Close

Results 1 to 9 of 9

Thread: Ransomware Help

  1. #1
    DF Jedi Brydo666's Avatar
    Join Date
    May 2008
    Location
    Glasgow
    Posts
    3,445
    Thanks
    213
    Thanked:        193
    Karma Level
    481

    Default Ransomware Help

    Unfortunately it looks like my father-in-law has been hit with a ransomware attack on his home system. It's not unusual for me to clear up some malware from time to time but this one really has me really stuck. The ransomware itself was removed successfully using Malwarebytes but it has encrypted a number of files that are important to them.

    The encrypted files have been changed to a .DOCM extension which when removed leaves a corrupt file. The directory that contains the encrypted file has a "Restore my files" text message that directs to a website for ransomware payment.

    [Only registered and activated users can see links. ] that show what it's looking like. Has anyone experience of de-crypting the files? Unfortunately we don't have a backup of the originals but he is now uploading the unaffected files to cloud storage.

    Cheers in advance for any input or help.

    Brydo

  2. #2
    DF Super Moderator piggzy's Avatar
    Join Date
    Jul 2014
    Location
    UK
    Posts
    3,969
    Thanks
    3,512
    Thanked:        1,728
    Karma Level
    343

    Default Re: Ransomware Help

    Quote Originally Posted by Brydo666 View Post
    Unfortunately it looks like my father-in-law has been hit with a ransomware attack on his home system. It's not unusual for me to clear up some malware from time to time but this one really has me really stuck. The ransomware itself was removed successfully using Malwarebytes but it has encrypted a number of files that are important to them.

    The encrypted files have been changed to a .DOCM extension which when removed leaves a corrupt file. The directory that contains the encrypted file has a "Restore my files" text message that directs to a website for ransomware payment.

    [Only registered and activated users can see links. ] that show what it's looking like. Has anyone experience of de-crypting the files? Unfortunately we don't have a backup of the originals but he is now uploading the unaffected files to cloud storage.

    Cheers in advance for any input or help.

    Brydo

    Depends how clever the attack was but when it happened to me once I first got rid of the attacking ransomware software then I installed a file recover program from the usual places, I was able to recover most files using that then simply deleted the encrypted ones etc

  3. #3
    DF General DogsBody
    Mickey's Avatar
    Join Date
    Nov 2006
    Location
    Digital Forums
    Posts
    17,313
    Thanks
    2,116
    Thanked:        2,434
    Karma Level
    1311

    Default Re: Ransomware Help

    It is always good practice to backup your computer once a month. then issues like this are not quit as bad
    [Only registered and activated users can see links. ]

  4. #4
    DF PlaYa grrrd's Avatar
    Join Date
    Nov 2006
    Location
    portsmouth
    Posts
    894
    Thanks
    328
    Thanked:        265
    Karma Level
    222

    Default Re: Ransomware Help

    quick google comes up with
    'No official .DOCM files decrypter has been discovered yet. Experts should release it after the discovery soon.'

    Most of the others have tools now where the keys used were discovered, looks like this one may not have been. Wonder if this is the same flavour as the two towns in Florida who ended up paying?

  5. #5
    DF Jedi akimba's Avatar
    Join Date
    Jun 2006
    Location
    UK
    Posts
    3,004
    Thanks
    1,122
    Thanked:        832
    Karma Level
    326

    Default Re: Ransomware Help

    try using pirisofts recuva as this may be able to recover the original docs.

    As for decrypting without pay you got pretty much the same chance as winning the lottery and euro in the same week (without buying a ticket for either)

    Even if you pay, there is no guarantee they will bother decrypting them for you either, one of the earlier encryption malware created a different random encryption string everytime to make it un-decrytable and the guys who were taking the money didnt know what the decryption strings were so they were taking the money knowing they could recover the files anyhow :-(

  6. #6
    DF Jedi Brydo666's Avatar
    Join Date
    May 2008
    Location
    Glasgow
    Posts
    3,445
    Thanks
    213
    Thanked:        193
    Karma Level
    481

    Default Re: Ransomware Help

    Well I couldn't believe it this morning I woke up to find my system (The one I used to support him via TeamViewer) was hit too. My files had a .venom extension but I couldn't launch any applications where he could. Spend hours trying various tools to decrypt files to no avail - ended up doing a full Windows reinstall.

    Was running the latest version of Windows 10 with updates installed and Windows Defender active - I've no idea how it got to me.

  7. #7
    DF PiMP josweet's Avatar
    Join Date
    Aug 2006
    Location
    uk
    Posts
    326
    Thanks
    122
    Thanked:        243
    Karma Level
    193

    Default Re: Ransomware Help

    Lots of various ransomware decrypters here. Youll need to know which you have in order to decrypt the files now or in the future.
    [Only registered and activated users can see links. ]

  8. #8
    DF VIP Member stevo25's Avatar
    Join Date
    Nov 2000
    Location
    grim north
    Posts
    3,407
    Thanks
    1,545
    Thanked:        722
    Karma Level
    453

    Default Re: Ransomware Help

    I'm curious, but why does he have images of Mickey?

  9. #9
    DF Super Moderator
    evilsatan's Avatar
    Join Date
    Jul 2004
    Location
    Essex
    Posts
    20,238
    Thanks
    1,149
    Thanked:        3,368
    Karma Level
    1575

    Default Re: Ransomware Help

    It sounds like you know it can't be decrypted (yet at least) but I think this is supposed to be a good tool to help:
    [Only registered and activated users can see links. ]

    I haven't had to use it so can't be sure. Have you also tried restoring previous versions of the files or the parent folders to see if that's possible?


Social Networking Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •