Close

Results 1 to 9 of 9

Thread: Ransomware Help

  1. #1
    DF Jedi Brydo666's Avatar
    Join Date
    May 2008
    Location
    Glasgow
    Posts
    3,444
    Thanks
    213
    Thanked:        192
    Karma Level
    477

    Default Ransomware Help

    Unfortunately it looks like my father-in-law has been hit with a ransomware attack on his home system. It's not unusual for me to clear up some malware from time to time but this one really has me really stuck. The ransomware itself was removed successfully using Malwarebytes but it has encrypted a number of files that are important to them.

    The encrypted files have been changed to a .DOCM extension which when removed leaves a corrupt file. The directory that contains the encrypted file has a "Restore my files" text message that directs to a website for ransomware payment.

    [Only registered and activated users can see links. ] that show what it's looking like. Has anyone experience of de-crypting the files? Unfortunately we don't have a backup of the originals but he is now uploading the unaffected files to cloud storage.

    Cheers in advance for any input or help.

    Brydo

  2. #2
    DF Super Moderator piggzy's Avatar
    Join Date
    Jul 2014
    Location
    UK
    Posts
    3,931
    Thanks
    3,471
    Thanked:        1,711
    Karma Level
    338

    Default Re: Ransomware Help

    Quote Originally Posted by Brydo666 View Post
    Unfortunately it looks like my father-in-law has been hit with a ransomware attack on his home system. It's not unusual for me to clear up some malware from time to time but this one really has me really stuck. The ransomware itself was removed successfully using Malwarebytes but it has encrypted a number of files that are important to them.

    The encrypted files have been changed to a .DOCM extension which when removed leaves a corrupt file. The directory that contains the encrypted file has a "Restore my files" text message that directs to a website for ransomware payment.

    [Only registered and activated users can see links. ] that show what it's looking like. Has anyone experience of de-crypting the files? Unfortunately we don't have a backup of the originals but he is now uploading the unaffected files to cloud storage.

    Cheers in advance for any input or help.

    Brydo

    Depends how clever the attack was but when it happened to me once I first got rid of the attacking ransomware software then I installed a file recover program from the usual places, I was able to recover most files using that then simply deleted the encrypted ones etc

  3. #3
    DF General DogsBody
    Mickey's Avatar
    Join Date
    Nov 2006
    Location
    Digital Forums
    Posts
    17,193
    Thanks
    2,047
    Thanked:        2,382
    Karma Level
    1294

    Default Re: Ransomware Help

    It is always good practice to backup your computer once a month. then issues like this are not quit as bad
    [Only registered and activated users can see links. ]

  4. #4
    DF PlaYa grrrd's Avatar
    Join Date
    Nov 2006
    Location
    portsmouth
    Posts
    894
    Thanks
    327
    Thanked:        265
    Karma Level
    218

    Default Re: Ransomware Help

    quick google comes up with
    'No official .DOCM files decrypter has been discovered yet. Experts should release it after the discovery soon.'

    Most of the others have tools now where the keys used were discovered, looks like this one may not have been. Wonder if this is the same flavour as the two towns in Florida who ended up paying?

  5. #5
    DF Jedi akimba's Avatar
    Join Date
    Jun 2006
    Location
    UK
    Posts
    2,992
    Thanks
    1,112
    Thanked:        827
    Karma Level
    321

    Default Re: Ransomware Help

    try using pirisofts recuva as this may be able to recover the original docs.

    As for decrypting without pay you got pretty much the same chance as winning the lottery and euro in the same week (without buying a ticket for either)

    Even if you pay, there is no guarantee they will bother decrypting them for you either, one of the earlier encryption malware created a different random encryption string everytime to make it un-decrytable and the guys who were taking the money didnt know what the decryption strings were so they were taking the money knowing they could recover the files anyhow :-(

  6. #6
    DF Jedi Brydo666's Avatar
    Join Date
    May 2008
    Location
    Glasgow
    Posts
    3,444
    Thanks
    213
    Thanked:        192
    Karma Level
    477

    Default Re: Ransomware Help

    Well I couldn't believe it this morning I woke up to find my system (The one I used to support him via TeamViewer) was hit too. My files had a .venom extension but I couldn't launch any applications where he could. Spend hours trying various tools to decrypt files to no avail - ended up doing a full Windows reinstall.

    Was running the latest version of Windows 10 with updates installed and Windows Defender active - I've no idea how it got to me.

  7. #7
    DF PiMP josweet's Avatar
    Join Date
    Aug 2006
    Location
    uk
    Posts
    301
    Thanks
    107
    Thanked:        225
    Karma Level
    187

    Default Re: Ransomware Help

    Lots of various ransomware decrypters here. Youll need to know which you have in order to decrypt the files now or in the future.
    [Only registered and activated users can see links. ]

  8. #8
    DF VIP Member stevo25's Avatar
    Join Date
    Nov 2000
    Location
    grim north
    Posts
    3,394
    Thanks
    1,515
    Thanked:        715
    Karma Level
    449

    Default Re: Ransomware Help

    I'm curious, but why does he have images of Mickey?

  9. #9
    DF Super Moderator
    evilsatan's Avatar
    Join Date
    Jul 2004
    Location
    Essex
    Posts
    20,186
    Thanks
    1,144
    Thanked:        3,342
    Karma Level
    1567

    Default Re: Ransomware Help

    It sounds like you know it can't be decrypted (yet at least) but I think this is supposed to be a good tool to help:
    [Only registered and activated users can see links. ]

    I haven't had to use it so can't be sure. Have you also tried restoring previous versions of the files or the parent folders to see if that's possible?


Social Networking Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •