Ransom Virus
Hi All,
We have a Ransom virus, which encrypt network shares and then deletes it self.
We have mcaffee epolicy orchestrator and antivirus deployed on every machines unfortunately this does not detect it and it has the latest dat file.
Please can someone help me! what can i do?
thank you in advance,
Kay
We have a Ransom virus, which encrypt network shares and then deletes it self.
We have mcaffee epolicy orchestrator and antivirus deployed on every machines unfortunately this does not detect it and it has the latest dat file.
Please can someone help me! what can i do?
thank you in advance,
Kay
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Totally depends on the type of Ransomware you are infected with, but this site is worth a try:
Milpitas, Calf. based FireEye and Fox-IT in the Netherlands — launched decryptcryptolocker.com, a site that victims can use to recover their files. Victims need to provide an email address and upload just one of the encrypted files from their computer, and the service will email a link that victims can use to download a recovery program to decrypt all of their scrambled files.
Best of luck.
Milpitas, Calf. based FireEye and Fox-IT in the Netherlands — launched decryptcryptolocker.com, a site that victims can use to recover their files. Victims need to provide an email address and upload just one of the encrypted files from their computer, and the service will email a link that victims can use to download a recovery program to decrypt all of their scrambled files.
Best of luck.
@ultalites, Unfortunately decryptcryptolocker.com was decommissioned awhile back as Crypto Locker has evolved into many different variants. They give these as other resources:
http://www.microsoft.com/security/portal/mmpc/shared/ransomware.aspx
http://www.bleepingcomputer.com/virus-removal/
http://malwaretips.com/blogs/category/ransomware/
https://forums.malwarebytes.org/index.php?/forum/39-malware-removal-guides-and-self-help-guides/
http://www.microsoft.com/security/portal/mmpc/shared/ransomware.aspx
http://www.bleepingcomputer.com/virus-removal/
http://malwaretips.com/blogs/category/ransomware/
https://forums.malwarebytes.org/index.php?/forum/39-malware-removal-guides-and-self-help-guides/
Uhhggg! I just saw that too.
It appears Dr Web is the tool of choice...checking a little further now.
It appears Dr Web is the tool of choice...checking a little further now.
It appears that DrWeb is only decrypting files for current customers..
In any case, here is the link to submit your files for analysis:
https://support.drweb.com/new/free_unlocker/?keyno=&for_decode=1
In any case, here is the link to submit your files for analysis:
https://support.drweb.com/new/free_unlocker/?keyno=&for_decode=1
First of all try to train your users better so they don't get infected in the first place, like only open mails they know come from trusted sender, and not to open attachments unless they expect them. Or to only visit websites that are trustworthy. Make sure no one uses accounts that have admin rights, unless to do a particular task, and then logout again once finished. This might not completely keep out everything, but it should help reduce the risks a lot.
Once the users know how to properly use their PC's, just delete the encrypted files and restore them from your backups.
Once the users know how to properly use their PC's, just delete the encrypted files and restore them from your backups.
Get a Windows & Live CD and Boot from that and Install Malware bytes, Hitman pro and do a manual scan
It will then reside in the temp directory and attack all shares the user has access to.
You might be able to determine who it is by looking to see who has a personal directory/Home folder encrypted.
Pull off that computer and start restoring directories