CTB-Locker on Dropbox

CTB-Locker has encrypted many, not all, files on our Dropbox account. Once I get rid of the infected files (I am assuming they are the ones with the 6 or7 character file extensions), how can I use the Dropbox account again? If I delete everything, is it safe?

Help? Thank you.
Bruce CorsonPresidentAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David Johnson, CD, MVPRetiredCommented:
find the compromised machine and restore from a backup to before you were infected or do a clean install.  There will be others that say just clean the machine using various tools and you will be fine.. The nagging question will always be did I get it all.. Once a machine is compromised the best rule of thumb is to not trust it again unless you follow my suggestion - re-install from a known good backup or a format and reinstall from scratch. delete the encrypted files from dropbox and you should be good to go afterwards.. but first before you re-enable dropbox client that your machine is good.
Thomas Zucker-ScharffSolution GuideCommented:
If you put in a ticket with Dropbox support they will recover your files for you from backups they have.

The next logical question is do you share this dropbox on more than one machine?  If so the files and possibly the ransomware, will come back when you reenable dropbox.  Disable dropbox on all machines you have it connected to, delete all files from all but one dropbox. (make sure you make a backup of one)  Then when the files are restored by dropbox support they should be pushed to your machine.  

I agree that the best course of action is to restore from a known good backup.  Contact DB support while you are doing that, and disconnect dropbox from the account as well.  When they have restored your files (it will take a couple of days), they delete anything you have locally in dropbox and reconnect the account.  If they tell you to do anything differently - follow their lead.  But for your own machine, do the restore from backup routine.

BTW, this would be a non-issue if you had a versioning backup (like crashplan, spideroak or insync).  In that way you could restore everything yourself, within hours.

So for the future I recommend Crashplan for home use or insync for business use.  SpiderOak is good all arround, but the GUI and security aren't as good yet.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
dbruntonQuid, Me Anxius Sum?  Illegitimi non carborundum.Commented:
>>  CTB-Locker has encrypted many, not all, files on our Dropbox account.

Have you identified the source of the virus?  Is it your machine or is another computer with access to the Dropbox account?
Bruce CorsonPresidentAuthor Commented:
dbrunton...source of virus I BELIEVE is on the main laptop. It is the most heavily infected. Looks like DB was just in the process of deleting files and replacing with encrypted files.

David Johnson...thank you, that's what we're doing for the computer. It's the Dropbox over which I was most puzzled. And, this one account, which belongs to a large non-profit, had shares going out to many people.

Thomas Zucker-Scharff, thank you, exactly what I was looking for.
David Johnson, CD, MVPRetiredCommented:
It's the Dropbox over which I was most puzzled. And, this one account, which belongs to a large non-profit, had shares going out to many people. Glad you found the source otherwise it would be near impossible to locate it as any computer that can access it could encrypt the files. Unfortunate that you can't finger point elsewhere..
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.