Link to home
Create AccountLog in
Avatar of brian ramos
brian ramos

asked on

ransomeware in flash drive

think I got ransomeware. files on flash drive showing ext.domn today when I checked it on a lab computer. I’m scared to plug it in another pc in case that pc gets infected. is there anyway to fix this ?
Avatar of Robert Retzer
Robert Retzer
Flag of Canada image

This is a hard call.  it is hardly unlikely that the application itself that encrypted your files has been transferred to your memory stick. The malware would be in the computer that infected the memory stick. But that is not to say it can't happen so it is a good thing that you are cautious before sticking the memory stick into another device. If you have a test system or a computer that you dont care about the data you can insert the stick in there and do a scan for malware such as ransomware, but I would make sure the system is not connected to the network, so that it will infect other systems or download a payload that will infect your current system. If the data is valuable and you do not want to take the chance of infect your computers or you dont have a system you can sacrifice then I recommend you take the stick to a reputable repair shop that removes malware.
I checked it on a lab computer.

Additionally it wouldn't be a bad idea to scan that lab computer as well
on that test pc - try formatting the stick
Avatar of skullnobrains

boot a computer with a live cd
mount the key with at least "noexec" and "ro" options

you will be able to assess what happened while minimizing the risks. basically only a malware in the usb microcode would be potent.
Avatar of brian ramos


is just my flash drive have it not the pc. if I scan it with a paid antivirus like norton would that fix my flash drive ??
- you cannot scan it with norton without risking to infect the pc running norton.
- expecting anything from norton besides allowing your brand new i7 to run like a pentium3 is quite optimistic ( personal opinion ).
- not a single antivirus has yet provided a working anti-ransomware tool except occasionally against specific brands... that they might have created themselves.
- and you are past fixing : start by using that key read only and grab whatever files are pristine before you risk allowing the ransomware to crypt everything else.
Avatar of brian ramos
brian ramos

Link to home
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
good to know.

may you elaborate a little, please ? ... :
where the files clean or did emisoft actually manage to decrypt the files ?
if so, would you happen to know the exact cryptoware brand ?
thanks for sharing. apparently that's a decent progress. ... and one more reason to believe there is at least some degree of collusion between anti-virus vendors and whoever crafted this kind of s***ware.

best regards