cryptolocker

Brendan Mulachy

Brendan Mulachy

Suspended / Banned
Messages
2,139
Name
dave
Edit My Images
Yes
been hit with the cryptolocker ransom wear and dont have the £1606 they want to unlock it...gutted isnt the word but as my missus says...nobody's died

i had malaware bytes, firewall and anti-virus running and it still got me...were i havent a foggiest idea

ive managed to get rid of it but cant open pics,documents or videos stored on my computer, tried a system restore to no avail, it seems to have got rid of them when infected, had a look at recovery stuff but wary of downloading something im not familiar with in case its another virus in disguise

has anyone had it and did you manage to recover anything...its the word/excell documents and the pics im more upset at losing, i have managed to get some pics back with recuvva...only had a go with a few so il try that
 
I assume that you didn't have any backup ... and no I'm not mocking you :(
Google search shows a free decryption service available but I know nothing of it and it seems that you have already acted to delete it rather than decrypt it.
I would suggest a Google search to see if you can find any successful recovery stories while you wait for any responses here.
Watch opening any attachments to emails ... double or triple check and if you don't know it delete it.
 
The original cryptolocker database server was taken over and the keys from that are available, but if it's a later variant then there isn't really a lot of options at the moment.

Although once you are sure you are free you could always try HDD recovery software as it encrypts the files and deletes the originals. As well as looking at your old memory cards in the same way. I see you got some back, so best of wishes that continues.

Horrendous software .
 
Last edited:
my back up drive was plugged in at the time so thats gone , im really careful with stuff that i click on and ever had a virus in all the time ive used a computer...but ive got 2 teenagers and it might of been one of them, im not going to shout at them its easy done
 
There have been compromised sites and adobe flash is always full of holes. It could be an entirely innocent visit to a flash based site that did it unfortunately, and you wouldn't really know because it only informs you after it has encrypted all your files (and that can take a while)
 
If there was space free on the drive, I'd definitely give it a try on the file recovery tools too.
 
You need to identify the exact chain of cryptoware and find out whether there are any tools from trustworthy sources which are able to reverse the encryption.
I presume you are running Windows? Do you have version history on your files? I know a lot of cryptowarez effectively remove/disable the file version history, but it's worth a shot.

Good luck.



I know the horse has bolted, but for anyone else picking up on this, sort your off-line backup out if you haven't already. By off-line, I mean it has to be inaccessible to the computers you use on a daily basis - so it could be alternating USB disks so one is always disconnected. Or it could be a backup-server/NAS that your PCs and desktops have no access too, with all the file sharing features disabled. Or you could use a cloud based backup if it offers a point in time recovery (PITR).

This is where the likes of FreeNAS come in useful because they can maintain multiple snapshots of a file system. I have 60 days of snapshots retained on my main and backup servers allowing me to recover data even if cryptoware goes unnoticed for sometime. The only way to access my backup server is via SSH, using a unique key/pasphrase and username. Keys used for the backups themselves are all single purpose, so they cannot be used to execute anything malicious.
 
Also for the future
Crypto viruses always need admin permission to be installed on the computer so:
  • Make sure you are not using the administrator account on a regular basis.
  • Make sure other users on the computer log on only as standard users so are unable to install any software.
  • Install ALL security updates
  • Ensure UAC is always enabled.
 
Last edited:
redsnappa said:
Also for the future
Crypto viruses always need admin permission to be installed on the computer so:
  • Make sure you are not using the administrator account on a regular basis.
  • Make sure other users on the computer log on only as standard users so are unable to install any software.
  • Install ALL security updates
  • Ensure UAC is always enabled.
Click to expand...

Although this is good advice, that should be followed, don't think it will make you immune. The effectiveness depends on the exact nature of the exploit. Any file/folder you have write access to is vulnerable even if the exploit doesn't manage privilege elevation.
I would recommend running Firefox with NoScript and only allow JavaScript to run on trusted sites. Flash and any other plugins should only run when allowed to do so, not by default.

Or just keep a device around for browsing the internet that doesn't have any access to your data. Especially if you like to visit pRon sites etc.
 
You must log in or register to reply here.
Back
Top