Ransonware

we found a system where all word documents have been encrypted and there is file claiming where to go to get the decryption key
our trend, malware bytes, spybot apps running on the box spot it even after the files are found
anyone found a cleaner without paying ransom or completely reformatting?
I believe they got into the system via email and/or end user with admin rights going to all the wrong places on the internet
all help is greatly appreciated!
d.elebute
David ElebuteSystems ConsultantAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

10023Web site maintenance and designCommented:
Have you check for shadow copies of the file...right click on directory and look for previous versions.
Did you have a backup?
Do you have system restore points...click on start menu....type in system restore...go there and check for restore points.
David ElebuteSystems ConsultantAuthor Commented:
10023 I do not know you so I will not take offense to your reply
of course we do backups; that is what I am working on now!
I am looking for a way to beat this if possible; none of our tools are able to defeat it before it happens!
I have  found the actual date and time and the poor browsing habits of our 'administrative" users
that mark the date and time of infection
like I stated when I began; I do not want to come across the wrong way, so I will not take offense to the obvious
all help is greatly appreciated
d.elebute
Lee W, MVPTechnology and Business Process AdvisorCommented:
If its the original cryptolocker, I believe the keys are available.  If it's a new variant, then no, you cannot (yet) get around it.  At some point when the malware authors may be caught and the keys may be obtained.  Use a good antivirus that can identify what you have been infected with and call them to see if they can recover the files.  (Odds are VERY good your backups will be MUCH faster than any kind of decrypting).
Check Out How Miercom Evaluates Wi-Fi Security!

It's not just about Wi-Fi connectivity anymore. A wireless security breach can cost your business large amounts of time, trouble, and expense. Plus, hear first-hand from Miercom on how WatchGuard's Wi-Fi security stacks up against the competition plus a LIVE demo!

David ElebuteSystems ConsultantAuthor Commented:
yes thank you Lee W. MVP
if its the original malware bytes, trend worry-free (even sent them copies of the files left behind, decrypt_html, txt etc files) unable to detect or clean; installed kapersky and same thing
backups are much faster thanks
need to pinpoint how it is getting into the network
I believe I know that it is one of admin users that browses all the wrong places
d.elebute
akbCommented:
I believe BitDefender claims to block this type of malware.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
David ElebuteSystems ConsultantAuthor Commented:
yeah that is a choice but I am also looking to clean it up after the fact
Will see BitDefender; all the others have similar claims if not outright falsehoods
thanks akb
d.elebute
10023Web site maintenance and designCommented:
I did not mean to offend you.  You mentioned:
"I have  found the actual date and time and the poor browsing habits of our 'administrative" users"
Excuse me, I thought that question was answered.........I was just ecking out and playing around what you were left with...
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Spyware

From novice to tech pro — start learning today.