Improve company productivity with a Business Account.Sign Up

x
?
Solved

Has this user really been infected by Ransomware?

Posted on 2016-07-14
3
Medium Priority
?
232 Views
Last Modified: 2016-07-18
I have a photo taken with an iPhone of a computer screen that appears to have been taken over by Ransomware.  Old computer, running XP
Is this recognizable?  Can the data be recovered?

Thanks.
Screen with ransomware threat
0
Comment
Question by:computerlarry
3 Comments
 
LVL 20

Assisted Solution

by:Mal Osborne
Mal Osborne earned 200 total points
ID: 41711690
Looks real to me, this mode of attack is, sadly, rather common.  Probably came in as a mail attachment. Check data files to see for sure. Your options?

1. Restore from backups.
2. Follow the links, pay the ransom, and hope the extortionists actually give you a decryption key.
3. Contact local law enforcement. They will probably be no help.
4. Learn to live with out the data. Being on a poorly secured, old machine running an unsupported OS with no backups, there can't have been much on it of any consequence.
0
 
LVL 31

Assisted Solution

by:Thomas Zucker-Scharff
Thomas Zucker-Scharff earned 800 total points
ID: 41711718
Be careful it isn't CTB-Faker, a Bastian that pretends to be ransomware in order to get your money. Upload a file to id-ransomware.com to check which variant.
0
 
LVL 66

Accepted Solution

by:
btan earned 1000 total points
ID: 41712763
The message seems close to "TeslaCrypt 3.0" ransomware but do check on Thomas suggested IDRansomware (https://id-ransomware.malwarehunterteam.com/) for validity (you need tosupplied the ransom note and encrypted files).

Specifically you can also check for the file extension of files in My Document or desktop etc to have hints checked. Like .xxx, .ttt, .micro or .mp3 extension appended to the end of the filename. The ransom note is like below.
_H_e_l_p_RECOVER_INSTRUCTIONS+qjd.html
_H_e_l_p_RECOVER_INSTRUCTIONS+qjd.png
_H_e_l_p_RECOVER_INSTRUCTIONS+qjd.txt

Check the indicator below http://www.bleepingcomputer.com/forums/t/605185/teslacrypt-30-xxx-ttt-micro-mp3-support-topic/?p=3932673.

There may be discussion that it has decryption approach
If you are a victim of TeslaCrypt and your files have the ECC, .EZZ, .EXX, .XYZ, .ZZZ, .AAA, .ABC, .CCC, or .VVV extensions, you can use BloodDolly or Googulator's scripts to retrieve your decryption key.  Personally, for most users, I suggest that you use BloodDolly's TeslaDecoder tool because it will be easier to use for those who are more comfortable in a Windows environment and makes it easier to recover the key that can decrypt all of your files..

To decrypt your files simply download TeslaDecoder and read the included instructions. I created these instructions to be very detailed and to provide all the information and tools that you will need to recover your encryption key.
http://www.bleepingcomputer.com/news/security/teslacrypt-decrypted-flaw-in-teslacrypt-allows-victims-to-recover-their-files/
You may want to check out but be careful on those tool as well and not get infected by another malware. If you have latest (or acceptable version) backup then I suggest you go with it instead of decryption
1

Featured Post

Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Are you looking to start a business? Do you own and operate a small company? If so, here are some courses you need to take before you hire a full-time IT staff.
A basic introduction to Website Security and the absolute minimal steps that anyone should take in order to protect against hostile intrusions. This is offered as a guide to getting started, not an exhaustive list of all precautions. Enjoy...
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

608 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question