Solved

Ransomware

Posted on 2016-10-08
9
63 Views
Last Modified: 2016-10-10
I have a client who is infected with ransomware.  The files are .crypted how do I know what ransomware this is?  And can this be decrypted?
0
Comment
Question by:WellingtonIS
  • 4
  • 2
  • 2
  • +1
9 Comments
 
LVL 18

Assisted Solution

by:awawada
awawada earned 500 total points
ID: 41835300
Looks like you are infected with the Nemucod Ransomware.

I would check with this site: https://id-ransomware.malwarehunterteam.com/

But I think there is a little hope. Do you have backups of the data?
0
 
LVL 1

Expert Comment

by:amigan_99
ID: 41835301
The best scenario would be that the client has a recent backup of their data. e.g. if this is on  a shared drive perhaps there's a snapshot backup of the data? If that's the case - just delete the encrypted files and restore the backup.

If no backup you can search for a fix for the specific type of encryption. There are some out there for certain variants. But if this is a zero day infection from a new type of crypto malware - then you'll be out of luck.

If neither of these work - it's time to pay or not.
0
 

Author Comment

by:WellingtonIS
ID: 41835305
Yes they didn't have a good backup so It looks like it's gone
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 41835308
It is pretty much answered above. If I add up all the ransomware questions and divide by 9, most of the people who open attachments from strangers are the same ones who have no backups.
1
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:WellingtonIS
ID: 41835309
LOL I'd have to agree with you there
0
 
LVL 18

Accepted Solution

by:
awawada earned 500 total points
ID: 41835312
You can also try
https://decrypter.emsisoft.com/nemucod
https://success.trendmicro.com/solution/1114221
https://github.com/Antelox/NemucodFR
https://www.nomoreransom.org/
https://noransom.kaspersky.com/
but I think they have lost all data.

@amigan_99
"If neither of these work - it's time to pay or not."
I would never pay. I don't want to support criminals! There is also no guarantee that they will send you the recovery-key.
0
 

Author Comment

by:WellingtonIS
ID: 41836998
Well the good news is I recovered some of the files.  Not nearly enough files.  I used the Trend Micro tool
0
 
LVL 1

Expert Comment

by:amigan_99
ID: 41837267
@awawada It all depends on what was encrypted. If the data was sufficiently critical to the organization then an attempt to pay the bandits could be warranted. Of course it's something that you wouldn't want to do for numerous reasons.
0
 

Author Comment

by:WellingtonIS
ID: 41837277
That will never let that  happen! I will not allow the organization to pay.  They will live with the loss of some files and perhaps this will be a good lesson for the user who did this and the rest of them.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

The purpose of this Article is to provide information for a newly released variant of malware – with the assumption that many EE Members will have need of the information. According to “Computerworld”, well over one million web sites have been co…
HOW TO REMOTELY CLEAN MEROND.O WITH ESET SILENTLY PROBLEM       If you have the fortunate luck to contract the Merond.O virus on your network, it can be quite troublesome to remove as it propagates to network shares on your network. In my case, the …
This video discusses moving either the default database or any database to a new volume.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now