cancel
Showing results forย 
Search instead forย 
Did you mean:ย 

Free Tool May Unlock Encrypted Ransomware Files

1492
Moderator
Moderator
Many are already familiar with CryptoLocker, the insidious malware which encrypts one's personal files, then demands a ransom in Bitcoins for the key password that unlocks them. Failure to do so in a timely manner results in the ransom escalating substantially, or the unlock key being destroyed. Of course, paying the ransom was no guarantee of getting the unlock key anyway. Who would you complain to if you didn't receive it?

CryptoLocker snagged not only individual PC users, but corporations and even local Sheriff/Police departments forced to pay up to unlock their evidence files. Fortunately, the FBI/Interpol took down the CryptoLocker servers back in June 2014. But, sure enough, variants popped up almost immediately. And still a threat. Not surprisingly due to the estimated tens of millions of dollars the hackers gain from their ransomware.

Notwithstanding, most up to date AV software detects this types of ransomware. Another argument for having a real-time security package installed since several are available for free. Along with routine backups of personal data should provide adequate protection.

However, users still fall prey to this type of encryption ransomware. Many being mislead into installing the malware and allowing it to run. Among the most visible being the CoinVault ransomware.

Luckily, Kaspersky just release a tool that may be able to decrypt files infected with CoinVault codenamed NoRansom. You can find it here at noransom.kaspersky.com.

Commonsense can go a long way in preventing these types of malware from invading one's systems. Keeping system, browser, and AV software updated, along with a backup plan can also ensure that you're not contributing to these fraudsters bank account.
18 REPLIES 18

1492
Moderator
Moderator
MikeLorensoTampa wrote:
fj12ryder wrote:
How did your files become encrypted?

all files .doc steel .doc.ccc :?

Sounds like you have the TeslaCrypt malware? First, you need to make sure its no longer on your system? You can use an app such as Malwarebytes Free.

Whether you are going to be able to recover your files is another question? You may be able to do so if you had System Protection enabled in Windows, which uses Shadow Copy to save version changes to files? You can download a third party front end app that makes it easier to search for copies of files at ShadowExplorer. However, this is no replacement for dedicated backups. So copies of files may not all be intact.

Another possibility may be to use a file recovery app such as Recuva, which can do a deep scan for deleted original copies of files prior to encryption by malware. Though a slim chance of being successful, as TeslaCrypt attempts to write over the original files several times.

1492
Moderator
Moderator
Microsoft has never done an adequate job of advising users not to use an admin account when connected to the Net. It's not necessary in most all cases. A study done by a cyber security group not too long ago, estimated that over 90% of malware intrusion could be halted by simply not using a default admin account.

When I first read about CryptoLocker type malware, I made some security changes to my personal systems. Which I already considered was fairly locked down.

Besides top rated security software, its advisable to setup an automated backup system. I already had one in place, but beefed it up even more so programs only had read only access to the backup drive in a user account. Should encryption malware get by all security measures in place, it still wouldn't be able to encrypt any files on the backup drive. Which in itself is already separately encrypted, and auto backed up at least twice daily.

All my security and backup software is open source, or freeware.

fj12ryder
Explorer III
Explorer III
Because people would bypass it in any event. Look how much flack Microsoft caught when they required User Account Settings to allow program access starting in Vista. The first thing people wanted to know was how to bypass the whole thing. It didn't matter that it made things a bit more secure, they still wanted to get rid of it.
Howard and Peggy

"Don't Panic"

road-runner
Explorer III
Explorer III
Wrace wrote:


I am running it as Admin. So all I need to do is create a new non-admin account and just use that as my everyday operational sign-on? And leave the Admin account alone unless admin type actions are needed.

All my other machines have been in service for awhile and favorites and such are aligned with the admin accounts Ive been using. Is it possible to change an existing admin account to a regular account, or will I have to create a new non-admin account and re-bookmark all my favorites?
You can create a new account, give it admin privileges, then remove admin privileges from your existing account. I continue to wonder why the default installation has users running in admin mode? If that one simple thing were changed, the success of viruses would be severely crippled. It's not only Microsoft, because any of the system makers could configure their systems with a user account. Why don't they?
2009 Fleetwood Icon

MikeLorensoTamp
Explorer
Explorer
fj12ryder wrote:
How did your files become encrypted?

all files .doc steel .doc.ccc :?

Fizz
Explorer
Explorer
I'm sure somebody will come along and help.

Meanwhile do a Google search on 'help_your_files.txt'
Lots there to read and do.

fj12ryder
Explorer III
Explorer III
How did your files become encrypted?
Howard and Peggy

"Don't Panic"

MikeLorensoTamp
Explorer
Explorer
guys!! please help me! My doc files was encrypted and i have help_your_files.txt file in each folder.. what to do?

this helped me http://nabzsoftware.com/types-of-threats/help_your_files

Thank you all! I'm happy to be rid of this ****! :C

mileshuff
Explorer
Explorer
rwbradley wrote:
Excellent information, but one very important thing to remember with Backups is, for them to also not get hit by the Ransomware, it must be offline backup as most variants of the Ransomware will also hit attached network devices.


At my company each PC backs up to a NAS. The NAS then backsup to an external drive which is then rotated with several. The individual PC's do not have write access to the backup drives and the NAS itself cannot execute the virus. If caught on day 1 of the virus the most recent backup will still be good.
2014 Winnebago 26FWRKS 5th Wheel
2007.5 Dodge 2500 6.7L Diesel
2004 Dodge Durango Hemi 3.55 (Used to tow TT)

Wrace
Explorer
Explorer
1492 wrote:

Much of these problems with malware can be avoided if Windows Users would just do the one thing that the vast majority still do not, or know how to do. Even though, it's fairly easy to setup and takes just minutes. Create a separate User account when accessing the Net that does not have Admin privileges, and further limits drive access. Unfortunately, most still do the opposite.

Hmm, I just set-up a new desktop in my shop and didn't do this.

I am running it as Admin. So all I need to do is create a new non-admin account and just use that as my everyday operational sign-on? And leave the Admin account alone unless admin type actions are needed.

All my other machines have been in service for awhile and favorites and such are aligned with the admin accounts Ive been using. Is it possible to change an existing admin account to a regular account, or will I have to create a new non-admin account and re-bookmark all my favorites?

Thanks

1492
Moderator
Moderator
rwbradley wrote:

Excellent information, but one very important thing to remember with Backups is, for them to also not get hit by the Ransomware, it must be offline backup as most variants of the Ransomware will also hit attached network devices. If for example you have a WD My Cloud drive on your network and you setup all your computers to automatically backup across the network to it on a regular basis ie weekly, it is also vulnerable if one of your computers gets hit. A good backup plan involves two backup copies and one offline in a secure fireproof safe (or even better offsite or using a third party service like Carbonite).

With personal files, if you have a disaster like Ransomware there is a saying, "Two copies = one and one copy = none".

Encrypted ransomware targets specific file types on all accessible drives that have a letter assigned, including network and cloud based drives. Which potentially makes all affected personal files vulnerable.

Much of these problems with malware can be avoided if Windows Users would just do the one thing that the vast majority still do not, or know how to do. Even though, it's fairly easy to setup and takes just minutes. Create a separate User account when accessing the Net that does not have Admin privileges, and further limits drive access. Unfortunately, most still do the opposite.

Personally, I also use two separate drives for routine backups. One automated to backup personal files, photos, emails, and browser data, all of which are encrypted, to a separate encrypted backup drive twice a day. And a secondary external drive for system image backups, updated when any significant changes are made. Neither of these backup drives accessible from a User account.

OutdoorPhotogra
Explorer
Explorer
Thanks. I'll have to check it out. I have a family member that got hit a few months ago. He was running virus protection but I'm not sure what flavor. Big issue was he was still on XP after support had run out.

I'm all Mac these days and keep a time machine backup that does not stay attached. Regular work doesn't need backing up daily and Word docs are on OneDrive (would that get encrypted with ransom ware?). I do multiple external backups immediately after a session of processing photos.

I just cloned the drive with SuperDuper and I'm going to put it in a safety deposit box to have offsite storage beyond cloud.
2008 Rockwood Signature Ultralite 5th Wheel
F-250 6.2 Gasser

Former PUP camper (Rockwood Popup Freedom 1980)

8ntw8tn
Explorer
Explorer
Makes me really glad I have a firewall and virus protection installed and that I back-up manually to a physical hard drive. I'm no techie so I may still not be protected as much as I should be (what are "multiple layers"?), but so far, so good.
'08 Chevy Silverado 3500 Duramax;
'10 Carriage Cameo F35FWS
Det 1 56th SOWg

wa8yxm
Explorer III
Explorer III
I keep telling folks about firewalls and anti-mal-ware (I run multiple layers)

They say "Oh that slows down my computer too much"

Just like the auto safety commerical where the guy says in one shot: "Oh Seat Belts... Too confining.. Cut to a new photo of him in a full body cast and traction.

Yup. I run multiple layers for a reason.
(I also wear my seat belt)
Home was where I park it. but alas the.
2005 Damon Intruder 377 Alas declared a total loss
after a semi "nicked" it. Still have the radios
Kenwood TS-2000, ICOM ID-5100, ID-51A+2, ID-880 REF030C most times