Solved

Ransom-FSA!txt - Decrypt Files

Posted on 2015-02-12
17
509 Views
Last Modified: 2015-02-15
I manage a large network and one of our VIP's laptop got infected with Ransom-FSA!txt or so as it was call in McAfee EPO 5.1 and VirusScan 8.8i.

I have tried all of the suggestions and tools online. I have tried sever from Kaspersky to decrpt such files and all have failed to do so. Please note I running the scans in safe mode. I even tried calls McAfee support and they said with out he private key which the attacker used I am out of luck.

I have found some tools that may be able to decryt the files by referencing a copy of the file before it was infected. My problem is the user does not have a backup copy of data and no restore points.

Are there any problems that could guess the keys to decrypt the files? I am open to any suggestions.
0
Comment
Question by:compdigit44
  • 6
  • 6
  • 2
  • +2
17 Comments
 
LVL 92

Expert Comment

by:John Hurst
ID: 40606812
You cannot decrypt the files, and paying the ransom is a waste of money that likely will not work. You need to restore from backup, so your VIP has just learned a harsh lesson.
0
 
LVL 48

Expert Comment

by:dbrunton
ID: 40606860
It really depends on how valuable the data is.  If he is a VIP and I presume well off he could pay the ransom.

The people behind this scheme believe in satisfied customers

From http://www.bleepingcomputer.com/virus-removal/cryptowall-ransomware-information#ransom

Will paying the ransom actually decrypt your files?

Yes, paying the ransom will allow you to download a decrypter that will decrypt your files. Once you pay the ransom and it is verified, a link will be made available where you can download the decrypter and your personal decryption key. You can then use the program to start decrypting your files. Please note that the decryption process can take quite a bit of time.
0
 
LVL 19

Author Comment

by:compdigit44
ID: 40607002
I would not do this because you are giving into them. There has to be some other way......
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 92

Expert Comment

by:John Hurst
ID: 40607009
There has to be some other way......   Nope. The files are gone.
0
 
LVL 10

Expert Comment

by:nattygreg
ID: 40607289
only pay if you're the files are really important.
0
 
LVL 24

Accepted Solution

by:
NVIT earned 167 total points
ID: 40607305
Is this infection different from CryptoLocker? Where you can get the decryptor at https://www.decryptcryptolocker.com/
0
 
LVL 19

Author Comment

by:compdigit44
ID: 40607681
Is that website legit?
0
 
LVL 19

Author Comment

by:compdigit44
ID: 40608244
I tried upload a sample file to  https://www.decryptcryptolocker.com/ and it stated the file was not encrypted with Crypto
0
 
LVL 92

Expert Comment

by:John Hurst
ID: 40608281
There has been very little (if any) success with software to decrypt your files. Remember you are dealing with thieves and criminals here.
0
 
LVL 19

Author Comment

by:compdigit44
ID: 40608717
I have tried all the decrupt tools from Panda, Kaspersky the online line another expert post nothing has worked

The decryptcyrptolocker.com stated it was not a crypto virus.  Any other idea's I am at wits end at this point with a very unhappy VIP..
0
 
LVL 92

Expert Comment

by:John Hurst
ID: 40608733
I think your files were encrypted as you first stated. There is really nothing you can do without a backup. Harsh lesson learned.
0
 
LVL 19

Author Comment

by:compdigit44
ID: 40608754
I found out the user did have a back on an external drive but this got infected as well :-(
0
 
LVL 92

Assisted Solution

by:John Hurst
John Hurst earned 166 total points
ID: 40608759
You need to isolate all the infected devices and clean of the virus before re-attaching to your network.
0
 
LVL 48

Assisted Solution

by:dbrunton
dbrunton earned 167 total points
ID: 40608787
There's no known solution to unencrypt the files at this stage.  There may never be a solution.

If they are that desperate tell the very unhappy VIP to pay the ransom.  If they've left it for too long the ransom price doubles.   It's a risk but how desperate are they?

For future reference:  Now the user did have backups but only one external drive.  Needs to really use two drives and alternate between them and keep the second drive off site.  Also needs to use Chrome as a browser because of the built in security and built in Flash.  Also needs to beware of clicking on attached documents in email which is probably the source of infection.
0
 
LVL 19

Author Closing Comment

by:compdigit44
ID: 40611178
Thank you for all of the suggestions everyone. This was a nasty virus and a learning lesson as well.
0
 
LVL 92

Expert Comment

by:John Hurst
ID: 40611191
@compdigit44 - yes, those viruses are nasty. Hopefully your user will keep good backups going forward.
0
 
LVL 24

Expert Comment

by:NVIT
ID: 40611213
@compdigit44... Thanks for the update. Take care.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

OfficeMate Freezes on login or does not load after login credentials are input.
You may have a outside contractor who comes in once a week or seasonal to do some work in your office but you only want to give him access to the programs and files he needs and keep privet all other documents and programs, can you do this on a loca…
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.
This Micro Tutorial will give you a basic overview of Windows Live Photo Gallery and show you various editing filters and touches to photos you can apply. This will be demonstrated using Windows Live Photo Gallery on Windows 7 operating system.

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now