• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 272
  • Last Modified:

CTB Locker virus

Dears,
my client laptop was infected with CTB locker virus, which changed all file (office files, jpg, audio, etc...) extension to .fddrpw ... i.e. text.xls.fddrpw .... when i try to rename the extension from test.xls.fddrpw to test.xls ... the file become unreadable.

is there a way to remove the extension fddrpw from ALL files, and become readable? since the virus encrypt them.
0
Sam Simon Nasser
Asked:
Sam Simon Nasser
2 Solutions
 
KimputerCommented:
No, you need the special decrypt program for the makers of this virus (usually a web page will open, or there are some files stored on your computer explaining how to pay up first), AND a decryption key (which you will receive upon paying).
The encryption scheme is pretty high, and it requires years and years of brute force cracking with a HIGH END server CPU. So your options are:
1 pay up (involves using signing up for bitcoins and the intricate way of understanding this anonymous currency)
a. and you will receive the program and decryption key
b. after you pay up, nothing happens. You paid for nothing, you lost your money and your files are still encrypted

2 don't pay. restore files from backup (or use Shadow Explorer to retrieve it from the schedulded Shadow copies, see here http://www.shadowexplorer.com/documentation.html)
0
 
rindiCommented:
No. Once you got the ransom message, it is too late. First make sure you have completely removed the virus. then delete the converted files and restore them from your backups.
0
 
Sam Simon NasserAuthor Commented:
@kimputer and @rindi ... there is no backup of the files since this is personal laptop, and the shadow explorer (previous versions) show no files. i tried system restore with no luck.
0
 
rindiCommented:
Then you have lost the files. The virus deletes any backups and shadow copies after it has finished with the encryption, and then it shows you the ransom note. But if you notice something happening before it has finished the encryption process, and manage to stop it, then the old files can usually still be recovered. The encryption process can take some time.

Why should there be no backup on personal PC's? Anyone who values his data must have backups, or he shouldn't use a PC...
0
 
Thomas Zucker-ScharffSystems AnalystCommented:
An after the fact comment,  use crashplan  (free) for your home computers. It is free to backup to another computer or an external drive. If you want to backup to cloud then it's approximately 150/year for unlimited storage.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now