Solved

Anyone paid a Zepto/Locky ransom?

Posted on 2016-08-05
10
435 Views
Last Modified: 2016-09-18
New customer's network shares are all encrypted with the Zepto ransomware after someone opened an email attachment as per normal delivery method.  Their last IT company didn't set up email alerts for failed backups and its failed for the last month. No shadow copies etc, so they want to pay the ransom. I've told them not to open the html page yet so don't know how much it will be. I know all about prevention and backups etc but in this case they will lose a lot of data. I've also advised strongly that there's no guarantee that paying will work.
Has anyone actually paid the ransom and successfully unencrypted files?
0
Comment
Question by:Ace-IT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 64

Expert Comment

by:btan
ID: 41743989
I have heard other experience that paying but failed to provide the key as promised. That is for other Ransomware and in healthcare industry.

In some cases, it may be possible to recover previous versions of the encrypted files using System Restore or other recovery software used to obtain “shadow copies” of files.
http://www.bleepingcomputer.com/virus-removal/locky-ransomware-information-help#ransom

The general advice is not to pay the ransom. By sending your money to cybercriminals you’ll only confirm that ransomware works, and there’s no guarantee you’ll get the decryption key you need in return.
0
 
LVL 1

Author Comment

by:Ace-IT
ID: 41744088
Sorry but I'm not sure if you're saying that you've "had" or "heard about" an experience where you/they paid for another ransomware product and didn't get the key?

I'm hoping to hear from someone with first hand experience of paying.  I definitely do not want to encourage paying but in this case they will lose a month of data and I have to provide them with all their options.
0
 
LVL 64

Accepted Solution

by:
btan earned 250 total points
ID: 41744179
Pardon me - I encountered but did not go for payment as it is not guarantee and some of my peers did not even manage to run the tools even when receiving it  
http://www.bleepingcomputer.com/news/security/ultracrypter-not-providing-decryption-keys-after-payment-launches-help-desk/
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 95

Assisted Solution

by:John Hurst
John Hurst earned 250 total points
ID: 41744202
I have not been affected so never paid anything.

In here (EE) roughly 1/2 get their files back and 1/2 do not get their files back after paying.

I saw one post in here where a company paid $17,000 and got their files back. That is more expensive than providing a good backup facility.
0
 
LVL 64

Expert Comment

by:btan
ID: 41744230
Just to share one instance after paying and not all files gotten decrypted
We got the decrypting software and ran it from the infected PC. It decrypted many files ... but not all
 We re-ran the software many times but it does not seem to matter: still many files stay encrypted
https://www.experts-exchange.com/questions/28950956/Cryptolocker-paid-the-ransom-got-the-software-does-not-decrypt-ALL-the-files.html
0
 
LVL 1

Author Closing Comment

by:Ace-IT
ID: 41745404
Thanks guys. I'll be able to tell them now that it's a hit and miss option and more likely not recommended.
0
 
LVL 95

Expert Comment

by:John Hurst
ID: 41745410
Thanks for the update and I was happy to help.
0
 
LVL 64

Expert Comment

by:btan
ID: 41745416
Thanks for sharing.
0
 

Expert Comment

by:sucurity dude
ID: 41804223
Hi,
Wondering if there's an update on this? did they pay? did they get the files back?
Thanks!!
0
 
LVL 1

Author Comment

by:Ace-IT
ID: 41804250
They didn't pay the ransom and we restored from the last successful backup of over a month ago.
They're lucky to get anything as the last place set up ShadowProtect with 15 min incrementals and didn't install Image Manager!  Over 3k of backup images in a corrupted chain that we somehow managed to repair and mount.  Some places shouldn't be allowed in this industry.
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others.  This conference is aimed mainly at government agencies.  So it addresses the various compli…
In this Micro Tutorial viewers will learn how to use Windows Server Backup to create full image of their system. Tutorial shows how to install Windows Server Backup Feature on Windows 2012R2 and how to configure scheduled Bare Metal Recovery backup.…
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question