?
Solved

Anyone paid a Zepto/Locky ransom?

Posted on 2016-08-05
10
Medium Priority
?
448 Views
Last Modified: 2016-09-18
New customer's network shares are all encrypted with the Zepto ransomware after someone opened an email attachment as per normal delivery method.  Their last IT company didn't set up email alerts for failed backups and its failed for the last month. No shadow copies etc, so they want to pay the ransom. I've told them not to open the html page yet so don't know how much it will be. I know all about prevention and backups etc but in this case they will lose a lot of data. I've also advised strongly that there's no guarantee that paying will work.
Has anyone actually paid the ransom and successfully unencrypted files?
0
Comment
Question by:Ace-IT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 64

Expert Comment

by:btan
ID: 41743989
I have heard other experience that paying but failed to provide the key as promised. That is for other Ransomware and in healthcare industry.

In some cases, it may be possible to recover previous versions of the encrypted files using System Restore or other recovery software used to obtain “shadow copies” of files.
http://www.bleepingcomputer.com/virus-removal/locky-ransomware-information-help#ransom

The general advice is not to pay the ransom. By sending your money to cybercriminals you’ll only confirm that ransomware works, and there’s no guarantee you’ll get the decryption key you need in return.
0
 
LVL 1

Author Comment

by:Ace-IT
ID: 41744088
Sorry but I'm not sure if you're saying that you've "had" or "heard about" an experience where you/they paid for another ransomware product and didn't get the key?

I'm hoping to hear from someone with first hand experience of paying.  I definitely do not want to encourage paying but in this case they will lose a month of data and I have to provide them with all their options.
0
 
LVL 64

Accepted Solution

by:
btan earned 1000 total points
ID: 41744179
Pardon me - I encountered but did not go for payment as it is not guarantee and some of my peers did not even manage to run the tools even when receiving it  
http://www.bleepingcomputer.com/news/security/ultracrypter-not-providing-decryption-keys-after-payment-launches-help-desk/
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 97

Assisted Solution

by:Experienced Member
Experienced Member earned 1000 total points
ID: 41744202
I have not been affected so never paid anything.

In here (EE) roughly 1/2 get their files back and 1/2 do not get their files back after paying.

I saw one post in here where a company paid $17,000 and got their files back. That is more expensive than providing a good backup facility.
0
 
LVL 64

Expert Comment

by:btan
ID: 41744230
Just to share one instance after paying and not all files gotten decrypted
We got the decrypting software and ran it from the infected PC. It decrypted many files ... but not all
 We re-ran the software many times but it does not seem to matter: still many files stay encrypted
https://www.experts-exchange.com/questions/28950956/Cryptolocker-paid-the-ransom-got-the-software-does-not-decrypt-ALL-the-files.html
0
 
LVL 1

Author Closing Comment

by:Ace-IT
ID: 41745404
Thanks guys. I'll be able to tell them now that it's a hit and miss option and more likely not recommended.
0
 
LVL 97

Expert Comment

by:Experienced Member
ID: 41745410
Thanks for the update and I was happy to help.
0
 
LVL 64

Expert Comment

by:btan
ID: 41745416
Thanks for sharing.
0
 

Expert Comment

by:sucurity dude
ID: 41804223
Hi,
Wondering if there's an update on this? did they pay? did they get the files back?
Thanks!!
0
 
LVL 1

Author Comment

by:Ace-IT
ID: 41804250
They didn't pay the ransom and we restored from the last successful backup of over a month ago.
They're lucky to get anything as the last place set up ShadowProtect with 15 min incrementals and didn't install Image Manager!  Over 3k of backup images in a corrupted chain that we somehow managed to repair and mount.  Some places shouldn't be allowed in this industry.
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
There are many Password Managers (PM) out there to choose from. PM's can help with your password habits and routines, but they should not be a crutch you rely on too heavily. I also have an article for company/enterprise PM's.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question