• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 151
  • Last Modified:

Ransomware

I have a client who is infected with ransomware.  The files are .crypted how do I know what ransomware this is?  And can this be decrypted?
0
WellingtonIS
Asked:
WellingtonIS
  • 4
  • 2
  • 2
  • +1
2 Solutions
 
awawadaCommented:
Looks like you are infected with the Nemucod Ransomware.

I would check with this site: https://id-ransomware.malwarehunterteam.com/

But I think there is a little hope. Do you have backups of the data?
0
 
amigan_99Network EngineerCommented:
The best scenario would be that the client has a recent backup of their data. e.g. if this is on  a shared drive perhaps there's a snapshot backup of the data? If that's the case - just delete the encrypted files and restore the backup.

If no backup you can search for a fix for the specific type of encryption. There are some out there for certain variants. But if this is a zero day infection from a new type of crypto malware - then you'll be out of luck.

If neither of these work - it's time to pay or not.
0
 
WellingtonISAuthor Commented:
Yes they didn't have a good backup so It looks like it's gone
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
JohnBusiness Consultant (Owner)Commented:
It is pretty much answered above. If I add up all the ransomware questions and divide by 9, most of the people who open attachments from strangers are the same ones who have no backups.
2
 
WellingtonISAuthor Commented:
LOL I'd have to agree with you there
0
 
awawadaCommented:
You can also try
https://decrypter.emsisoft.com/nemucod 
https://success.trendmicro.com/solution/1114221
https://github.com/Antelox/NemucodFR
https://www.nomoreransom.org/
https://noransom.kaspersky.com/
but I think they have lost all data.

@amigan_99
"If neither of these work - it's time to pay or not."
I would never pay. I don't want to support criminals! There is also no guarantee that they will send you the recovery-key.
1
 
WellingtonISAuthor Commented:
Well the good news is I recovered some of the files.  Not nearly enough files.  I used the Trend Micro tool
0
 
amigan_99Network EngineerCommented:
@awawada It all depends on what was encrypted. If the data was sufficiently critical to the organization then an attempt to pay the bandits could be warranted. Of course it's something that you wouldn't want to do for numerous reasons.
0
 
WellingtonISAuthor Commented:
That will never let that  happen! I will not allow the organization to pay.  They will live with the loss of some files and perhaps this will be a good lesson for the user who did this and the rest of them.
1
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

  • 4
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now