Solved

ransomware virus

Posted on 2016-10-21
21
82 Views
Last Modified: 2016-10-28
Hi
We got infected by the GSupport2 ransomware yesterday and is really bad because they also infect all the backup database that we have for over 2 months saved on a NAS drive so is nothing we can restore.
I even try the last resort to contact them to pay the $480 but they did not get back to me
Is there any other way to recover those files
0
Comment
Question by:infedonetwork
  • 4
  • 4
  • 4
  • +5
21 Comments
 
LVL 7

Expert Comment

by:Tyler Brooks
ID: 41854109
Supposedly Emsisoft Decrypter for Globe2 is able to decrypt these, I'd give it a try.
0
 
LVL 2

Author Comment

by:infedonetwork
ID: 41854160
I download it and when I run it it say to darga both encrypted and unecrypted file on the decrypter but there is no Decrypter startign and I do not have an encrypted files since all are encrypted
0
 
LVL 87

Expert Comment

by:rindi
ID: 41854209
Then you can't do anything. Backup must always be removed from the system after a backup is done. Besides that, you should have more than one backup on different media.
0
 
LVL 7

Accepted Solution

by:
Tyler Brooks earned 500 total points
ID: 41854215
Yah Rindi is correct unfortunately, if the decrypter software won't work it's game over, and honestly most of the ransomware I've encountered can't be decrypted without paying. For most of our clients we usually do a two layer backup scheme, with a backup run to a NAS nightly but also to an RDX cartridge which is then removed. It means that worst case scenario if the ransomware executes while the cartridge is still mounted, and gets the NAS, we've only lost a day.
0
 
LVL 2

Author Comment

by:infedonetwork
ID: 41854231
Problem is that is over 2tb of data that needs to be backup
We have tape but 500gb
We try to contact them twice but they did not get back to us
We will pay but need them to contact us
0
 
LVL 29

Expert Comment

by:ScottCha
ID: 41854234
Best backup is using the 3-2-1 rule.  3 copies, 2 in separate locations on site and 1 offsite.

Try to contact the criminals again, that is your only hope.  $480 isn't too bad comparing it to some of the stories I've heard about and seen.
1
 
LVL 29

Expert Comment

by:ScottCha
ID: 41854237
Not ideal, but you can get a 4TB storage external drive for $130.

http://www.newegg.com/Product/Product.aspx?Item=N82E16822235121

Better than nothing.  I know it won't help you now, but for future reference.
0
 
LVL 20

Expert Comment

by:Russ Suter
ID: 41854241
Sadly they're not likely to contact you. If you pay they *might* give you a key that will decrypt your files but it's not a guarantee. You need to remember that they're not interested in talking to you. They're not in the customer service business. They're in the ransom business. Their only interest is getting your money and the only incentive they have for actually giving you the decrypt key is so their ransomware maintains a reputation so more people will pay.

If your backup equipment is inadequate to your backup needs then it's time to upgrade. Backup equipment is not the place to be budget conscious. As you are finding out now, the cost of trying to save a few dollars is not worth the hassle and potential cost if you actually need the backup.
2
 
LVL 87

Expert Comment

by:rindi
ID: 41854266
Never pay. That's the worst thing you could do.
0
 
LVL 20

Expert Comment

by:Russ Suter
ID: 41854272
Never pay. That's the worst thing you could do.
It's a matter of perspective. Certainly you don't want to feed the monster but it sounds like their options are limited. Do you stick to your morals and go out of business?
0
Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

 
LVL 7

Expert Comment

by:Tyler Brooks
ID: 41854279
Yah it's tricky, as much as I'd rather no one pay these kinds of organizations, if the data loss is game ending and you have no other options, what choice do you really have?
0
 
LVL 87

Expert Comment

by:rindi
ID: 41854289
If the backup had been organized properly, and also the proper measures taken to minimize the chances of infection in the first place, there wouldn't have been any problem. My point of view is always that if the data is of any importance, it would have been protected properly.
1
 
LVL 20

Expert Comment

by:Russ Suter
ID: 41854301
Agreed but such "advice" is hardly helpful in this case. Right now he needs to focus on attempting to recover lost data. Once that milestone has passed then revisiting the backup strategy will make sense. Until then all you're doing is turning the knife in his back.
2
 
LVL 2

Author Comment

by:infedonetwork
ID: 41854325
We use to have it on 500gb tape backup with Acronis as an image and the tape was out of the office dailly.
Few months ago we substantial increase the number of server to be backup from one to 4 and the amount of date fro 400gb to 2 tb
Tape was not an option anymore.
We move to a NAS drive to backup everything.
I also implement a cloud backup with livedrive 3 weeks ago but it upload only 500gb so the rest is not there.
I have a 2 months old backup from a tape but it's 2 months old and they need the recent data.
I will look at Datto backup soon or other form of backup.
Acronis does a good job but if it can't be taken out dailly it does not help
0
 
LVL 20

Expert Comment

by:Russ Suter
ID: 41854329
It's a long shot and at best may only recover some files but you could try Shadow Explorer to see if you can recover at least some of your recent files.
0
 
LVL 23

Expert Comment

by:Dr. Klahn
ID: 41854632
Side note:  Some expert should write an article on this topic, since we've seen a lot of it recently and it appears we're going to see a lot more, and it's the same info each time.
0
 
LVL 5

Expert Comment

by:efrimpol
ID: 41854659
Don'm mind while i vent.

Ransomware is BBBIIIGGG business.

Millions of dollars are being made at the expense of the innocent.

You have big corporations with unlimited budgets being attacked, and you have the little guy with 10 employees running their entire business on a single server down to the single contractor who designs webpages for a multitude of clients all getting infected.

Yes, the big corps should have SOMETHING implemented and be able to be reacted swiftly. Yes, the small business owner SHOULD have backups using the 3-2-1 rule. Yes, the contractor should be backing up his files daily and then removing the external drive.

But the attacks are becoming more and more prevalent and with increasing veracity, few have little time to prepare and worse be unable to react.

There are many vendors offering solutions, both local and cloud based solutions that are meant to mitigate against this, but the cost is not cheap (I mean NOT CHEAP).

As I sit and type this I myself worry "Will I be next? Have a take the necessary precautions to a) prevent this type of attack and b) be able to recover from it?"

This is a serious discussion that needs to be made and I'm all in should it ever come to fruition.
0
 
LVL 5

Expert Comment

by:efrimpol
ID: 41854662
By the way, yes, I do back up all my servers to two different devices with a third offsite.
0
 
LVL 2

Author Comment

by:infedonetwork
ID: 41854894
I was wondering if we create a shortcut of the data folder on the desktop of each user instead of a map drive if the virus will still spread if no map drive exist
0
 
LVL 87

Expert Comment

by:rindi
ID: 41855147
That might help with some versions of Ransomware, but not with others. Newer versions will also be able to encrypt files on shares the user has access to, whether they are mapped or not.

Besides the essential backups (they are required not only for ransomware), you must make sure users don't logon to computers using an account that has admin rights. Users must also be educated on how to use E-mail and Web-browsers safely. macro's must be disabled in e-mail clients etc., as many of the viruses are distributed via m$ office macro's. Use safer browsers than IE to browse the web. Use application white-listing so that only those programs can be run which you have approved.
0
 
LVL 26

Expert Comment

by:Thomas Zucker-Scharff
ID: 41855201
Several articles have been written about ransomware.  Btan wrote one here:
http://www.experts-exchange.com//articles/21199/Ransomware-Beware.html

I wrote several: https://www.experts-exchange.com/articles/20879/Ransomware-is-rampant-don't-be-caught-out.html

And a course (free to premium members): https://www.experts-exchange.com/courses/4/Ransomware-The-problem-and-Some-Solutions.html

Upshot: Don't pay/Backup/if all else fails (can't decrypt), sorry
1

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Join & Write a Comment

These are on the increase and getting more common these days. Users who use the Google search engine may complain of having their search redirected to unwanted sites, regardless of what browser is used. This happens when the system is infected with…
The purpose of this Article is to provide information for a newly released variant of malware – with the assumption that many EE Members will have need of the information. According to “Computerworld”, well over one million web sites have been co…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now