Solved

Ransom-FSA!txt - Decrypt Files

Posted on 2015-02-12
17
485 Views
Last Modified: 2015-02-15
I manage a large network and one of our VIP's laptop got infected with Ransom-FSA!txt or so as it was call in McAfee EPO 5.1 and VirusScan 8.8i.

I have tried all of the suggestions and tools online. I have tried sever from Kaspersky to decrpt such files and all have failed to do so. Please note I running the scans in safe mode. I even tried calls McAfee support and they said with out he private key which the attacker used I am out of luck.

I have found some tools that may be able to decryt the files by referencing a copy of the file before it was infected. My problem is the user does not have a backup copy of data and no restore points.

Are there any problems that could guess the keys to decrypt the files? I am open to any suggestions.
0
Comment
Question by:compdigit44
  • 6
  • 6
  • 2
  • +2
17 Comments
 
LVL 90

Expert Comment

by:John Hurst
Comment Utility
You cannot decrypt the files, and paying the ransom is a waste of money that likely will not work. You need to restore from backup, so your VIP has just learned a harsh lesson.
0
 
LVL 47

Expert Comment

by:dbrunton
Comment Utility
It really depends on how valuable the data is.  If he is a VIP and I presume well off he could pay the ransom.

The people behind this scheme believe in satisfied customers

From http://www.bleepingcomputer.com/virus-removal/cryptowall-ransomware-information#ransom

Will paying the ransom actually decrypt your files?

Yes, paying the ransom will allow you to download a decrypter that will decrypt your files. Once you pay the ransom and it is verified, a link will be made available where you can download the decrypter and your personal decryption key. You can then use the program to start decrypting your files. Please note that the decryption process can take quite a bit of time.
0
 
LVL 19

Author Comment

by:compdigit44
Comment Utility
I would not do this because you are giving into them. There has to be some other way......
0
 
LVL 90

Expert Comment

by:John Hurst
Comment Utility
There has to be some other way......   Nope. The files are gone.
0
 
LVL 9

Expert Comment

by:nattygreg
Comment Utility
only pay if you're the files are really important.
0
 
LVL 23

Accepted Solution

by:
NVIT earned 167 total points
Comment Utility
Is this infection different from CryptoLocker? Where you can get the decryptor at https://www.decryptcryptolocker.com/
0
 
LVL 19

Author Comment

by:compdigit44
Comment Utility
Is that website legit?
0
 
LVL 19

Author Comment

by:compdigit44
Comment Utility
I tried upload a sample file to  https://www.decryptcryptolocker.com/ and it stated the file was not encrypted with Crypto
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 90

Expert Comment

by:John Hurst
Comment Utility
There has been very little (if any) success with software to decrypt your files. Remember you are dealing with thieves and criminals here.
0
 
LVL 19

Author Comment

by:compdigit44
Comment Utility
I have tried all the decrupt tools from Panda, Kaspersky the online line another expert post nothing has worked

The decryptcyrptolocker.com stated it was not a crypto virus.  Any other idea's I am at wits end at this point with a very unhappy VIP..
0
 
LVL 90

Expert Comment

by:John Hurst
Comment Utility
I think your files were encrypted as you first stated. There is really nothing you can do without a backup. Harsh lesson learned.
0
 
LVL 19

Author Comment

by:compdigit44
Comment Utility
I found out the user did have a back on an external drive but this got infected as well :-(
0
 
LVL 90

Assisted Solution

by:John Hurst
John Hurst earned 166 total points
Comment Utility
You need to isolate all the infected devices and clean of the virus before re-attaching to your network.
0
 
LVL 47

Assisted Solution

by:dbrunton
dbrunton earned 167 total points
Comment Utility
There's no known solution to unencrypt the files at this stage.  There may never be a solution.

If they are that desperate tell the very unhappy VIP to pay the ransom.  If they've left it for too long the ransom price doubles.   It's a risk but how desperate are they?

For future reference:  Now the user did have backups but only one external drive.  Needs to really use two drives and alternate between them and keep the second drive off site.  Also needs to use Chrome as a browser because of the built in security and built in Flash.  Also needs to beware of clicking on attached documents in email which is probably the source of infection.
0
 
LVL 19

Author Closing Comment

by:compdigit44
Comment Utility
Thank you for all of the suggestions everyone. This was a nasty virus and a learning lesson as well.
0
 
LVL 90

Expert Comment

by:John Hurst
Comment Utility
@compdigit44 - yes, those viruses are nasty. Hopefully your user will keep good backups going forward.
0
 
LVL 23

Expert Comment

by:NVIT
Comment Utility
@compdigit44... Thanks for the update. Take care.
0

Featured Post

Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

Join & Write a Comment

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
This Micro Tutorial will give you basic overview of the control panel section on Windows 7. It will depth in Network and Internet, Hardware and Sound, etc. This will be demonstrated using Windows 7 operating system.
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum editing capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now