Ransonware

we found a system where all word documents have been encrypted and there is file claiming where to go to get the decryption key
our trend, malware bytes, spybot apps running on the box spot it even after the files are found
anyone found a cleaner without paying ransom or completely reformatting?
I believe they got into the system via email and/or end user with admin rights going to all the wrong places on the internet
all help is greatly appreciated!
d.elebute
David ElebuteSystems ConsultantAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

10023Web site maintenance and designCommented:
Have you check for shadow copies of the file...right click on directory and look for previous versions.
Did you have a backup?
Do you have system restore points...click on start menu....type in system restore...go there and check for restore points.
0
David ElebuteSystems ConsultantAuthor Commented:
10023 I do not know you so I will not take offense to your reply
of course we do backups; that is what I am working on now!
I am looking for a way to beat this if possible; none of our tools are able to defeat it before it happens!
I have  found the actual date and time and the poor browsing habits of our 'administrative" users
that mark the date and time of infection
like I stated when I began; I do not want to come across the wrong way, so I will not take offense to the obvious
all help is greatly appreciated
d.elebute
0
Lee W, MVPTechnology and Business Process AdvisorCommented:
If its the original cryptolocker, I believe the keys are available.  If it's a new variant, then no, you cannot (yet) get around it.  At some point when the malware authors may be caught and the keys may be obtained.  Use a good antivirus that can identify what you have been infected with and call them to see if they can recover the files.  (Odds are VERY good your backups will be MUCH faster than any kind of decrypting).
0
Top Threats of Q1 & How to Defend Against Them

WEBINAR: Join WatchGuard CTO and our Threat Research Team on Aug. 2nd to hear the findings from our Q1 Internet Security Report! Learn more about the top threats detected in the first quarter and how you can defend your business against them!

David ElebuteSystems ConsultantAuthor Commented:
yes thank you Lee W. MVP
if its the original malware bytes, trend worry-free (even sent them copies of the files left behind, decrypt_html, txt etc files) unable to detect or clean; installed kapersky and same thing
backups are much faster thanks
need to pinpoint how it is getting into the network
I believe I know that it is one of admin users that browses all the wrong places
d.elebute
0
akbCommented:
I believe BitDefender claims to block this type of malware.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
David ElebuteSystems ConsultantAuthor Commented:
yeah that is a choice but I am also looking to clean it up after the fact
Will see BitDefender; all the others have similar claims if not outright falsehoods
thanks akb
d.elebute
0
10023Web site maintenance and designCommented:
I did not mean to offend you.  You mentioned:
"I have  found the actual date and time and the poor browsing habits of our 'administrative" users"
Excuse me, I thought that question was answered.........I was just ecking out and playing around what you were left with...
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Spyware

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.