#1 2016-10-10 8:05 am

moskhan007

Member

Registered: 2016-10-10

Posts: 1

Crypto ransom

Hi All,
Recently one of the employees in my office opened an attachment in the email of a malware. Suddenly all the Microsoft Documents & PDF files were all locked and the wallpaper changed to requirement to pay for ransom in order to get the unlock key. The hacker asks to make payment with Bitcoin with 96 hours or the price will double. Can anyone help me how on how I can unlock the files. Unfortunately we don't have the backup of the files and I surely do not want to make any ransom payment.
Appreciate for your help guys.
Regards,
Omer

Alex Kemp

Moderator

From: Nottingham, England

Registered: 2009-12-02

Posts: 2,423

Website

Re: Crypto ransom

Hi moskhan007, welcome to SFS.

You are asking within the wrong place; this forum is to do with Spam.

I'll give you some advice, based on years of observation in the field, but it is short & brutal:- You are most unlikely to be able to unlock those documents yourself (or anyone else; the key cannot be cracked, so settle to the fact that you have lost those documents on disk). You will need to completely wipe the disks (via a fdisk re-format) & reinstall absolutely everything from scratch. Do not pay a penny. If you do so, they keep sending further demands until you stop. These thieves have zero honour.

I've just seen that you do not have any backups. Then sorry, but your business is toast.

---

Alex Kemp

IP Aggregation (Help) · Easy Firewall Generator (Help)  · Conteg v0.13.14

kpatz

Member

Registered: 2008-10-09

Posts: 1,437

Re: Crypto ransom

0.  Dope slap the employee who opened the attachment.

1.  Unplug that computer from the network before it starts encrypting files on shared drives.

2.  Pull the hard drive out of the computer.

3.  Install it as a 2nd drive an another computer that's isolated from the network and has no important data on it.  Make sure the machine does NOT attempt to boot from this drive.  Better yet, stuff it into a USB enclosure and connect it after booting.

4.  Scan the drive with a malware scanner to identify the type of ransomware it is.

5.  Look online for a decrypter.  Some ransomwares have been cracked and tools exist to decrypt encrypted files.

6.  If you can decrypt the files, copy them somewhere safe.

7.  Wipe the MBR, re-partition and format the drive and put it back in the original computer, and reinstall the OS and software.

Last edited by kpatz (2016-10-10 12:56 pm)

---

Spam happens when greed meets stupidity.

sklerder

Member

Registered: 2012-10-11

Posts: 336

Website

Re: Crypto ransom

+1 with kpatz.

Starting from step 3, it would better to have a good antivirus on the scanning machine ...

Papa Parrot

Member

From: Mexico

Registered: 2011-08-19

Posts: 1,826

Website

Re: Crypto ransom

Unfortunately we don't have the backup of the files-----------

Hope you have learned a lesson.
The rest :

Alex Kemp:You are asking within the wrong place; this forum is to do with Spam.

Not sure what part of the world you are in, but I would also try to find authorities, IE: police , special investagtions ,
of some sort, ,...... Don't pay these scuzz butts anything,... however it would be nice if there was/is some way
to catch them, there probably is, but it would take a specialized team, ......
It probably is possible to actually track and catch them, and sooner or later somebody will do that,
paying them only encourages them to continue, and they will continue , until enough people ban together
to catch them, and put them in a cage, where they no longer can harm others........

You can do a search, there are plenty of results with details on what to do:
What should I do if our network has been hacked and they demand pay for ransom in order to get the unlock key 

---

Everything is for the Birds

And now, Papa Parrot and his kids

pedigree

uıɐbɐ ʎɐqǝ ɯoɹɟ pɹɐoqʎǝʞ ɐ buıʎnq ɹǝʌǝu ɯ,ı

From: New Zealand

Registered: 2008-04-16

Posts: 7,056

Re: Crypto ransom

.. and restore from backups

lisati

Member

From: Porirua, New Zealand

Registered: 2011-04-14

Posts: 340

Re: Crypto ransom

I'm with Pedigree on this one: the importance of having a good backup system in place for important data is something that is easily overlooked until it is needed.