the decryption of the files. How can we fight and stop these kinds of problem if it happens again for others. I am sure there is a way to fix this issue.
0
 
LVL 88

Expert Comment

by:rindi
ID: 40591879
The easiest and simplest fix for almost all PC problems is to have good backups (and not just one backup to one media, but several to different media, which you rotate).

Besides that, have a good antivirus utility on your system. I use the free version of Panda antivirus and am very satisfied with it. But as no AV tool is 100% fool-proof, there are further things that should be done.

1. Always have UAC enabled on Windows PC's.
2. Never use user Accounts with Admin rights for day to day use. Only use the admin accounts when absolutely necessary, for example when upgrading Java runtime, which doesn't work via UAC.
3. Keep your OS and other software updated by applying the patches published (via Windowsupdates for example).
4. Use common sense while browsing or emailing. Don't click on links or attachments you don't trust, etc.
5. When others are allowed to use your PC, enable the "Guest" account, which can't do much harm, or give them another account which isn't used by you. If they install anything do it for them.
6. When installing software, always use the advanced options where you can disable any additional and unwanted crapware and toolbars that wants to be installed too.
7. You could also setup a 2nd "throwaway" OS via VirtualBox for example, on which you can test things, or that your guests can use.
0
 

Author Comment

by:Bakaka
ID: 40592805
Thanks Rindi,

I am aware of the backup now. However, what is the way to decrypt my files back? is there a way to decrypt them back other than establishing a good backup in place?
0
 
LVL 88

Accepted Solution

by:
rindi earned 500 total points
ID: 40593137
There is no way of decrypting without the key. Paying the ransom to the crooks and hoping for the correct key to be sent is out of the Question and should never even be considered.

The only chance is when you notice before the encryption has finished (it can take some time for all target files to get encrypted). Then it can sometimes be possible to use the previous version trick I mentioned earlier, or search the disk for a temporary location to which the original files have been copied to, as some of those viruses copy the originals to a temporary location before encrypting them, and only deletes those after it is finished, along with shadow copies and previous versions.
0
 
LVL 24

Expert Comment

by:VB ITS
ID: 40593182
Don't pay the ransom, there's no guarantee that you'll get the decryption key so it'll just be a waste of your own money.

Without any forms of backups (be it a copy of your files or from Previous Versions) you're pretty much out of luck.
0
 

Author Closing Comment

by:Bakaka
ID: 40595275
Thanks Rindi for your comment. I will try those hints.
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to recover data from a protected drive by BitLocker? 4 67
antivirus on mac 8 77
md5 password 3 63
Windows Password recovery 7 36
Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question