Ransomware Victim

[rkg45]

Hello,

I think my PC is attacked by ransomware. Most of my files including text,pdf, music and video files aren’t usable anymore. And I got a message that they are encrypted. I scanned my system with immunet and malwarebytes and some files got deleted. Still the files are not back.

 

I read in a few cyber security blogs about ransomware and realized that paying the bad guys may be the only way to get my files back. I can’t afford the amount they have asked and even if I paid the amount, how can I be sure that they will decrypt the file and the ransomware is completely removed?  I have an old backup on another hard drive, which means about 60% of the files could be recovered. But does that mean remaining 40% of data are gone forever? Or is there any service, free or premium that can help me in recovering this data?

 

Looking forward for positive reply.

 

Thanks in advance

[ritchie58]

I'm sorry to say there's not much that can be done once your files are encrypted by the WannaCry ransomware since it uses an extremely complex encryption algorithm, but maybe, just maybe all my not be lost (see links). It looks like you may have became one of the latest victims of the on-going ransomware cyber-attack (if it's the same worm type malware of course).

By clicking on a malicious link or attachment in an email is the way this malware spreads. This latest cyber attack involving this newest ransomware has infected well over 150,000 computers worldwide and is still spreading. It's a type of worm that can also infect other computers if files are shared within a local intranet. That's why hospitals & businesses have been hit particularly hard in Europe & Russia. The victims that have used the bitcoin service and paid the ransom so far have not received a decryption code to unlock their files.
 
The ransomware, WannaCry, works by leveraging a Windows vulnerability that came to light last month when a cache of mysterious hacking tools was leaked on the internet.The tools, which security researchers suspect came from the National Security Agency (remember the Stuxnet worm?), include an exploit code-named EternalBlue that makes hijacking older Windows systems easy. It specifically targets the Server Message Block (SMB) protocol in Windows, which is used for file-sharing purposes.

 

Surprisingly not that many Americans have been infected (so far anyways). I would partially attribute that to the fact that U.S. cyber-security experts have been warning the public for years about the dangers of clicking on suspicious email links or attachments.

Here's an article from PC World that may be of some use. http://www.pcworld.com/article/2084002/security/how-to-rescue-your-pc-from-ransomware.html

Another article by bleepingcomputer. https://www.bleepingcomputer.com/virus-removal/remove-your-computer-has-been-locked-ransomware/

Regards, Ritchie...

[lilidith]

Which ransomware attacked your computer? Do you mean WannaCry Ransomware? If your files are unluckily encrypted by this malware, there is no free decryption tool for this now. Thus, if you don't have all backups of your data, it'm impossible to recover them with any decryptor on the Internet so far. What you can do now is to remove the malware and protect the PC from other infections. 

The articles below may be helpful:

 

https://www.bleepingcomputer.com/virus-removal/remove-wannacry-wana-decryptor-ransomware

 

http://www.pcworld.com/article/3169524/security/how-to-remove-ransomware-use-this-battle-plan-to-fight-back.html

 

http://guides.uufix.com/how-to-remove-wannacry-ransomware-and-recover-files/

[ritchie58]

Hi lildith, I was being rather optimistic when I said that "maybe" the encrypted file could be retrieved.

 

I do hope the authorities catch the S.O.B.'s that instigated this recent cyber-attack. Targeting hospitals is the most reprehensible thing these disgusting, parasitic criminals could have done!