New Landy new life Posted June 27, 2019 Posted June 27, 2019 My son was trying to help me with something and ended up bypassing my AVG protection by turning it off while he was downloading something and now my one laptop and external drive that was connected at the time seem to be stuffed and both have a .txt file requesting money to recover the files. I tried restoring the laptop by doing a hard reset but that seems to have stalled and is stuck at 41% and does not continue. I am not so concerned about that laptop as it had recently been rebooted and has no important data on it but the External drive has my whole life on it. I googled a few videos but that sort of tech is beyond me. I there any place I can take the drive to to recover what has been locked and recover the info ?
Dicky DQ Posted June 28, 2019 Posted June 28, 2019 Unless you have shadow copy enable and can access them, in most cases you are quite knotted. Before you do anything you need to get the ransomware removed ASAP. Try Malwarebytes and addware cleaner etc. https://howtoremove.guide/how-to-decrypt-ransomware/ I have had some success with this. But in a lot of cases nothing can be done. Also when everything is resolved you will need to load some for of ransomware protection (cryptoprevent seems to work). a lot of antivirus tools do not protect against ransomware in any even (wee esp the free versions) Good luck.
Rob_Lions Posted June 28, 2019 Posted June 28, 2019 Sorry to hear about you ransomware episode, there might be light at the end of the tunnel though. If you open one of the txt file what does it say? As there is decryption tools available for a few variants of ransomware. Have a look here: https://www.nomoreransom.org/https://noransom.kaspersky.com/
Slowbee Posted June 28, 2019 Posted June 28, 2019 My son was trying to help me with something and ended up bypassing my AVG protection by turning it off while he was downloading something and now my one laptop and external drive that was connected at the time seem to be stuffed and both have a .txt file requesting money to recover the files. I tried restoring the laptop by doing a hard reset but that seems to have stalled and is stuck at 41% and does not continue. I am not so concerned about that laptop as it had recently been rebooted and has no important data on it but the External drive has my whole life on it. I googled a few videos but that sort of tech is beyond me. I there any place I can take the drive to to recover what has been locked and recover the info ?Sorry to be bringing bad news to you Landy. But there is nothing you can do. The encryption software is just about impossible to crack. This really sucks. Have a look here for more info Landy. https://community.bikehub.co.za/topic/159030-ransomware/
Shebeen Posted June 28, 2019 Posted June 28, 2019 got that T-shirt. someone opened an email attachment that bypassed the virus software and everything on his laptop and the server went into undecipherable gobbledy gook. including the entire pastel accounting records, backup was 2 weeks old. we ended up paying the bitcoin (it was about R14k). next day i got a program with a decrypter and watched everything return to normal.was concerned that he had probably put something else onto our system, but 2 years later no more issues. *cleaned up all our systems and processes, now daily backup in the cloud. it is SCARY losing all of this. got a lot of inter office stuff on dropbox. restored it all seamlessly in 10 minutes. funny thing was that the ransom is a proper business expense, was good fun convincing the accountant to file it as such.
Let's Ride Posted June 28, 2019 Posted June 28, 2019 +27 71 871 6399 Ian van Niekerk He is an expert in I.T. based in Cape Town. http://www.ianvanniekerk.co.za/
Cois Posted July 29, 2019 Posted July 29, 2019 I decrypted a doctors database after a ransom attack. It took 3 months to get the correct app to do the decryption, but we got the database back and working. So you can get your data back. If you know what you are dealing with, you might get a decode application. Just don’t format the drive if you have important data on the drive. The software company formatted the drive and I had to do a data recovery on top of the encryption problem. Just glad I worked for a company that had access to some great software sources and some great internet access
Rocket-Boy Posted July 30, 2019 Posted July 30, 2019 So the interesting thing about ransomware that a lot of people dont know, is that it doesnt actually do the encryption of your files.All it does is setup bitlocker which is built-in to windows and creates a key that you cant guess.There were a few of them that were using the same key and same bitcoin address for ransom demands, those were fairly easy to get around due to the shared nature.Others that generate random keys are not so simple, Bitlocker is designed with enterprise security in mind so its not something you can just brute force.
Cois Posted July 30, 2019 Posted July 30, 2019 I just struck luck. There are a few white hat guys hacking the black hat guys and getting the needed keys from them. But that was two years ago. Take it that they got more advanced by now
Recommended Posts
Archived
This topic is now archived and is closed to further replies.