Solved

Ransomware

Posted on 2016-10-08
9
107 Views
Last Modified: 2016-10-10
I have a client who is infected with ransomware.  The files are .crypted how do I know what ransomware this is?  And can this be decrypted?
0
Comment
Question by:WellingtonIS
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +1
9 Comments
 
LVL 18

Assisted Solution

by:awawada
awawada earned 500 total points
ID: 41835300
Looks like you are infected with the Nemucod Ransomware.

I would check with this site: https://id-ransomware.malwarehunterteam.com/

But I think there is a little hope. Do you have backups of the data?
0
 
LVL 1

Expert Comment

by:amigan_99
ID: 41835301
The best scenario would be that the client has a recent backup of their data. e.g. if this is on  a shared drive perhaps there's a snapshot backup of the data? If that's the case - just delete the encrypted files and restore the backup.

If no backup you can search for a fix for the specific type of encryption. There are some out there for certain variants. But if this is a zero day infection from a new type of crypto malware - then you'll be out of luck.

If neither of these work - it's time to pay or not.
0
 

Author Comment

by:WellingtonIS
ID: 41835305
Yes they didn't have a good backup so It looks like it's gone
0
Major Incident Management Communications

Major incidents and IT service outages cost companies millions. Often the solution to minimizing damage is automated communication. Find out more in our Major Incident Management Communications infographic.

 
LVL 95

Expert Comment

by:John Hurst
ID: 41835308
It is pretty much answered above. If I add up all the ransomware questions and divide by 9, most of the people who open attachments from strangers are the same ones who have no backups.
2
 

Author Comment

by:WellingtonIS
ID: 41835309
LOL I'd have to agree with you there
0
 
LVL 18

Accepted Solution

by:
awawada earned 500 total points
ID: 41835312
You can also try
https://decrypter.emsisoft.com/nemucod 
https://success.trendmicro.com/solution/1114221
https://github.com/Antelox/NemucodFR
https://www.nomoreransom.org/
https://noransom.kaspersky.com/
but I think they have lost all data.

@amigan_99
"If neither of these work - it's time to pay or not."
I would never pay. I don't want to support criminals! There is also no guarantee that they will send you the recovery-key.
1
 

Author Comment

by:WellingtonIS
ID: 41836998
Well the good news is I recovered some of the files.  Not nearly enough files.  I used the Trend Micro tool
0
 
LVL 1

Expert Comment

by:amigan_99
ID: 41837267
@awawada It all depends on what was encrypted. If the data was sufficiently critical to the organization then an attempt to pay the bandits could be warranted. Of course it's something that you wouldn't want to do for numerous reasons.
0
 

Author Comment

by:WellingtonIS
ID: 41837277
That will never let that  happen! I will not allow the organization to pay.  They will live with the loss of some files and perhaps this will be a good lesson for the user who did this and the rest of them.
1

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

It started not too long ago. It was at first annoying. My keystrokes seemed to be randomly generated, not the ones I typed on the keyboard. For some reason this only happened in certain applications (especially browsers such as IE11, Firefox and Chr…
Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question