Page 1 of Ransomware. :(

PCs & Mobiles Forum

Ransomware. :(

sj (Elite) posted this on Sunday, 6th December 2015, 13:48

So, got a call from my mum yesterday saying all her pictures had gone and replaced with a .vvv suffix.  Basically all pictures have gone.  She had a popup when logging on telling here it's all been encrypted with RSA-2048.
She's devastated - and, as most older parents I imagine, doesn't have backups.
Saw it last night - she's had an email that she thought was from a family member (other family members cc'd) and done the thing I've always told her never to do - clicked a zip file and installed what appears to be really nasty ransomware.
The popup tells her to go to a website and make a payment (via Tor browser).  No intention of doing that - and there's no knowing whether you'd even get the access back.  From looking around, it seems that without the decryption key (held on their 'secret server', it's impossible to restore the pictures.  An AV scan shows no viruses present.
Anyway, luckily, I only upgraded her PC in August (Vista to W7) and I still have the HDD with all her pictures on it from then!  Any new ones, it looks like they're gone. :(
Unless anyone knows any different, there's no way of getting anything back?  'Restore previous versions' is empty.  As is Windows Restore.
So I'm thinking of just upgrading to W10.  If I do that option, can I do a complete, clean install  - and not just an 'upgrade'?  I need to be sure it's gone.
c***s!


Ste



We will pay the price but we will not count the cost..

RE: Ransomware. :(

dkuk2000 (Elite) posted this on Sunday, 6th December 2015, 14:37

I might have a way for you to beat the Ransomeware,
HitmanPro I've used it before and removed Ransomeware successfully.
You can put it onto a USB stick and run it from there and the best bit is it's free for 30 days.

Good luck 



Anti.Clown.Coalition

RE: Ransomware. :(

sj (Elite) posted this on Sunday, 6th December 2015, 16:15

Cheers, will check it out - but I doubt it can decrypt the files - probably remove the files it's added.

Ste



We will pay the price but we will not count the cost..

RE: Ransomware. :(

RJS (undefined) posted this on Sunday, 6th December 2015, 18:25

Do you know which one it is?

I've read about two recently, one which had its server taken over by a well known company and turned into a free decryption site, and the other had a weakness in the cryptography that was useable to decrypt it.

Editor
DVD REVIEWER
MYREVIEWER.COM

My Flickr Photostream

RE: Ransomware. :(

marksparks999 (Elite) posted this on Sunday, 6th December 2015, 18:31

i had similar experience a couple of weeks ago... i think i clicked on something via Facebook on my phone.

Had Police E cyber Crime unit message - rebooted the phone still there, demanding £100 via some online payment message or i would be reported to the police!

I ended up restarting the phone is safe mode, and then doing a factory reset, lost all the photos except those on the sd card!

RE: Ransomware. :(

sj (Elite) posted this on Sunday, 6th December 2015, 18:44

Quote:
Rob Shepherd says...
"Do you know which one it is?"
I think it is Cryptowall 3.  It said something about being encrypted with RSA-2048 and ended there - whereas the screengrabs I can see from the internet have 'using Cryptowall 3.0' after it.
I think earlier versions had servers taken over by 'law enforcement' which meant the key could be recovered - I'm not so sure that this is the case here.
I'll try something like Shadow Explorer when I see the PC again - but otherwise it's a W10 upgrade I think..



Ste



We will pay the price but we will not count the cost..

RE: Ransomware. :(

RJS (undefined) posted this on Sunday, 6th December 2015, 18:49

:(

I guess the only thing you can do is keep the files and hope someone gets the servers again sometime in the future. :/

Editor
DVD REVIEWER
MYREVIEWER.COM

My Flickr Photostream

RE: Ransomware. :(

bandicoot (Elite) posted this on Sunday, 6th December 2015, 23:16

Luckly you have a HD backup of the pictures.

Now its time to just put your computer back to factory settings and get rid of this ransomware. Agree you should never pay these swine.

In future for anyone, it is best to keep any valuable data off line, ie on a portable HD flash drive (disconnected when not in use). That way you do not lose it.

RE: Ransomware. :(

Pete-MK (Elite Donator) posted this on Monday, 7th December 2015, 06:52

Get Combofix on a flash drive and run it. Worked for me (on other computers) several times

http://www.bleepingcomputer.com/download/combofix/

============================


Writer`s Release

RE: Ransomware. :(

NorthPole (Competent) posted this on Monday, 7th December 2015, 09:23

On the basis that prevention is better than cure, this link might be helpful:

http://www.thewindowsclub.com/bitdefender-anti-ransomware-windows

Go back to PCs & Mobiles Forum threads, or All Forum threads