Ransomware Remove & File Restore

Status
Not open for further replies.

liakos

Estimable
Apr 7, 2014
2
0
4,510
Hi,

Is there anyone who know how to remove ransomeware and restore my files back to normal cuz all got .locky extension in the end. Ive tried Spyhunter, Malwarebytes but couldnt restore file back to normal extensions like .doc .ppt etc.

Any ideas?
 
Solution
Long shot - press the Windows key and R together then type on
services.msc
and hit Enter. Is the Service named "Volume Shadow Copy" Manual or Automatic? If it's automatic, you may have a system backup of all your files which are probably unaffected because the extortionists aren't smart enough to trawl the system for copies. If Manual, sorry - no joy but I have to disagree slightly with mrmez - there's no guarantee and, in fact, little chance of actually getting a decryption key from them even if you pay.

Long shot #2 - did you check to see if they deleted all your System Restore points? If not, try going back a day or two.

If you do contact them, make sure you also use The Onion Router because once they have your IP...

mrmez

Distinguished
Aug 15, 2006
266
0
19,010
AFAIK, unless you can break their encryption, you pay up or lose your data.
Pretty sure they use strong enough encryption to make it practically impossible for anybody.
Sorry dude.
 

Rabmac

Estimable
Nov 29, 2015
82
0
4,610
There may be a chance to get files back but it depends on what you have been infected with.

This article explains how to rescue files that have been encrypted by Cryptolocker: http://www.makeuseof.com/tag/cryptolocker-dead-heres-can-get-files-back/

Obviously this advice is of little to no help right now but it is always a good idea to have your important files backed up on a separate device or two.
 
Long shot - press the Windows key and R together then type on
services.msc
and hit Enter. Is the Service named "Volume Shadow Copy" Manual or Automatic? If it's automatic, you may have a system backup of all your files which are probably unaffected because the extortionists aren't smart enough to trawl the system for copies. If Manual, sorry - no joy but I have to disagree slightly with mrmez - there's no guarantee and, in fact, little chance of actually getting a decryption key from them even if you pay.

Long shot #2 - did you check to see if they deleted all your System Restore points? If not, try going back a day or two.

If you do contact them, make sure you also use The Onion Router because once they have your IP address they don't even need to rely on someone opening a tempting looking e-mail.
 
Solution

LukeFatwalker

Estimable
Dec 29, 2015
24
0
4,570
Their encryption is some of the hardest to unlock. You could pay the ransom. The good news there is that they will almost always release your files (if that helps...)

If I were you, I'd just re-format the computer and be done with it. If you don't already, you may want to look at a program like Rollback Rx or Comodo Time Machine. Programs like these won't help you right now, but they are important tools for any Malware, Ransomware, Cryptolocker, and Virus recovery.
 
There ar far more stories onthe Net about folks who paid and never saw an unlocking key thamn there are from people who got their files back.

OK so healthy folks don't go to Hosdpital to say how well they feel so they may not have posted a successful recovery but what's in it for the crook to let you off the hook when he's already had your money? I'm dealing with one now where the blackmailed/extortionist can't decide whether he wants half a bitcoin or three whole ones.

I haven't told him yet that he's not getting either but when he settles on a figure, I'll tell him which part of Russia to * off back to.
 
Status
Not open for further replies.