Jump to content

Recommended Posts

Hi,

A week ago I turned on my laptop trying to access some of my files I found all the icons changed and every folder have a file DECRYPT_INSTRUCTION.txt saying my files are encrypted and I have to pay someone to send me a file to unencrypt my files and they want me to send 300£. I found a local online company NiwTech they offer to have a look they contacted me the next day saying my data cannot be recovered even from windows restore as it was off and they suggested me to not pay the Ransomware I bought NOD32 but nothing changed. is there is any way to recover my files?

Share this post


Link to post
Share on other sites

If you didn't have ESET installed before the encryption occurred, it's unlikely that we will be able to help since most of current ransomware cannot be decrypted. Please provide:
- a handful of smaller encrypted files (ideally MS Office files)
- the ransomware note with payment instructions
- logs collected with ESET Log Collector.

I'd also recommend upgrading your license for ESET Internet Security or ESET Smart Security Premium if you purchased only the basic product ESET NOD32 Antivirus since they can protect your machine also from bruteforce attacks. RDP bruteforce attacks are one of the common ways how attackers can get to your machine, disable the antivirus and run ransomware to encrypt files.

Share this post


Link to post
Share on other sites
Posted (edited)

Sadly this could be a harsh lesson. Even with Windows shadow copies turned on, most ransomware will delete these shadow copies so this is by no means a guarantee to recover your data. You need to backup to an external device on a regular basis and get in to the habit of doing it. Windows 10 has an integrated backup tool, so make use of it. If you are not using Windows 10, just manually copy files to a USB drive to a dated folder so you can recover files at any point. Installing Antivirus after the event will not recover your files as the damage has already been done. You need to prevent, not attempt to cure ransomeware. 

Edited by MrWrighty

Share this post


Link to post
Share on other sites

Usually removing the ransomware from your computer after the encryption will break your data

So if you are considering to pay the ransom to get the data back (it might not come back also) , then you shouldn't remove it.

Share this post


Link to post
Share on other sites
11 minutes ago, Nightowl said:

Usually removing the ransomware from your computer after the encryption will break your data

Not really. Ransomware typically removes itself after it has finished encryption. It's the ransomware note which contains information necessary to obtain a decryptor for ransom.

Share this post


Link to post
Share on other sites

Yea I understand , this what I meant, if you don't have the ID for the decryptor then you are out of luck or if an AV picks it up and remove it

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...