Anastasia D. Gavanas
asked on
Zepto Ransomware - Decrypt/Restore files
Hi, one of my home machines was attached by zepto ransomware.
Device is a Lenovo laptop running Windows 10, 64-bit & MS Office 2013.
Several of my work files, especially Word documents and Excel spreadsheets and other such items were transformed/encrypted in XXXX.zepto files.
I would really like to
1) get some insight and working info/instruction in order to restore or decrypt or restore my files as soon as possible
2) get rid of the ransomware
I am aware that I can run ShadowExplorer or any other file restore program to try to get some of my files back and then run malware removal tools that work with this ransomware and try to restore to a previous restore point. I am looking for anything additional to this or a solution that has worked for someone else.
Thank you!
Device is a Lenovo laptop running Windows 10, 64-bit & MS Office 2013.
Several of my work files, especially Word documents and Excel spreadsheets and other such items were transformed/encrypted in XXXX.zepto files.
I would really like to
1) get some insight and working info/instruction in order to restore or decrypt or restore my files as soon as possible
2) get rid of the ransomware
I am aware that I can run ShadowExplorer or any other file restore program to try to get some of my files back and then run malware removal tools that work with this ransomware and try to restore to a previous restore point. I am looking for anything additional to this or a solution that has worked for someone else.
Thank you!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hopefully you back up your data else where then on the local harddrive, otherwise the data is gone, there is no way to recover the encrypted files, I do not recommend paying the ransom because sometimes you may get the key to encrypt the files and some times you will not.... Also paying the ransom just encourages the criminals to keep making their malware to infect more systems. In the future as mentioned do not open email attachments especially from some one whom you don't know or even from someone you do know but are not expecting an email with an attachment. Some time viruses can be sent to everyone in your address book, so the receiver thinks they are receiving an email from you and the click on the attachment and end up infecting their own computer. When you reinstall your operating system make sure you install software that will detect ransomware before it has the ability to run and encrypt the files. Rindi above had excellent comments for this issue follow the rest of his advice.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thank you guys...i got some files back with Shadow explorer and then restored to a previous backup
At my work we've been hit twice by the same guy who was checking his personal email account and opening file attachments that he should not have. He has Symantec Endpoint on his PC and it caught the ransomware as it was running, meaning it did quite a bit of damage before the AV software recognized it and shut the process down.
The first line of defense here is education. Learn to recognize suspicious emails, especially with file attachments, and simply don't open them.