Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Zepto Ransomware - Decrypt/Restore files

Posted on 2016-09-02
5
Medium Priority
?
317 Views
Last Modified: 2016-09-05
Hi, one of my home machines was attached by zepto ransomware.  
Device is a Lenovo laptop running Windows 10, 64-bit & MS Office 2013.

Several of my work files, especially Word documents and Excel spreadsheets and other such items were transformed/encrypted in XXXX.zepto files.

I would really like to
1) get some insight and working info/instruction in order to restore or decrypt or restore my files as soon as possible
2) get rid of the ransomware

I am aware that I can run ShadowExplorer or any other file restore program to try to get some of my files back and then run malware removal tools that work with this ransomware and try to restore to a previous restore point.  I am looking for anything additional to this or a solution that has worked for someone else.

Thank you!
0
Comment
Question by:xtermie
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 88

Accepted Solution

by:
rindi earned 1600 total points
ID: 41781336
Ransomeware normally deletes any restore points or shadow copies, so trying to recover files that way won't work.

By far the best and quickest way of getting rid of viruses and malware is to install the OS again from scratch, or from a backup you made of the system before the virus was gotten. First, if there is one virus, it is likely that you also have others, and finding them, then removing them, takes a lot of work and time, and in the end you can never be 100% sure you cleaned off everything.

When you setup your new OS, make sure you create an account with standard rights, along with an account that has admin rights. Only use the standard account when using the PC. If anything requires Admin rights, UAC will ask you to enter the admin credentials. This will make it more likely that you get warned in time before you execute something that may be malicious. Also disable Macros in Office. Most ransomware gets executed via m$ Office macros. Make sure you have installed a good AV tool like Panda free AV, and that your system is always fully patched. Don't open email attachments from unknown people and from known trusted ones only when you are expecting an attachment from them. Be careful with websites. Only visit those you trust. Make regular backups, and make sure you do that to more than one location and remove the backup device from the PC after the backup has finished.

Your encrypted files can only be recovered from existing backups. If you don't have a backup they are lost.
2
 
LVL 15

Expert Comment

by:William Fulks
ID: 41781530
Unless you pay the ransom, as there should be an instruction file in the folder with the encrypted files, you cannot decrypt them. Hopefully you had backups of your data. If not, you can either pay the ransom or consider them lost.

At my work we've been hit twice by the same guy who was checking his personal email account and opening file attachments that he should not have. He has Symantec Endpoint on his PC and it caught the ransomware as it was running, meaning it did quite a bit of damage before the AV software recognized it and shut the process down.

The first line of defense here is education. Learn to recognize suspicious emails, especially with file attachments, and simply don't open them.
2
 
LVL 18

Expert Comment

by:web_tracker
ID: 41783860
Hopefully you back up your data else where then on the local harddrive, otherwise the data is gone, there is no way to recover the encrypted files, I do not recommend paying the ransom because sometimes you may get the key to encrypt the files and some times you will not.... Also paying the ransom just encourages the criminals to keep making their malware to infect more systems. In the future as mentioned do not open email attachments especially from some one whom you don't know or even from someone you do know but are not expecting an email with an attachment. Some time viruses can be sent to everyone in your address book, so the receiver thinks they are receiving an email from you and the click on the attachment and end up infecting their own computer. When you reinstall your operating system make sure you install software that will detect ransomware  before it has the ability to run and encrypt the files. Rindi above had excellent comments for this issue follow the rest of his advice.
0
 
LVL 25

Assisted Solution

by:madunix
madunix earned 400 total points
ID: 41784499
Most ransomware is typically programmed to automatically remove itself after the encrypting is done since they are no longer needed.  Only one thing that's a guaranteed fix - good backups

LINK1
LINK2
LINK3
0
 
LVL 18

Author Closing Comment

by:xtermie
ID: 41784610
thank you guys...i got some files back with Shadow explorer and then restored to a previous backup
0

Featured Post

Survive A High-Traffic Event with Percona

Your application or website rely on your database to deliver information about products and services to your customers. You can’t afford to have your database lose performance, lose availability or become unresponsive – even for just a few minutes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

An introduction to the wonderful sport of Scam Baiting.  Learn how to help fight scammers by beating them at their own game. This great pass time helps the world, while providing an endless source of entertainment. Enjoy!
The well known Cerber ransomware continues to spread this summer through spear phishing email campaigns targeting enterprises. Learn how it easily bypasses traditional defenses - and what you can do to protect your data.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question