ransomware encrypted my files! pls help

[luv2liv]

just got into work today and saw all my files on the network drive encrypted.
all files have ".crypt" added at the end . example of 1 file: workFeb1.xlsx.crypt
every folder has an instruction file on how to open: "HOW_OPEN_FILES.hta"
im sharing the file if you are curious here: https://drive.google.com/file/d/0B7nfltEeYRwxdWdoRGZWUFBIUEE/view?usp=sharing

basically, pay bitcoin. send proof of payment to some punk waitingyou2017@yandex.com
then he will send the decryptor.

after searching around, i see there are tools from http://www.thewindowsclub.com/list-ransomware-decryptor-tools but still need to research on which to use.
anyone has experience with this?

 

[luv2liv]

problem solved!
for those infected with ransomware, that link above was very informative.
first ID the ransomeware at https://id-ransomware.malwarehunterteam.com/
the site identified mine as "GlobeImposter" after uploading the infected file and ransom note.
afterward, this page has the tool to decrypt GlobeImposter: https://decrypter.emsisoft.com/globeimposter
for the tool to work, i had to load it up with the original file and the encrypted file. luckily i had backups.... it took about 1hr to find the key on my slow work PC!
hope nobody had to go through what i had to.

 

[XavierMace]

If you had backups, why go through the trouble of trying to decrypt the file? Just restore your network from backups and move on.

 

[VirtualLarry]

I just bought a qty of external portable USB3.0 hard drives. Great for OFF-LINE backups. As in, save your (stuff), so that if you ever get Ransomware on your PC, you can format, and restore your files from backup.

 

[MagnusTheBrewer]

How is it possible to get ransomware on your work computer? Prob

 

[Rifter]

How is it possible to get ransomware on your work computer? Prob

I was thinking the same thing, they need better network security lol.

 

[XavierMace]

How is it possible to get ransomware on your work computer? Prob

You'd be amazed. Unfortunately these days it's hard to lock the end users down enough that they can't get themselves infected but still give them enough access to do their job. We've sat and watched the replay of users getting themselves infected.

 

[luv2liv]

i have no idea how my school server got infected. just 4 weeks ago, it was infected with a virus from someone's PC. users here are not tech savvy.
it's a nonprofit school and im here as a data guy, collect and manipulate grades, attendances, etc...
IT was not around today and he's barely keeping things functioning. wouldnt surprise me if the school doesnt have funds for backups. strangely, none of the local files are touched. only the network drive! so from now on, i will save my work on both location instead of just the network drive.

 

[VirtualLarry]

Perhaps ironically, Anti-Virus software and their whole industry, may be part of the reason why PCs are vulnerable, because operating systems need to stay compatible with AV software, and thus cannot implement some advanced mitigation techniques (against exploits) that Ransomware can use.

 

[Craig234]

We need to do more in law enforcement at catching these people.

 

[corkyg]

We need to do more in law enforcement at catching these people.

Not easy when the perps are in different counties. First, we need to do less "SSS." (Stupid, Silly, Surfing.)

 

[Craig234]

Not easy when the perps are in different counties. First, we need to do less "SSS." (Stupid, Silly, Surfing.)

It's not just the web - I get several phishing e-mail messages a day. Many people click on them. Some are not easy for many to spot. I have to ask sometimes. Ask John Podesta.

 

[corkyg]

I can't speak for Podesta. But all my email goes through Mailwasher Pro. I review it and delete 80% of it on the POP server without ever downloading it. Spam never makes it to my computer, nor does anything from strangers.

 

[Craig234]

I can't speak for Podesta. But all my email goes through Mailwasher Pro. I review it and delete 80% of it on the POP server without ever downloading it. Spam never makes it to my computer, nor does anything from strangers.

I understand, but until that's the norm, it's a little like my responding to an issue for pregnant women with 'I'm a man, not an issue.'

Millions are lost to this sadly. Hundreds of millions if not billions apparently.

 

[tcsenter]

How is it possible to get ransomware on your work computer? Prob

Just got done some work for a retail B&M shop who had their access point router/modem completely unsecured, using the default user and password of "admin" and "admin", and the firewall settings of the router "disabled", not even minimum security profile. Been that way for like four years.....

 

[XavierMace]

You can't fix stupid, which is why we'll never there will never be a foolproof way of protecting systems but still allowing them to work. I've said before, I work in managed IT in the banking industry. If you had to pick an industry that you would want secure, that's probably high on the list. Unfortunately people are the weak link. I'd love to be able to just block all flash, Java, and ActiveX content but sadly business websites rely on them. Literally the only reason I've got Java on my computer is for my APC , iLo, and KVM's websites.

 

[PliotronX]

You can't fix stupid, which is why we'll never there will never be a foolproof way of protecting systems but still allowing them to work. I've said before, I work in managed IT in the banking industry. If you had to pick an industry that you would want secure, that's probably high on the list. Unfortunately people are the weak link. I'd love to be able to just block all flash, Java, and ActiveX content but sadly business websites rely on them. Literally the only reason I've got Java on my computer is for my APC , iLo, and KVM's websites.

It's disgusting how many critical programs require outdated runtimes. I was surprised that Cisco Identity Serivces Engine requires Flash to be installed along with Ubiquiti Edge RouterOS. UniFi requires Java as does Cisco ASDM. Then there's ADP Enterprise eTime requiring Java and I think Flash as well. QuickBooks installs Flash v11 if you are not paying attention.

 

[XavierMace]

Yep. Cisco's UCS manager requires Java as well.