Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

ransomware virus

Posted on 2016-10-21
21
Medium Priority
?
152 Views
Last Modified: 2016-10-28
Hi
We got infected by the GSupport2 ransomware yesterday and is really bad because they also infect all the backup database that we have for over 2 months saved on a NAS drive so is nothing we can restore.
I even try the last resort to contact them to pay the $480 but they did not get back to me
Is there any other way to recover those files
0
Comment
Question by:infedonetwork
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 4
  • +5
21 Comments
 
LVL 9

Expert Comment

by:Tyler Brooks
ID: 41854109
Supposedly Emsisoft Decrypter for Globe2 is able to decrypt these, I'd give it a try.
0
 
LVL 2

Author Comment

by:infedonetwork
ID: 41854160
I download it and when I run it it say to darga both encrypted and unecrypted file on the decrypter but there is no Decrypter startign and I do not have an encrypted files since all are encrypted
0
 
LVL 88

Expert Comment

by:rindi
ID: 41854209
Then you can't do anything. Backup must always be removed from the system after a backup is done. Besides that, you should have more than one backup on different media.
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 9

Accepted Solution

by:
Tyler Brooks earned 2000 total points
ID: 41854215
Yah Rindi is correct unfortunately, if the decrypter software won't work it's game over, and honestly most of the ransomware I've encountered can't be decrypted without paying. For most of our clients we usually do a two layer backup scheme, with a backup run to a NAS nightly but also to an RDX cartridge which is then removed. It means that worst case scenario if the ransomware executes while the cartridge is still mounted, and gets the NAS, we've only lost a day.
0
 
LVL 2

Author Comment

by:infedonetwork
ID: 41854231
Problem is that is over 2tb of data that needs to be backup
We have tape but 500gb
We try to contact them twice but they did not get back to us
We will pay but need them to contact us
0
 
LVL 32

Expert Comment

by:Scott C
ID: 41854234
Best backup is using the 3-2-1 rule.  3 copies, 2 in separate locations on site and 1 offsite.

Try to contact the criminals again, that is your only hope.  $480 isn't too bad comparing it to some of the stories I've heard about and seen.
1
 
LVL 32

Expert Comment

by:Scott C
ID: 41854237
Not ideal, but you can get a 4TB storage external drive for $130.

http://www.newegg.com/Product/Product.aspx?Item=N82E16822235121

Better than nothing.  I know it won't help you now, but for future reference.
0
 
LVL 20

Expert Comment

by:Russ Suter
ID: 41854241
Sadly they're not likely to contact you. If you pay they *might* give you a key that will decrypt your files but it's not a guarantee. You need to remember that they're not interested in talking to you. They're not in the customer service business. They're in the ransom business. Their only interest is getting your money and the only incentive they have for actually giving you the decrypt key is so their ransomware maintains a reputation so more people will pay.

If your backup equipment is inadequate to your backup needs then it's time to upgrade. Backup equipment is not the place to be budget conscious. As you are finding out now, the cost of trying to save a few dollars is not worth the hassle and potential cost if you actually need the backup.
2
 
LVL 88

Expert Comment

by:rindi
ID: 41854266
Never pay. That's the worst thing you could do.
0
 
LVL 20

Expert Comment

by:Russ Suter
ID: 41854272
Never pay. That's the worst thing you could do.
It's a matter of perspective. Certainly you don't want to feed the monster but it sounds like their options are limited. Do you stick to your morals and go out of business?
0
 
LVL 9

Expert Comment

by:Tyler Brooks
ID: 41854279
Yah it's tricky, as much as I'd rather no one pay these kinds of organizations, if the data loss is game ending and you have no other options, what choice do you really have?
0
 
LVL 88

Expert Comment

by:rindi
ID: 41854289
If the backup had been organized properly, and also the proper measures taken to minimize the chances of infection in the first place, there wouldn't have been any problem. My point of view is always that if the data is of any importance, it would have been protected properly.
1
 
LVL 20

Expert Comment

by:Russ Suter
ID: 41854301
Agreed but such "advice" is hardly helpful in this case. Right now he needs to focus on attempting to recover lost data. Once that milestone has passed then revisiting the backup strategy will make sense. Until then all you're doing is turning the knife in his back.
2
 
LVL 2

Author Comment

by:infedonetwork
ID: 41854325
We use to have it on 500gb tape backup with Acronis as an image and the tape was out of the office dailly.
Few months ago we substantial increase the number of server to be backup from one to 4 and the amount of date fro 400gb to 2 tb
Tape was not an option anymore.
We move to a NAS drive to backup everything.
I also implement a cloud backup with livedrive 3 weeks ago but it upload only 500gb so the rest is not there.
I have a 2 months old backup from a tape but it's 2 months old and they need the recent data.
I will look at Datto backup soon or other form of backup.
Acronis does a good job but if it can't be taken out dailly it does not help
0
 
LVL 20

Expert Comment

by:Russ Suter
ID: 41854329
It's a long shot and at best may only recover some files but you could try Shadow Explorer to see if you can recover at least some of your recent files.
0
 
LVL 29

Expert Comment

by:Dr. Klahn
ID: 41854632
Side note:  Some expert should write an article on this topic, since we've seen a lot of it recently and it appears we're going to see a lot more, and it's the same info each time.
0
 
LVL 6

Expert Comment

by:efrimpol
ID: 41854659
Don'm mind while i vent.

Ransomware is BBBIIIGGG business.

Millions of dollars are being made at the expense of the innocent.

You have big corporations with unlimited budgets being attacked, and you have the little guy with 10 employees running their entire business on a single server down to the single contractor who designs webpages for a multitude of clients all getting infected.

Yes, the big corps should have SOMETHING implemented and be able to be reacted swiftly. Yes, the small business owner SHOULD have backups using the 3-2-1 rule. Yes, the contractor should be backing up his files daily and then removing the external drive.

But the attacks are becoming more and more prevalent and with increasing veracity, few have little time to prepare and worse be unable to react.

There are many vendors offering solutions, both local and cloud based solutions that are meant to mitigate against this, but the cost is not cheap (I mean NOT CHEAP).

As I sit and type this I myself worry "Will I be next? Have a take the necessary precautions to a) prevent this type of attack and b) be able to recover from it?"

This is a serious discussion that needs to be made and I'm all in should it ever come to fruition.
0
 
LVL 6

Expert Comment

by:efrimpol
ID: 41854662
By the way, yes, I do back up all my servers to two different devices with a third offsite.
0
 
LVL 2

Author Comment

by:infedonetwork
ID: 41854894
I was wondering if we create a shortcut of the data folder on the desktop of each user instead of a map drive if the virus will still spread if no map drive exist
0
 
LVL 88

Expert Comment

by:rindi
ID: 41855147
That might help with some versions of Ransomware, but not with others. Newer versions will also be able to encrypt files on shares the user has access to, whether they are mapped or not.

Besides the essential backups (they are required not only for ransomware), you must make sure users don't logon to computers using an account that has admin rights. Users must also be educated on how to use E-mail and Web-browsers safely. macro's must be disabled in e-mail clients etc., as many of the viruses are distributed via m$ office macro's. Use safer browsers than IE to browse the web. Use application white-listing so that only those programs can be run which you have approved.
0
 
LVL 30

Expert Comment

by:Thomas Zucker-Scharff
ID: 41855201
Several articles have been written about ransomware.  Btan wrote one here:
http://www.experts-exchange.com//articles/21199/Ransomware-Beware.html

I wrote several: https://www.experts-exchange.com/articles/20879/Ransomware-is-rampant-don't-be-caught-out.html

And a course (free to premium members): https://www.experts-exchange.com/courses/4/Ransomware-The-problem-and-Some-Solutions.html

Upshot: Don't pay/Backup/if all else fails (can't decrypt), sorry
1

Featured Post

What Is Blockchain Technology?

Blockchain is a technology that underpins the success of Bitcoin and other digital currencies, but it has uses far beyond finance. Learn how blockchain works and why it is proving disruptive to other areas of IT.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware continues to grow in reach and sophistication, putting data everywhere at risk. Learn how to avoid being caught in its sinister clutches with these 11 key tips.
An introduction to the wonderful sport of Scam Baiting.  Learn how to help fight scammers by beating them at their own game. This great pass time helps the world, while providing an endless source of entertainment. Enjoy!
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question