Solved

CTB Locker virus

Posted on 2015-02-12
7
233 Views
Last Modified: 2015-03-18
Dears,
my client laptop was infected with CTB locker virus, which changed all file (office files, jpg, audio, etc...) extension to .fddrpw ... i.e. text.xls.fddrpw .... when i try to rename the extension from test.xls.fddrpw to test.xls ... the file become unreadable.

is there a way to remove the extension fddrpw from ALL files, and become readable? since the virus encrypt them.
0
Comment
Question by:Sam Simon Nasser
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 35

Accepted Solution

by:
Kimputer earned 250 total points
ID: 40605329
No, you need the special decrypt program for the makers of this virus (usually a web page will open, or there are some files stored on your computer explaining how to pay up first), AND a decryption key (which you will receive upon paying).
The encryption scheme is pretty high, and it requires years and years of brute force cracking with a HIGH END server CPU. So your options are:
1 pay up (involves using signing up for bitcoins and the intricate way of understanding this anonymous currency)
a. and you will receive the program and decryption key
b. after you pay up, nothing happens. You paid for nothing, you lost your money and your files are still encrypted

2 don't pay. restore files from backup (or use Shadow Explorer to retrieve it from the schedulded Shadow copies, see here http://www.shadowexplorer.com/documentation.html)
0
 
LVL 88

Expert Comment

by:rindi
ID: 40605330
No. Once you got the ransom message, it is too late. First make sure you have completely removed the virus. then delete the converted files and restore them from your backups.
0
 
LVL 10

Author Comment

by:Sam Simon Nasser
ID: 40605374
@kimputer and @rindi ... there is no backup of the files since this is personal laptop, and the shadow explorer (previous versions) show no files. i tried system restore with no luck.
0
 
LVL 88

Assisted Solution

by:rindi
rindi earned 250 total points
ID: 40605397
Then you have lost the files. The virus deletes any backups and shadow copies after it has finished with the encryption, and then it shows you the ransom note. But if you notice something happening before it has finished the encryption process, and manage to stop it, then the old files can usually still be recovered. The encryption process can take some time.

Why should there be no backup on personal PC's? Anyone who values his data must have backups, or he shouldn't use a PC...
0
 
LVL 27

Expert Comment

by:Thomas Zucker-Scharff
ID: 40609042
An after the fact comment,  use crashplan  (free) for your home computers. It is free to backup to another computer or an external drive. If you want to backup to cloud then it's approximately 150/year for unlimited storage.
0

Featured Post

How Do You Stack Up Against Your Peers?

With today’s modern enterprise so dependent on digital infrastructures, the impact of major incidents has increased dramatically. Grab the report now to gain insight into how your organization ranks against your peers and learn best-in-class strategies to resolve incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Port 808 is being blocked 9 144
Bitlocker to go - blocking devices 2 184
spam coming from PW domain - why PW? 3 55
Access ACCDE without Encryption 1 32
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
There are many Password Managers (PM) out there to choose from. PM's can help with your password habits and routines, but they should not be a crutch you rely on too heavily. I also have an article for company/enterprise PM's.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question