Ransomware

Anyone dealt with this? It's the real deal CryptoLocker, files are sure'nuf encrypted. Pop-up on boot-up for details of where/how to send bitcoin payment to the ransomers.

It's SWMBO's 84 year old grandmother's laptop, she hardly uses it, but her son, daughters, grand kids, and great grand kids have all been on it some since I saw it last. We were at her house for Mother's day yesterday, I play the role of "family IT guy," so of course as soon as I get there I'm told, "Lee, there's something wrong with grandmother's computer." Then I find this... uggg.

I've got back ups of all of her original files when I migrated them from her old desktop and set up her laptop about 2 years ago, but anything saved since then (not much thankfully) is lost to encryption.

The easy answer seems like wiping the HD and fresh OS install is the best bet. Anyone managed to remove the malware, and decrypt the files without actually paying the ransom?

I had something similar that I managed to get out with Malwarebytes and Hitman Pro.

I think the only answer is to find everyone on the planet with advanced computer skills, and shoot them.

Then we can go back to having toggle switches and newspapers.

Get off my lawn!

The files that have been encrypted are gone - unless you want to take the risk, pay the bandits their ransom, and hope they actually decrepit the files. But removing the ransomware is pretty easy, generally a scan with Malwarebyte, Superantispyware, etc. in Safe Mode will take care of it.

I favor the nuke from orbit option, because that's the only way to be sure.

If it's real-deal Cryptolocker, then yeah, the files are probably gone.

Consider setting grandma up with an online backup service for the future, if there is anything of value there. It sounds like she doesn't produce much data, so a free account might just do the trick. SpiderOak for example, offers 2GB for free.

If you can manage it, try to create her account as a standard account rather than an administrator account - it helps limit damage.

I'm for: Wipe the disk, start over, tell Grandma to not let the kids play with her computer or this will happen again. Install Avast.

Kaspersky actually has a boot disk for this. I think they've collected a bunch of the encryption keys. Its free: you just download the ISO, burn and boot.

https://noransom.kaspersky.com/

Fox-IT and FireEye have decryption keys for Cryptolocker.

https://www.decryptcryptolocker.com/

It should be noted that the Kaspersky link above is for CoinVault and not Cryptolocker.

^Try that link. If that fails, all you can do is back up the encrypted files, wipe and start over with whatever backups you may have. If the C&C server holding your keys is ever seized, you may be able to decrypt the files then.

Last ransomware I got got got the nuke it.from orbit option. My.PCs back up.to no.less than three places. Good luck taking me down Jerkies.

mndsm wrote: Last ransomware I got got got the nuke it.from orbit option. My.PCs back up.to no.less than three places. Good luck taking me down Jerkies.

This. Anything important is back up weekly. Pictures and other information, I have multiple copies of and nothing stored solely on a cloud.

I tried the suggestions here, and a few found elsewhere to no avail.

Drive has been formatted and the OS has been freshly installed. Berkley the folks who make viruses.

bigdaddylee82 wrote: Berkley the folks who make viruses.

Eastern European hotties do that after they see them roll up in their supercars.