Islander Posted November 28, 2015 Share Posted November 28, 2015 Last week, I got a popup telling me that my Ad-Aware program had an urgent security update that had to be installed right away. I checked the certificate and it looked right, so I clicked for the download. Within a minute or so, a big official-looking popup appeared, telling me my files have been encrypted using an RSA 2048 something, and they have the key to decrypt them. I should click on the link in the big popup to see how to pay. There were none of the usual spelling or grammar mistakes you'd seen in a scam bit. It looked official and even polite. I checked and found I couldn't access any of my documents and about 2/3 of my photos. I shut down the computer and did some research on my smartphone. That's how I'm typing this. There was no good news. The decryption key is so long that it's not feasible to try to crack it. The crooks usually want to be paid in bitcoin, and the price increases with every missed deadline. I started the machine the next day, but it was still the same, so I shut it down. I have not clicked onto any of the "how to pay" links. The computer has now been shut down for six days, and I don't want to start it until I have some idea how to solve this. It seems that even if you do pay, you may hear nothing from the scammers. Have any of you encountered this kind of malware, and do you know of any solutions that will restore my computer? I should mention that the malware seems to have deleted my Restore Points, so System Restore is unavailable. I'm running Windows 7. I hope someone has some good news or useful ideas. Quote Link to comment Share on other sites More sharing options...
The History Kid Posted November 28, 2015 Share Posted November 28, 2015 My roommate a couple years back did have this. We didn't figure a way to recover the files, but we did figure out how to disable the software from running and encrypt more / remove it from the computer. It takes some troubleshooting to do, and you have to be safe with editing the registry to do so. I haven't seen or heard anything about unlocking the encryption though. Quote Link to comment Share on other sites More sharing options...
Mike M Posted November 28, 2015 Share Posted November 28, 2015 Man that sucks, only thing I can think of is wipe the hard drive and start over, hopefully you had everything backed up. Good luck Quote Link to comment Share on other sites More sharing options...
Islander Posted November 28, 2015 Author Share Posted November 28, 2015 My computer has a RAID comprised of two drives set up as mirror units, so each is exactly the same. The idea was that if one drive crashed, the second one would be fine, and I wouldn't need to do any backups. However, that's no protection against malware. I do run antivirus programs, but they didn't flag this, maybe because it was impersonating one of them. I did buy an external drive years ago, but only used it a couple of times, and that was likely with the XP computer I had before this Win7 machine. Quote Link to comment Share on other sites More sharing options...
Mike M Posted November 28, 2015 Share Posted November 28, 2015 Were you on a website when you got the pop up ? Quote Link to comment Share on other sites More sharing options...
Mike M Posted November 28, 2015 Share Posted November 28, 2015 http://www.pcworld.com/article/2084002/how-to-rescue-your-pc-from-ransomware.html 1 Quote Link to comment Share on other sites More sharing options...
Mike M Posted November 28, 2015 Share Posted November 28, 2015 Hope that helps Quote Link to comment Share on other sites More sharing options...
MyOwn Posted November 28, 2015 Share Posted November 28, 2015 You can try this option.... http://www.bleepingcomputer.com/tutorials/start-the-windows-7-recovery-environment/ Quote Link to comment Share on other sites More sharing options...
Jim Naseum Posted November 28, 2015 Share Posted November 28, 2015 How's your backup situation? Quote Link to comment Share on other sites More sharing options...
Pete H Posted November 28, 2015 Share Posted November 28, 2015 I hate it for you and hope you get this resolved quickly and don't lose your data. Once you get through this and to everyone out there that doesn't have a complete back up in place, please do a little research and get one in place. I personally use Acronis and Vice Versa and it has saved my *** on more than one occasion, including a couple weeks ago. If you are not savoy enough to get something solid in place, there are people out there that can help you. My I.T. guy is 300+ miles away from me and handles all of my business and personal computers and never has to come on site. Good Luck Quote Link to comment Share on other sites More sharing options...
Jim Naseum Posted November 28, 2015 Share Posted November 28, 2015 My new strategy for desktop computer is to only have the system disk online. All data and software with any value of any kind, like my 12,000 photographs, are stored on a portable disk which is NEVER EVER connected to the PC when it is online. To work on those files, I close the Internet connection, and physically connect the "Value Disk" to the PC. When done, disconnect. Quote Link to comment Share on other sites More sharing options...
Max2 Posted November 28, 2015 Share Posted November 28, 2015 As far as I know you have to have an offsite back up to have everything protected. There will likely be some files that are ok. The problem is dragging the good files to a decent drive without bringing the funk with it. Get rid of the process before trying to move files. We will all have off sight protection with 15 min reads in the future, its just coming to that. Quote Link to comment Share on other sites More sharing options...
psg Posted November 28, 2015 Share Posted November 28, 2015 Sounds bad. :-( Quote Link to comment Share on other sites More sharing options...
Thaddeus Smith Posted November 28, 2015 Share Posted November 28, 2015 (edited) it's called cryptolocker and the only options are to restore from backup (if you have them) or pay the ransom.. which is in the form of bitcoin and converts to about $700 USD. It's nasty stuff, and we've encountered it a half dozen times with our customers. every time they've opted to pay the unlock fee. Edited November 28, 2015 by Thaddeus Smith Quote Link to comment Share on other sites More sharing options...
JJkizak Posted November 28, 2015 Share Posted November 28, 2015 it's called cryptolocker and the only options are to restore from backup (if you have them) or pay the ransom.. which is in the form of bitcoin and converts to about $700 USD. It's nasty stuff, and we've encountered it a half dozen times with our customers. every time they've opted to pay the unlock fee. Your customers must be high rollers to fork out that kind of dough. JJK Quote Link to comment Share on other sites More sharing options...
Thaddeus Smith Posted November 28, 2015 Share Posted November 28, 2015 ironically, these particular customers have all been investment firms. they're smart enough to make tons of money, but generally lack basic computing skills. go figure. 1 Quote Link to comment Share on other sites More sharing options...
derrickdj1 Posted November 28, 2015 Share Posted November 28, 2015 Just recently I have starting backing up some things in the cloud. I also use a ext. harddrive for backup in addition to storing things on the main PC. I had something bad happen a few years back and it is a nightmare loosing all you data, pic, music, ect. Quote Link to comment Share on other sites More sharing options...
MyOwn Posted November 28, 2015 Share Posted November 28, 2015 (edited) Last week, I got a popup telling me that my Ad-Aware program had an urgent security update that had to be installed right away. I checked the certificate and it looked right, so I clicked for the download. Within a minute or so, a big official-looking popup appeared, telling me my files have been encrypted using an RSA 2048 something, and they have the key to decrypt them. I should click on the link in the big popup to see how to pay. There were none of the usual spelling or grammar mistakes you'd seen in a scam bit. It looked official and even polite. I checked and found I couldn't access any of my documents and about 2/3 of my photos. I shut down the computer and did some research on my smartphone. That's how I'm typing this. There was no good news. The decryption key is so long that it's not feasible to try to crack it. The crooks usually want to be paid in bitcoin, and the price increases with every missed deadline. I started the machine the next day, but it was still the same, so I shut it down. I have not clicked onto any of the "how to pay" links. The computer has now been shut down for six days, and I don't want to start it until I have some idea how to solve this. It seems that even if you do pay, you may hear nothing from the scammers. Have any of you encountered this kind of malware, and do you know of any solutions that will restore my computer? I should mention that the malware seems to have deleted my Restore Points, so System Restore is unavailable. I'm running Windows 7. I hope someone has some good news or useful ideas. This is what I do on a daily work related trip...Dont always believe what you are seeing.... Do this first... Enter Safemode while booting... If your computer has a single operating system installed, press and hold the F8 key as your computer restarts. You need to press F8 before the Windows logo appears. If the Windows logo appears, you'll need to try again by waiting until the Windows logon prompt appears, and then shutting down and restarting your computer Find your files "pictures, documents whatever and copy some of them to a jumb drive. Take that jump drive and plug it into another known good working Winows 7 PC. If you can open those files on this other PC, "than no encryption has taken place" If the above #3 is True, Copy all the files to the jump drive so you can copy and paste them after a complete wipe and reload of the screwed up PC...Sometimes it is faster and better to do a wipe and reload of the OS...Been down this road many many times. If #3 is not true, than just perform the complete wipe and reload Edited November 28, 2015 by Steve_S Quote Link to comment Share on other sites More sharing options...
Chris A Posted November 28, 2015 Share Posted November 28, 2015 http://yro.slashdot.org/story/15/11/28/1824250/decryptormaxcryptinfinite-ransomware-decrypted-no-need-to-pay-ransom Quote Link to comment Share on other sites More sharing options...
Thaddeus Smith Posted November 29, 2015 Share Posted November 29, 2015 This stuff is nasty. Anything attached to the infected computer gets encrypted - thumb drives, external usb drives, even mapped network drives on a NAS, etc. So you can imagine how crippling this becomes in an enterprise environment where users all share data on a centralized server. likewise, for home users it's the type of data that gets ransomed which ensures prompt payment: large picture collections, music, movies, documents, etc. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.