Page 1 of Ransomware. :(

So, got a call from my mum yesterday saying all her pictures had gone and replaced with a .vvv suffix.  Basically all pictures have gone.  She had a popup when logging on telling here it's all been encrypted with RSA-2048.
She's devastated - and, as most older parents I imagine, doesn't have backups.
Saw it last night - she's had an email that she thought was from a family member (other family members cc'd) and done the thing I've always told her never to do - clicked a zip file and installed what appears to be really nasty ransomware.
The popup tells her to go to a website and make a payment (via Tor browser).  No intention of doing that - and there's no knowing whether you'd even get the access back.  From looking around, it seems that without the decryption key (held on their 'secret server', it's impossible to restore the pictures.  An AV scan shows no viruses present.
Anyway, luckily, I only upgraded her PC in August (Vista to W7) and I still have the HDD with all her pictures on it from then!  Any new ones, it looks like they're gone. :(
Unless anyone knows any different, there's no way of getting anything back?  'Restore previous versions' is empty.  As is Windows Restore.
So I'm thinking of just upgrading to W10.  If I do that option, can I do a complete, clean install  - and not just an 'upgrade'?  I need to be sure it's gone.
c***s!


Ste

I might have a way for you to beat the Ransomeware,
HitmanPro I've used it before and removed Ransomeware successfully.
You can put it onto a USB stick and run it from there and the best bit is it's free for 30 days.

Good luck 



Anti.Clown.Coalition

Cheers, will check it out - but I doubt it can decrypt the files - probably remove the files it's added.

Ste

Do you know which one it is?

I've read about two recently, one which had its server taken over by a well known company and turned into a free decryption site, and the other had a weakness in the cryptography that was useable to decrypt it.

Editor
DVD REVIEWER
MYREVIEWER.COM

My Flickr Photostream

i had similar experience a couple of weeks ago... i think i clicked on something via Facebook on my phone.

Had Police E cyber Crime unit message - rebooted the phone still there, demanding £100 via some online payment message or i would be reported to the police!

I ended up restarting the phone is safe mode, and then doing a factory reset, lost all the photos except those on the sd card!

Quote:
Rob Shepherd says...
"Do you know which one it is?"I think it is Cryptowall 3.  It said something about being encrypted with RSA-2048 and ended there - whereas the screengrabs I can see from the internet have 'using Cryptowall 3.0' after it.
I think earlier versions had servers taken over by 'law enforcement' which meant the key could be recovered - I'm not so sure that this is the case here.
I'll try something like Shadow Explorer when I see the PC again - but otherwise it's a W10 upgrade I think..



Ste

:(

I guess the only thing you can do is keep the files and hope someone gets the servers again sometime in the future. :/

Editor
DVD REVIEWER
MYREVIEWER.COM

My Flickr Photostream

Luckly you have a HD backup of the pictures.

Now its time to just put your computer back to factory settings and get rid of this ransomware. Agree you should never pay these swine.

In future for anyone, it is best to keep any valuable data off line, ie on a portable HD flash drive (disconnected when not in use). That way you do not lose it.

Get Combofix on a flash drive and run it. Worked for me (on other computers) several times

http://www.bleepingcomputer.com/download/combofix/

============================


Writer`s Release

On the basis that prevention is better than cure, this link might be helpful:

http://www.thewindowsclub.com/bitdefender-anti-ransomware-windows