Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Anyone paid a Zepto/Locky ransom?

Posted on 2016-08-05
10
Medium Priority
?
463 Views
Last Modified: 2016-09-18
New customer's network shares are all encrypted with the Zepto ransomware after someone opened an email attachment as per normal delivery method.  Their last IT company didn't set up email alerts for failed backups and its failed for the last month. No shadow copies etc, so they want to pay the ransom. I've told them not to open the html page yet so don't know how much it will be. I know all about prevention and backups etc but in this case they will lose a lot of data. I've also advised strongly that there's no guarantee that paying will work.
Has anyone actually paid the ransom and successfully unencrypted files?
0
Comment
Question by:Ace-IT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 65

Expert Comment

by:btan
ID: 41743989
I have heard other experience that paying but failed to provide the key as promised. That is for other Ransomware and in healthcare industry.

In some cases, it may be possible to recover previous versions of the encrypted files using System Restore or other recovery software used to obtain “shadow copies” of files.
http://www.bleepingcomputer.com/virus-removal/locky-ransomware-information-help#ransom

The general advice is not to pay the ransom. By sending your money to cybercriminals you’ll only confirm that ransomware works, and there’s no guarantee you’ll get the decryption key you need in return.
0
 
LVL 1

Author Comment

by:Ace-IT
ID: 41744088
Sorry but I'm not sure if you're saying that you've "had" or "heard about" an experience where you/they paid for another ransomware product and didn't get the key?

I'm hoping to hear from someone with first hand experience of paying.  I definitely do not want to encourage paying but in this case they will lose a month of data and I have to provide them with all their options.
0
 
LVL 65

Accepted Solution

by:
btan earned 1000 total points
ID: 41744179
Pardon me - I encountered but did not go for payment as it is not guarantee and some of my peers did not even manage to run the tools even when receiving it  
http://www.bleepingcomputer.com/news/security/ultracrypter-not-providing-decryption-keys-after-payment-launches-help-desk/
0
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

 
LVL 98

Assisted Solution

by:John Hurst
John Hurst earned 1000 total points
ID: 41744202
I have not been affected so never paid anything.

In here (EE) roughly 1/2 get their files back and 1/2 do not get their files back after paying.

I saw one post in here where a company paid $17,000 and got their files back. That is more expensive than providing a good backup facility.
0
 
LVL 65

Expert Comment

by:btan
ID: 41744230
Just to share one instance after paying and not all files gotten decrypted
We got the decrypting software and ran it from the infected PC. It decrypted many files ... but not all
 We re-ran the software many times but it does not seem to matter: still many files stay encrypted
https://www.experts-exchange.com/questions/28950956/Cryptolocker-paid-the-ransom-got-the-software-does-not-decrypt-ALL-the-files.html
0
 
LVL 1

Author Closing Comment

by:Ace-IT
ID: 41745404
Thanks guys. I'll be able to tell them now that it's a hit and miss option and more likely not recommended.
0
 
LVL 98

Expert Comment

by:John Hurst
ID: 41745410
Thanks for the update and I was happy to help.
0
 
LVL 65

Expert Comment

by:btan
ID: 41745416
Thanks for sharing.
0
 

Expert Comment

by:sucurity dude
ID: 41804223
Hi,
Wondering if there's an update on this? did they pay? did they get the files back?
Thanks!!
0
 
LVL 1

Author Comment

by:Ace-IT
ID: 41804250
They didn't pay the ransom and we restored from the last successful backup of over a month ago.
They're lucky to get anything as the last place set up ShadowProtect with 15 min incrementals and didn't install Image Manager!  Over 3k of backup images in a corrupted chain that we somehow managed to repair and mount.  Some places shouldn't be allowed in this industry.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you an Exchange administrator employed with an organization? And, have you encountered a corrupt Exchange database due to which you are not able to open its EDB file. This article will explain all the steps to repair corrupt Exchange database.
The main intent of this article is to make you aware of ‘Exchange fail to mount’ error, its effects, causes, and solution.
In this Micro Tutorial viewers will learn how to restore single file or folder from Bare Metal backup image of their system. Tutorial shows how to restore files and folders from system backup. Often it is not needed to restore entire system when onl…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question