ENAMBHATKAR

ZZZZ VIRUS HAS INFECTED...ITS A CRYPTOWARE...ALL PICTURES ARE ENCRYPTED ..PLEASE HELP

Recommended Posts

Hello,

TYPING IN ALL CAPS is poor netiquette. It is the equivalent of shouting and is considered rude.

"ZZZZZ" is a Locky ransomware variant:

http://www.bleepingcomputer.com/news/security/new-locky-version-adds-the-zepto-extension-to-encrypted-files/

Unfortunately Locky is one of the ones that uses a secure encryption on the files, and the private key to decrypt them can only be obtained by paying the ransom. Currently, there is no reliable way to recover files encrypted by Locky.

If you take your computer to a computer repair place for assistance, then you can let them know the following (they should understand what it means):

Locky deletes Volume Shadow Copies to prevent people from using ShadowExplorer to find backups of the files that were saved automatically, however it doesn't do this securely. There have been reports of people being able to use a file undelete utility such as Recuva to undelete the old Volume Shadow Copies, and then use ShadowExplorer to recover files, however this isn't necessarily straightforward to do (the computer will need to be running from a bootable disk to have write access to the "System Volume Information" folder, or the hard drive will need to be connected to another computer), and even if you can recover the old Volume Shadow Copies the odds of there being backup copies of important files in them are low, to begin with. That being said, it's probably still the best chance for recovery any of the files without paying the ransom.

Share this post


Link to post
Share on other sites

sorry to type in capitals....so, unfortunately, u mean that I cannot resolve my problem sir.....(80F9EFD9-55E0-CBC9-7DEB-7CC68D2BE27C.zzzzz) my files become like this dear sir with (.zzzzz)extension....as I read the article you mentioned the files have(.zepto) extension....maybe this can help me....please advice me.

 

and if at all recuva and shadow explorer are the only options then please help me how to use them...dear sir

 

thank u

Share this post


Link to post
Share on other sites

Zepto is the same family of Ransomware.  Locky uses several different extension names but the end result is the same, files that cannot be decrypted without paying the ransom.

Share this post


Link to post
Share on other sites

yes sir...i truly agree with you...as you said then the only solution is recuva software recovery process first and then using shadow explorer to recover the files...can you please tell me these steps...sir please help me....i dont want to pay any ransomware...its like tge cyber criminals victory and we encourage them to attack to more victims...

Share this post


Link to post
Share on other sites

You will need to look at Recuva's help file.  ShadowExplorer is a god program for recovering shadow copies.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.