Jump to content

Ransomware


Mico1981m
 Share

Recommended Posts

Hi,

A week ago I turned on my laptop trying to access some of my files I found all the icons changed and every folder have a file DECRYPT_INSTRUCTION.txt saying my files are encrypted and I have to pay someone to send me a file to unencrypt my files and they want me to send 300£. I found a local online company NiwTech they offer to have a look they contacted me the next day saying my data cannot be recovered even from windows restore as it was off and they suggested me to not pay the Ransomware I bought NOD32 but nothing changed. is there is any way to recover my files?

Link to comment
Share on other sites

  • Administrators

If you didn't have ESET installed before the encryption occurred, it's unlikely that we will be able to help since most of current ransomware cannot be decrypted. Please provide:
- a handful of smaller encrypted files (ideally MS Office files)
- the ransomware note with payment instructions
- logs collected with ESET Log Collector.

I'd also recommend upgrading your license for ESET Internet Security or ESET Smart Security Premium if you purchased only the basic product ESET NOD32 Antivirus since they can protect your machine also from bruteforce attacks. RDP bruteforce attacks are one of the common ways how attackers can get to your machine, disable the antivirus and run ransomware to encrypt files.

Link to comment
Share on other sites

Sadly this could be a harsh lesson. Even with Windows shadow copies turned on, most ransomware will delete these shadow copies so this is by no means a guarantee to recover your data. You need to backup to an external device on a regular basis and get in to the habit of doing it. Windows 10 has an integrated backup tool, so make use of it. If you are not using Windows 10, just manually copy files to a USB drive to a dated folder so you can recover files at any point. Installing Antivirus after the event will not recover your files as the damage has already been done. You need to prevent, not attempt to cure ransomeware. 

Edited by MrWrighty
Link to comment
Share on other sites

  • Most Valued Members

Usually removing the ransomware from your computer after the encryption will break your data

So if you are considering to pay the ransom to get the data back (it might not come back also) , then you shouldn't remove it.

Link to comment
Share on other sites

  • Administrators
11 minutes ago, Nightowl said:

Usually removing the ransomware from your computer after the encryption will break your data

Not really. Ransomware typically removes itself after it has finished encryption. It's the ransomware note which contains information necessary to obtain a decryptor for ransom.

Link to comment
Share on other sites

  • Most Valued Members

Yea I understand , this what I meant, if you don't have the ID for the decryptor then you are out of luck or if an AV picks it up and remove it

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...