We help IT Professionals succeed at work.

All files become MP3 format (Ransomware teslacryrt 3.0)

MichaelBalack
on
125 Views
Last Modified: 2016-03-14
Hi All,

I'm getting desktop and server having issue on all the files in PC and server become MP3 Format.

Windows server 2008 R2 and Windows XP service pack 3.

Please help or advise.

Thanks
Comment
Watch Question

Qlemo"Batchelor", Developer and EE Topic Advisor
CERTIFIED EXPERT
Top Expert 2015

Commented:
Stop all activity immediately, and disconnect from network! Restore the PC and the touched server files from a backup. There is no means to get the encrypted data back directly - even paying the ransom is no guarantee.
btanExec Consultant
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Indeed quickly isolate your machine unconnect the network as ransomware also encrypt mapped drive files and can go into extend of doing it even if unmapped to network drive. Isolate those usb stick or ext storage media used with this machine.

Do not pay the ransomware and avoid getting the decrypting tool as it may also be laden with malware unless you get from trusted website like those of AV minimally. Scan it before usage and no point bruteforcing to get back files and the inly means is retrieve from your backup...hopefully it is still exists..

Do see the guidance from below which covers most of the mentioned already.
http://www.bleepingcomputer.com/virus-removal/teslacrypt-alphacrypt-ransomware-information

Suggest that you also scan the machine using malwarebytes anti malware. Change your online and internal account password esp including those shared account and those using the same password.

Check out cryptoprevent and malwarebytes anti ransomware tool to prevent recurrences. Also I suggest removal of all admin rights from user account and enforce application whitelisting using those tools otherwise use applocker.

Here us another compilation of removal toolkit
https://bitbucket.org/jadacyrus/ransomwareremovalkit/src
MichaelBalackSenior System Engineer

Author

Commented:
Hi Btan,

Thanks for your suggestions. I am trying your method, and will get back to you about the outcome.
MichaelBalackSenior System Engineer

Author

Commented:
Hi Btan,

Those affected folder/file can't be decrypted. Even using malwarebyte, spybot, and other utilities do not help.
Exec Consultant
CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
MichaelBalackSenior System Engineer

Author

Commented:
Thanks for Expert - Btan, for his valuable time and knowledge. The damage was done, we will pay more attentions to the path that he mentioned for any suspicious trails of "happening".
btanExec Consultant
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Thanks glad to have helped

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.