Ransome virus

32 views
Skip to first unread message

Tom

unread,
Oct 10, 2018, 1:00:38 PM10/10/18
to DataRecoveryCertification
Hi guys,
i have a client that has a Ransom virus.

is there a solution or anyways to recover ransomware encrypted files. ?

i attached the MSG that they got.

Any advice would be great.

Thank you

IMG_1890.JPG

t...@desertdatarecovery.com

unread,
Oct 10, 2018, 3:05:00 PM10/10/18
to datarecovery...@googlegroups.com

You might find some help here.

https://www.nomoreransom.org/en/index.html

--
You received this message because you are subscribed to the Google Groups "DataRecoveryCertification" group.
To unsubscribe from this group and stop receiving emails from it, send an email to datarecoverycertif...@googlegroups.com.
To post to this group, send email to datarecovery...@googlegroups.com.
Visit this group at https://groups.google.com/group/datarecoverycertification.
For more options, visit https://groups.google.com/d/optout.

Chris Berge

unread,
Oct 10, 2018, 3:24:19 PM10/10/18
to datarecovery...@googlegroups.com
Use https://id-ransomware.malwarehunterteam.com/ to identify the particular variant that is in use. Then you can better search for solutions. 
--
Chris Berge - Owner
Neuralearth Technology Services
422 SE 79th Ave Suite 205
Portland, OR 97211

deeze1

unread,
Oct 11, 2018, 3:06:44 PM10/11/18
to DataRecoveryCertification

mad...@gmail.com

unread,
Oct 11, 2018, 3:39:40 PM10/11/18
to datarecovery...@googlegroups.com
What does the text file mentioned in the screen say? 
May help identify the ransomware family type. 

MM

Sent from my iPhone

On Oct 11, 2018, at 3:06 PM, deeze1 <dewe...@gmail.com> wrote:

Fraser Corrance

unread,
Oct 15, 2018, 3:20:51 AM10/15/18
to DataRecoveryCertification
+1 for https://id-ransomware.malwarehunterteam.com/

If a decryptor dose not exist the you have two choices, and they both suck:

1) Pay the ransom and hope they decrypt it for you.

2) Be patient and wait for someone to crack the encryption. 

Some decryptors work quickly and you have the project done quickly and others will take weeks. If the tool has the option to keep the original encrypted after decryption, do it. I have seen some decryption tools mess up and incorrectly decrypt the data. If you keep the original you have a chance to make another attempt. 

You may also want to try pulling the drive and connecting it to another computer with shadow copy explorer on it (one that is not connected to you network, for obvious reasons). Sometimes, you can get lucky and the client has the shadow copy service running. 

Ransomeware sucks!

Good luck. 

Fraser
Reply all
Reply to author
Forward
0 new messages