?
Solved

Anyone paid a Zepto/Locky ransom?

Posted on 2016-08-05
10
Medium Priority
?
484 Views
Last Modified: 2016-09-18
New customer's network shares are all encrypted with the Zepto ransomware after someone opened an email attachment as per normal delivery method.  Their last IT company didn't set up email alerts for failed backups and its failed for the last month. No shadow copies etc, so they want to pay the ransom. I've told them not to open the html page yet so don't know how much it will be. I know all about prevention and backups etc but in this case they will lose a lot of data. I've also advised strongly that there's no guarantee that paying will work.
Has anyone actually paid the ransom and successfully unencrypted files?
0
Comment
Question by:Ace-IT
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 65

Expert Comment

by:btan
ID: 41743989
I have heard other experience that paying but failed to provide the key as promised. That is for other Ransomware and in healthcare industry.

In some cases, it may be possible to recover previous versions of the encrypted files using System Restore or other recovery software used to obtain “shadow copies” of files.
http://www.bleepingcomputer.com/virus-removal/locky-ransomware-information-help#ransom

The general advice is not to pay the ransom. By sending your money to cybercriminals you’ll only confirm that ransomware works, and there’s no guarantee you’ll get the decryption key you need in return.
0
 
LVL 1

Author Comment

by:Ace-IT
ID: 41744088
Sorry but I'm not sure if you're saying that you've "had" or "heard about" an experience where you/they paid for another ransomware product and didn't get the key?

I'm hoping to hear from someone with first hand experience of paying.  I definitely do not want to encourage paying but in this case they will lose a month of data and I have to provide them with all their options.
0
 
LVL 65

Accepted Solution

by:
btan earned 1000 total points
ID: 41744179
Pardon me - I encountered but did not go for payment as it is not guarantee and some of my peers did not even manage to run the tools even when receiving it  
http://www.bleepingcomputer.com/news/security/ultracrypter-not-providing-decryption-keys-after-payment-launches-help-desk/
0
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

 
LVL 100

Assisted Solution

by:John Hurst
John Hurst earned 1000 total points
ID: 41744202
I have not been affected so never paid anything.

In here (EE) roughly 1/2 get their files back and 1/2 do not get their files back after paying.

I saw one post in here where a company paid $17,000 and got their files back. That is more expensive than providing a good backup facility.
0
 
LVL 65

Expert Comment

by:btan
ID: 41744230
Just to share one instance after paying and not all files gotten decrypted
We got the decrypting software and ran it from the infected PC. It decrypted many files ... but not all
 We re-ran the software many times but it does not seem to matter: still many files stay encrypted
https://www.experts-exchange.com/questions/28950956/Cryptolocker-paid-the-ransom-got-the-software-does-not-decrypt-ALL-the-files.html
0
 
LVL 1

Author Closing Comment

by:Ace-IT
ID: 41745404
Thanks guys. I'll be able to tell them now that it's a hit and miss option and more likely not recommended.
0
 
LVL 100

Expert Comment

by:John Hurst
ID: 41745410
Thanks for the update and I was happy to help.
0
 
LVL 65

Expert Comment

by:btan
ID: 41745416
Thanks for sharing.
0
 

Expert Comment

by:sucurity dude
ID: 41804223
Hi,
Wondering if there's an update on this? did they pay? did they get the files back?
Thanks!!
0
 
LVL 1

Author Comment

by:Ace-IT
ID: 41804250
They didn't pay the ransom and we restored from the last successful backup of over a month ago.
They're lucky to get anything as the last place set up ShadowProtect with 15 min incrementals and didn't install Image Manager!  Over 3k of backup images in a corrupted chain that we somehow managed to repair and mount.  Some places shouldn't be allowed in this industry.
0

Featured Post

Granular recovery for Microsoft Exchange

With Veeam Explorer for Microsoft Exchange you can choose the Exchange Servers and restore points you’re interested in, and Veeam Explorer will present the contents of those mailbox stores for browsing, searching and exporting.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Want to know how to use Exchange Server Eseutil command? Go through this article as it gives you the know-how.
The main intent of this article is to make you aware of ‘Exchange fail to mount’ error, its effects, causes, and solution.
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
Suggested Courses

579 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question