I have a file server in my office that is used by around 150 people and several departments. At some point we were hit with a cryptolocker but the virus is not on the server. By my best guess it's on an infected laptop and miking it's rounds over the last few months because a small number of files are encrypted every few weeks. Finding the virus on the computer could be troublesome since there are 5 sites and multiple visitors from the main office. That said does anyone know of a way to break the encryption? I've tried using what it has for removal and using the key.dat file but without the offending computer to get said file is there a different method anyone can suggest? Obviously finding the offending computer is the best solution in the long term but right now if I could unlock what we have I'd take it.
If you are a business, I would high recommend that you go get your company fully covered by Trend Micro Ultimate Anti-Virus. It will stop the ransomware stuff in its tracks, and decrypt the files as well.
How? I have 5 sites, plus remote users that use this file server. Assuming they didn't use the VPN from personal equipment which increases the number of devices I can't even narrow down who may have been connected to the file server when the virus started doing it's encryption.
As I said in my opening post... You need to get anti-virus protection and malware protection on your entire network. I linked the ransomware remover. I suspect that the ransomware is on your servers, and possibly other systems on your network as well, which may well include the laptop you are talking about.
It is going to cost some money to get protected. But its going to cost money to not stay protected too. And not being protected is why you are where you are right now.
I would highly recommend that you get fully protected with Trend Micro Ultimate Protection immediately. I would also recommend that you go get a license from Malwarebytes for Business as additional protection against malware. My experience with Trend Micro is that it tends to catch every virus. Before it has a chance to do any damage. But you are already infected. And that is why I am recommending Malwarebytes as well.
If Trend Micro Ultimate Protection is properly installed on every computer at your company, any outside system that connects to your network will have every piece of data checked for viruses, and Malwarebytes will make sure none of your important files gets changed. They will work as a team to make sure this does not happen again.
If nothing else, contact Trend Micro, and explain your situation. They have experts on staff that can help you protect your business.