Andy2017

Ransomware help

Recommended Posts

Hi, its started this morning when i tried to open an excel file. it was saying "format or file extention not valid" and this for all my excel files. then all my photos are getting unviewable for the same error message. my files are still there but cant open it.
i did a malware scan and Malwarebyte found " malware ransom agent generic" its now in quarantaine. i read that was possible to recover files encrypted but as i can see all ransomware change the extention of the files.  however my files kept all the original extention. exemple the file name will be "excelfiles.xlsm" and not something like "excelfiles.xlsm.mp3..." so i dont know which tool should i use to decrypt my files :( those are really important files since im photographer and my married wants to get their photos... please anyone help me 

Capture.PNG
Download Image

Capture 2.PNG
Download Image

Capture.JPG
Download Image

Share this post


Link to post
Share on other sites

If you go to "Ransomware FirstAid" forum here.  The first stickied post at the bottom mentions "Ransom ID" website.  Once you're there, you need to upload an encrypted file and an original file.  For example, take .dll of a program or picture you have the original of.  If you have the same version of excel.exe somewhere else, upload the encrypted excel.exe, and the regular excel.exe.

Hopefully this tells you at least what you're dealing with.

Share this post


Link to post
Share on other sites
4 hours ago, bruticus0 said:

If you go to "Ransomware FirstAid" forum here.  The first stickied post at the bottom mentions "Ransom ID" website.  Once you're there, you need to upload an encrypted file and an original file.  For example, take .dll of a program or picture you have the original of.  If you have the same version of excel.exe somewhere else, upload the encrypted excel.exe, and the regular excel.exe.

Hopefully this tells you at least what you're dealing with 

thank you for helping me. I can't see the post you are taliking "Ransom ID" website on the Ransomware FirstAid" forum so where can i upload those 2 files? thank you 

Share this post


Link to post
Share on other sites

It's stickied in this forum you're posting in :P

Here

At the bottom, fabian mentions the ID place.  Sorry I wasn't clear to begin with.

 

I am currently dealing with my own ransomware atm too.  There's not a decrypter for it yet since it's new.  So I am using Easus Data Recovery Wizard.

I've had it for a long time, so I can't tell you where to get it.  Basically, you choose your drive and select "Complete Recovery" I think.

It will take a very long time to scan.  After it is done you pick a partition to recover.  It will always be the one with the most number of files listed.  And be sure not to check the $MFT box.

The results will look confusing at first.  But you should see a folder that says, "Lost Files" or "Lost Files 2".  Now, in these you should/hopefully/maybe find your original files, along with their encrypted counterparts.  Which is a pain.

You will have to meticulously go through each and every file you want recovered and check it.  Then Recover it by picking a place to send the recovered files to.

Good Luck.

Share this post


Link to post
Share on other sites

Hi Andy2017,

Going off the information you provided, you were infected with PCLock. Unfortunately, PCLock ransomware is not decryptable. Your best bet is to wait for a solution that may happen at some point if you don't want to pay (I suggest not, if possible). bruticus0's suggestion of Easus Data Recovery is a good one, but I do not know how effective it will be.

A good backup procedure is very important and well worth the investment. As a note, Emsisoft Anti-Malware would have prevented your system from being compromised and encrypted in the first place. If you're interested, why not do yourself and your files a favour and check our product out, and consider buying it.

Regards,

Sarah

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.