?
Solved

CTB Locker virus

Posted on 2015-02-12
7
Medium Priority
?
255 Views
Last Modified: 2015-03-18
Dears,
my client laptop was infected with CTB locker virus, which changed all file (office files, jpg, audio, etc...) extension to .fddrpw ... i.e. text.xls.fddrpw .... when i try to rename the extension from test.xls.fddrpw to test.xls ... the file become unreadable.

is there a way to remove the extension fddrpw from ALL files, and become readable? since the virus encrypt them.
0
Comment
Question by:Sam Simon Nasser
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 36

Accepted Solution

by:
Kimputer earned 1000 total points
ID: 40605329
No, you need the special decrypt program for the makers of this virus (usually a web page will open, or there are some files stored on your computer explaining how to pay up first), AND a decryption key (which you will receive upon paying).
The encryption scheme is pretty high, and it requires years and years of brute force cracking with a HIGH END server CPU. So your options are:
1 pay up (involves using signing up for bitcoins and the intricate way of understanding this anonymous currency)
a. and you will receive the program and decryption key
b. after you pay up, nothing happens. You paid for nothing, you lost your money and your files are still encrypted

2 don't pay. restore files from backup (or use Shadow Explorer to retrieve it from the schedulded Shadow copies, see here http://www.shadowexplorer.com/documentation.html)
0
 
LVL 88

Expert Comment

by:rindi
ID: 40605330
No. Once you got the ransom message, it is too late. First make sure you have completely removed the virus. then delete the converted files and restore them from your backups.
0
 
LVL 10

Author Comment

by:Sam Simon Nasser
ID: 40605374
@kimputer and @rindi ... there is no backup of the files since this is personal laptop, and the shadow explorer (previous versions) show no files. i tried system restore with no luck.
0
 
LVL 88

Assisted Solution

by:rindi
rindi earned 1000 total points
ID: 40605397
Then you have lost the files. The virus deletes any backups and shadow copies after it has finished with the encryption, and then it shows you the ransom note. But if you notice something happening before it has finished the encryption process, and manage to stop it, then the old files can usually still be recovered. The encryption process can take some time.

Why should there be no backup on personal PC's? Anyone who values his data must have backups, or he shouldn't use a PC...
0
 
LVL 29

Expert Comment

by:Thomas Zucker-Scharff
ID: 40609042
An after the fact comment,  use crashplan  (free) for your home computers. It is free to backup to another computer or an external drive. If you want to backup to cloud then it's approximately 150/year for unlimited storage.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Worried about if Apple can protect your documents, photos, and everything else that gets stored in iCloud? Read on to find out what Apple really uses to make things secure.
The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others.  This conference is aimed mainly at government agencies.  So it addresses the various compli…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses

741 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question