Ransonware
we found a system where all word documents have been encrypted and there is file claiming where to go to get the decryption key
our trend, malware bytes, spybot apps running on the box spot it even after the files are found
anyone found a cleaner without paying ransom or completely reformatting?
I believe they got into the system via email and/or end user with admin rights going to all the wrong places on the internet
all help is greatly appreciated!
d.elebute
our trend, malware bytes, spybot apps running on the box spot it even after the files are found
anyone found a cleaner without paying ransom or completely reformatting?
I believe they got into the system via email and/or end user with admin rights going to all the wrong places on the internet
all help is greatly appreciated!
d.elebute
ASKER
10023 I do not know you so I will not take offense to your reply
of course we do backups; that is what I am working on now!
I am looking for a way to beat this if possible; none of our tools are able to defeat it before it happens!
I have found the actual date and time and the poor browsing habits of our 'administrative" users
that mark the date and time of infection
like I stated when I began; I do not want to come across the wrong way, so I will not take offense to the obvious
all help is greatly appreciated
d.elebute
of course we do backups; that is what I am working on now!
I am looking for a way to beat this if possible; none of our tools are able to defeat it before it happens!
I have found the actual date and time and the poor browsing habits of our 'administrative" users
that mark the date and time of infection
like I stated when I began; I do not want to come across the wrong way, so I will not take offense to the obvious
all help is greatly appreciated
d.elebute
If its the original cryptolocker, I believe the keys are available. If it's a new variant, then no, you cannot (yet) get around it. At some point when the malware authors may be caught and the keys may be obtained. Use a good antivirus that can identify what you have been infected with and call them to see if they can recover the files. (Odds are VERY good your backups will be MUCH faster than any kind of decrypting).
ASKER
yes thank you Lee W. MVP
if its the original malware bytes, trend worry-free (even sent them copies of the files left behind, decrypt_html, txt etc files) unable to detect or clean; installed kapersky and same thing
backups are much faster thanks
need to pinpoint how it is getting into the network
I believe I know that it is one of admin users that browses all the wrong places
d.elebute
if its the original malware bytes, trend worry-free (even sent them copies of the files left behind, decrypt_html, txt etc files) unable to detect or clean; installed kapersky and same thing
backups are much faster thanks
need to pinpoint how it is getting into the network
I believe I know that it is one of admin users that browses all the wrong places
d.elebute
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
yeah that is a choice but I am also looking to clean it up after the fact
Will see BitDefender; all the others have similar claims if not outright falsehoods
thanks akb
d.elebute
Will see BitDefender; all the others have similar claims if not outright falsehoods
thanks akb
d.elebute
I did not mean to offend you. You mentioned:
"I have found the actual date and time and the poor browsing habits of our 'administrative" users"
Excuse me, I thought that question was answered.........I was just ecking out and playing around what you were left with...
"I have found the actual date and time and the poor browsing habits of our 'administrative" users"
Excuse me, I thought that question was answered.........I was just ecking out and playing around what you were left with...
Did you have a backup?
Do you have system restore points...click on start menu....type in system restore...go there and check for restore points.