Solved

CTB Locker virus

Posted on 2015-02-12
7
242 Views
Last Modified: 2015-03-18
Dears,
my client laptop was infected with CTB locker virus, which changed all file (office files, jpg, audio, etc...) extension to .fddrpw ... i.e. text.xls.fddrpw .... when i try to rename the extension from test.xls.fddrpw to test.xls ... the file become unreadable.

is there a way to remove the extension fddrpw from ALL files, and become readable? since the virus encrypt them.
0
Comment
Question by:Sam Simon Nasser
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 36

Accepted Solution

by:
Kimputer earned 250 total points
ID: 40605329
No, you need the special decrypt program for the makers of this virus (usually a web page will open, or there are some files stored on your computer explaining how to pay up first), AND a decryption key (which you will receive upon paying).
The encryption scheme is pretty high, and it requires years and years of brute force cracking with a HIGH END server CPU. So your options are:
1 pay up (involves using signing up for bitcoins and the intricate way of understanding this anonymous currency)
a. and you will receive the program and decryption key
b. after you pay up, nothing happens. You paid for nothing, you lost your money and your files are still encrypted

2 don't pay. restore files from backup (or use Shadow Explorer to retrieve it from the schedulded Shadow copies, see here http://www.shadowexplorer.com/documentation.html)
0
 
LVL 88

Expert Comment

by:rindi
ID: 40605330
No. Once you got the ransom message, it is too late. First make sure you have completely removed the virus. then delete the converted files and restore them from your backups.
0
 
LVL 10

Author Comment

by:Sam Simon Nasser
ID: 40605374
@kimputer and @rindi ... there is no backup of the files since this is personal laptop, and the shadow explorer (previous versions) show no files. i tried system restore with no luck.
0
 
LVL 88

Assisted Solution

by:rindi
rindi earned 250 total points
ID: 40605397
Then you have lost the files. The virus deletes any backups and shadow copies after it has finished with the encryption, and then it shows you the ransom note. But if you notice something happening before it has finished the encryption process, and manage to stop it, then the old files can usually still be recovered. The encryption process can take some time.

Why should there be no backup on personal PC's? Anyone who values his data must have backups, or he shouldn't use a PC...
0
 
LVL 28

Expert Comment

by:Thomas Zucker-Scharff
ID: 40609042
An after the fact comment,  use crashplan  (free) for your home computers. It is free to backup to another computer or an external drive. If you want to backup to cloud then it's approximately 150/year for unlimited storage.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question