All data got encrypted

hi
 my pc all data got encrypted , please see the notepad attached showing instructions
kindly advice
HELP-RESTORE-FILES-drouw.TXT
sanjeevkmrsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

rindiCommented:
You'll have to delete the files on your PC, then restore them from your backups. Whatever you do, don't pay the ransom, as that will just encourage the crooks to keep on doing their stuff, and there is no guarantee that you will actually get the decryption keys.

Without the decryption keys there is no way of decrypting the files. One thing you should also do, is report this to your local law enforcement authorities and not take any action until they have given you their OK. Although there isn't much they can do, they might be able to collect some info which may in the end help in getting the crooks caught.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
KimputerCommented:
Best case scenario:

- Follow the procedure, pay up some 550$ bucks and you WILL get instructions and a key to decrypt

OR

- You have recently made a backup of your files, just restore them all

Worst case:

- Follow the procedure, pay up some 550$ bucks. You will hear nothing back. Money is lost, files are lost.


Possibility:

No backup, but ShadowExplorer reveals a lot of files to be restored. http://www.shadowexplorer.com/downloads.html
0
Thomas Zucker-ScharffSolution GuideCommented:
See his comment from MASQ http://www.experts-exchange.com/articles/18086/Ransomware-Prevention-is-the-only-solution.html#c1727419.  Otherwise you only solution now is a good backup.
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

sanjeevkmrsAuthor Commented:
is this virus or haked ? from where and how does it catches the pc ? I mean what is a source of this ?
please advice
0
rindiCommented:
It's a virus. They are called ransomware. Cryptowall or cryptolocker etc . are common variants. They are often introduced via email attachments. They encrypt local data on the PC (word, excel, pdf files etc), and also data on network shares that are mapped, or in the cloud (OneDrive, DropBox etc.), if you use a utility installed locally that accesses those cloud locations. I also heard that the newest variants can also encrypt network shares even if they aren't mapped, but I'm not positive on that.
0
sanjeevkmrsAuthor Commented:
I have mcafee endpoint , is it sufficiant to stop such viruses ?
0
NVITCommented:
> I have mcafee endpoint...
You may need McAfee Threat Intelligence Exchange.
https://blogs.mcafee.com/business/defending-ransomware-mcafee-threat-intelligence-exchange

FWIW, I've had good results (so far) protecting user stations with Malwarebytes Anti-Exploit. Free and paid version available.

Another free and paid alternative is CryptoPrevent
0
Thomas Zucker-ScharffSolution GuideCommented:
the latest versions encrypt non mapped drives as well. The only prevention is by using something like cryptoprevent, hitmanpro.alert, or similar.  Read my article (see link to comment). You can use security policies to prevent access to certain areas (same as cryptoprevent ). See the comment I linked to for a link to a place to see if you have one of the captured keys,  in which case you're in luck.
0
rindiCommented:
In my opinion it is never necessary to even look if you can use the captured keys or even think of trying decryption. Restoring from backups is much easier and faster. It's one of the reasons you have backups for.

If someone is so careless as to not have proper backup strategies in place, then my opinion is that it serves him right and it is a good lesson learnt. If data has any value at all, then backups are the most important task and it must be given the highest priority. This has always been true and it doesn't just protect you against malware hits. OK, there are maybe some few files that were new between the last backup and the event that caused data loss, but those should be few and still fresh in the memory of those who created them, and if necessary they should be re-creatable again by those who made them.
0
Thomas Zucker-ScharffSolution GuideCommented:
rindi,

yes it is a good lesson,  but noone deserves it.  Backup is always better,  but if there is no backup,  then the next alternative is free decryption.

just remember ...

"Files that are not backed up in at least two places [two other places] are files you don't care about. "
0
NVITCommented:
For keys, also check https://noransom.kaspersky.com/
0
Thomas Zucker-ScharffSolution GuideCommented:
That was the link that MASQ put in his comment that I referenced in http://www.experts-exchange.com/Software/Anti-Virus/Q_28672784.html#a40775623 above.
0
sanjeevkmrsAuthor Commented:
my all files types converted to EXX . any EXX file opener is there ?
please advice
0
sanjeevkmrsAuthor Commented:
please advice if we can open files with extension of  .EXX
0
Thomas Zucker-ScharffSolution GuideCommented:
If they are encrypted, then no.  It sounds like you will have to restore from backup.  Make sure this computer is not connected to any network.
0
sanjeevkmrsAuthor Commented:
so can I use the same hard disk after formatting or should I throw it away ?
please advice
0
Thomas Zucker-ScharffSolution GuideCommented:
If it has been formatted then use the same drive.
0
sanjeevkmrsAuthor Commented:
thanks
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.