Solved

Ransomware

Posted on 2016-10-08
9
114 Views
Last Modified: 2016-10-10
I have a client who is infected with ransomware.  The files are .crypted how do I know what ransomware this is?  And can this be decrypted?
0
Comment
Question by:WellingtonIS
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +1
9 Comments
 
LVL 18

Assisted Solution

by:awawada
awawada earned 500 total points
ID: 41835300
Looks like you are infected with the Nemucod Ransomware.

I would check with this site: https://id-ransomware.malwarehunterteam.com/

But I think there is a little hope. Do you have backups of the data?
0
 
LVL 1

Expert Comment

by:amigan_99
ID: 41835301
The best scenario would be that the client has a recent backup of their data. e.g. if this is on  a shared drive perhaps there's a snapshot backup of the data? If that's the case - just delete the encrypted files and restore the backup.

If no backup you can search for a fix for the specific type of encryption. There are some out there for certain variants. But if this is a zero day infection from a new type of crypto malware - then you'll be out of luck.

If neither of these work - it's time to pay or not.
0
 

Author Comment

by:WellingtonIS
ID: 41835305
Yes they didn't have a good backup so It looks like it's gone
0
IoT Devices - Fast, Cheap or Secure…Pick Two

The IoT market is growing at a rapid pace and manufacturers are under pressure to quickly provide new products. Can you be sure that your devices do what they're supposed to do, while still being secure?

 
LVL 96

Expert Comment

by:Experienced Member
ID: 41835308
It is pretty much answered above. If I add up all the ransomware questions and divide by 9, most of the people who open attachments from strangers are the same ones who have no backups.
2
 

Author Comment

by:WellingtonIS
ID: 41835309
LOL I'd have to agree with you there
0
 
LVL 18

Accepted Solution

by:
awawada earned 500 total points
ID: 41835312
You can also try
https://decrypter.emsisoft.com/nemucod 
https://success.trendmicro.com/solution/1114221
https://github.com/Antelox/NemucodFR
https://www.nomoreransom.org/
https://noransom.kaspersky.com/
but I think they have lost all data.

@amigan_99
"If neither of these work - it's time to pay or not."
I would never pay. I don't want to support criminals! There is also no guarantee that they will send you the recovery-key.
1
 

Author Comment

by:WellingtonIS
ID: 41836998
Well the good news is I recovered some of the files.  Not nearly enough files.  I used the Trend Micro tool
0
 
LVL 1

Expert Comment

by:amigan_99
ID: 41837267
@awawada It all depends on what was encrypted. If the data was sufficiently critical to the organization then an attempt to pay the bandits could be warranted. Of course it's something that you wouldn't want to do for numerous reasons.
0
 

Author Comment

by:WellingtonIS
ID: 41837277
That will never let that  happen! I will not allow the organization to pay.  They will live with the loss of some files and perhaps this will be a good lesson for the user who did this and the rest of them.
1

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most PC repair technicians (if not all) always start their cleanup process by emptying the temp folders before running any removal tools. It makes sense because temp folders are common places for malware installers to lurk and removing all the junk …
An introduction to the wonderful sport of Scam Baiting.  Learn how to help fight scammers by beating them at their own game. This great pass time helps the world, while providing an endless source of entertainment. Enjoy!
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question