Solved

CTB Locker virus

Posted on 2015-02-12
7
226 Views
Last Modified: 2015-03-18
Dears,
my client laptop was infected with CTB locker virus, which changed all file (office files, jpg, audio, etc...) extension to .fddrpw ... i.e. text.xls.fddrpw .... when i try to rename the extension from test.xls.fddrpw to test.xls ... the file become unreadable.

is there a way to remove the extension fddrpw from ALL files, and become readable? since the virus encrypt them.
0
Comment
Question by:Sam Simon Nasser
7 Comments
 
LVL 35

Accepted Solution

by:
Kimputer earned 250 total points
ID: 40605329
No, you need the special decrypt program for the makers of this virus (usually a web page will open, or there are some files stored on your computer explaining how to pay up first), AND a decryption key (which you will receive upon paying).
The encryption scheme is pretty high, and it requires years and years of brute force cracking with a HIGH END server CPU. So your options are:
1 pay up (involves using signing up for bitcoins and the intricate way of understanding this anonymous currency)
a. and you will receive the program and decryption key
b. after you pay up, nothing happens. You paid for nothing, you lost your money and your files are still encrypted

2 don't pay. restore files from backup (or use Shadow Explorer to retrieve it from the schedulded Shadow copies, see here http://www.shadowexplorer.com/documentation.html)
0
 
LVL 88

Expert Comment

by:rindi
ID: 40605330
No. Once you got the ransom message, it is too late. First make sure you have completely removed the virus. then delete the converted files and restore them from your backups.
0
 
LVL 10

Author Comment

by:Sam Simon Nasser
ID: 40605374
@kimputer and @rindi ... there is no backup of the files since this is personal laptop, and the shadow explorer (previous versions) show no files. i tried system restore with no luck.
0
 
LVL 88

Assisted Solution

by:rindi
rindi earned 250 total points
ID: 40605397
Then you have lost the files. The virus deletes any backups and shadow copies after it has finished with the encryption, and then it shows you the ransom note. But if you notice something happening before it has finished the encryption process, and manage to stop it, then the old files can usually still be recovered. The encryption process can take some time.

Why should there be no backup on personal PC's? Anyone who values his data must have backups, or he shouldn't use a PC...
0
 
LVL 26

Expert Comment

by:Thomas Zucker-Scharff
ID: 40609042
An after the fact comment,  use crashplan  (free) for your home computers. It is free to backup to another computer or an external drive. If you want to backup to cloud then it's approximately 150/year for unlimited storage.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Opinions on email encryption & Voltage 3 94
Zepto Virus Infection 3 81
Zeus black pop up screen virus 7 64
Anti-virus for Linux Server 15 127
By default, Carbonite Server Backup manages your encryption key for you using Advanced Encryption Standard (AES) 128-bit encryption. If you choose to manage your private encryption key, your backups will be encrypted using AES 256-bit encryption.
Explore the encryption capabilities built into Google Apps and how these features can help you meet privacy policy and regulatory compliance, but are not a full solution. Understand and compare the most popular email encryption services for Google A…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
A simple description of email encryption using a secure portal service. This is one of the choices offered by The Email Laundry for email encryption. The other choices are pdf encryption which creates an encrypted pdf of your email and any attachmen…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now