Mico1981m 0 Posted June 14, 2020 Share Posted June 14, 2020 Hi, A week ago I turned on my laptop trying to access some of my files I found all the icons changed and every folder have a file DECRYPT_INSTRUCTION.txt saying my files are encrypted and I have to pay someone to send me a file to unencrypt my files and they want me to send 300£. I found a local online company NiwTech they offer to have a look they contacted me the next day saying my data cannot be recovered even from windows restore as it was off and they suggested me to not pay the Ransomware I bought NOD32 but nothing changed. is there is any way to recover my files? Link to comment Share on other sites More sharing options...
Administrators Marcos 4,703 Posted June 14, 2020 Administrators Share Posted June 14, 2020 If you didn't have ESET installed before the encryption occurred, it's unlikely that we will be able to help since most of current ransomware cannot be decrypted. Please provide: - a handful of smaller encrypted files (ideally MS Office files) - the ransomware note with payment instructions - logs collected with ESET Log Collector. I'd also recommend upgrading your license for ESET Internet Security or ESET Smart Security Premium if you purchased only the basic product ESET NOD32 Antivirus since they can protect your machine also from bruteforce attacks. RDP bruteforce attacks are one of the common ways how attackers can get to your machine, disable the antivirus and run ransomware to encrypt files. Link to comment Share on other sites More sharing options...
MrWrighty 6 Posted June 14, 2020 Share Posted June 14, 2020 (edited) Sadly this could be a harsh lesson. Even with Windows shadow copies turned on, most ransomware will delete these shadow copies so this is by no means a guarantee to recover your data. You need to backup to an external device on a regular basis and get in to the habit of doing it. Windows 10 has an integrated backup tool, so make use of it. If you are not using Windows 10, just manually copy files to a USB drive to a dated folder so you can recover files at any point. Installing Antivirus after the event will not recover your files as the damage has already been done. You need to prevent, not attempt to cure ransomeware. Edited June 14, 2020 by MrWrighty Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 187 Posted June 14, 2020 Most Valued Members Share Posted June 14, 2020 Usually removing the ransomware from your computer after the encryption will break your data So if you are considering to pay the ransom to get the data back (it might not come back also) , then you shouldn't remove it. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,703 Posted June 14, 2020 Administrators Share Posted June 14, 2020 11 minutes ago, Nightowl said: Usually removing the ransomware from your computer after the encryption will break your data Not really. Ransomware typically removes itself after it has finished encryption. It's the ransomware note which contains information necessary to obtain a decryptor for ransom. Nightowl 1 Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 187 Posted June 14, 2020 Most Valued Members Share Posted June 14, 2020 Yea I understand , this what I meant, if you don't have the ID for the decryptor then you are out of luck or if an AV picks it up and remove it Link to comment Share on other sites More sharing options...
Recommended Posts