[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

Ransomware

Posted on 2016-10-08
9
Medium Priority
?
137 Views
Last Modified: 2016-10-10
I have a client who is infected with ransomware.  The files are .crypted how do I know what ransomware this is?  And can this be decrypted?
0
Comment
Question by:WellingtonIS
  • 4
  • 2
  • 2
  • +1
9 Comments
 
LVL 18

Assisted Solution

by:awawada
awawada earned 2000 total points
ID: 41835300
Looks like you are infected with the Nemucod Ransomware.

I would check with this site: https://id-ransomware.malwarehunterteam.com/

But I think there is a little hope. Do you have backups of the data?
0
 
LVL 1

Expert Comment

by:amigan_99
ID: 41835301
The best scenario would be that the client has a recent backup of their data. e.g. if this is on  a shared drive perhaps there's a snapshot backup of the data? If that's the case - just delete the encrypted files and restore the backup.

If no backup you can search for a fix for the specific type of encryption. There are some out there for certain variants. But if this is a zero day infection from a new type of crypto malware - then you'll be out of luck.

If neither of these work - it's time to pay or not.
0
 

Author Comment

by:WellingtonIS
ID: 41835305
Yes they didn't have a good backup so It looks like it's gone
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
LVL 101

Expert Comment

by:John Hurst
ID: 41835308
It is pretty much answered above. If I add up all the ransomware questions and divide by 9, most of the people who open attachments from strangers are the same ones who have no backups.
2
 

Author Comment

by:WellingtonIS
ID: 41835309
LOL I'd have to agree with you there
0
 
LVL 18

Accepted Solution

by:
awawada earned 2000 total points
ID: 41835312
You can also try
https://decrypter.emsisoft.com/nemucod 
https://success.trendmicro.com/solution/1114221
https://github.com/Antelox/NemucodFR
https://www.nomoreransom.org/
https://noransom.kaspersky.com/
but I think they have lost all data.

@amigan_99
"If neither of these work - it's time to pay or not."
I would never pay. I don't want to support criminals! There is also no guarantee that they will send you the recovery-key.
1
 

Author Comment

by:WellingtonIS
ID: 41836998
Well the good news is I recovered some of the files.  Not nearly enough files.  I used the Trend Micro tool
0
 
LVL 1

Expert Comment

by:amigan_99
ID: 41837267
@awawada It all depends on what was encrypted. If the data was sufficiently critical to the organization then an attempt to pay the bandits could be warranted. Of course it's something that you wouldn't want to do for numerous reasons.
0
 

Author Comment

by:WellingtonIS
ID: 41837277
That will never let that  happen! I will not allow the organization to pay.  They will live with the loss of some files and perhaps this will be a good lesson for the user who did this and the rest of them.
1

Featured Post

Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most PC repair technicians (if not all) always start their cleanup process by emptying the temp folders before running any removal tools. It makes sense because temp folders are common places for malware installers to lurk and removing all the junk …
Your business may be under attack from a silent enemy that is hard to detect. It works stealthily in the shadows to access and exploit your critical business information, sensitive confidential data and intellectual property, for commercial gain. T…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

612 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question