Options
HELP!!! Friends files held to ransom!!!!
DaisyBumbleroot
Posts: 24,763
Forum Member
✭✭✭
My friend has just posted this up n facebook
I've had at least six months worth of irreplaceable work, family photos, and film, encrypted by someone who's trying to extort a paltry £100 out of me to unlock my work.
The work is genuinely encrypted and needs a key to unlock it rather than simply wiping a virus. Is there anyone out there with the abilities to sort this?
If i thought for a second that the person in question would actually follow through i would happily pay the money as to me most of this material is priceless.
Any help, leads, advice or experience would be hugely appreciated.
Anyone have a clue at all please?!
I've had at least six months worth of irreplaceable work, family photos, and film, encrypted by someone who's trying to extort a paltry £100 out of me to unlock my work.
The work is genuinely encrypted and needs a key to unlock it rather than simply wiping a virus. Is there anyone out there with the abilities to sort this?
If i thought for a second that the person in question would actually follow through i would happily pay the money as to me most of this material is priceless.
Any help, leads, advice or experience would be hugely appreciated.
Anyone have a clue at all please?!
0
Comments
In my mind the person who did this had direct access to the computer, which means your friend knows them in person.
Sorry, I can't offer much advice.
Edit - I'm mistaken it seems:
http://www.net-security.org/malware_news.php?id=945
Whatever your friend does, DO NOT let them pay, as it is completely BOGUS.
On another PC, download Avira Rescue CD and burn it to disk. Load it into the CD drive of the affected PC.
At startup you should see an option to select boot options. It usually varies from manufacturer to manufacturer. Once you see what this is, press the correct key once and you will be given the options of what to boot from.
Select the option that allows you to boot from the CD/DVD drive.
Avira should then load. Before you do anything else, make sure you update, by choosing the update tab. This will allow the utility to scan for all the latest threats out there.
You will then want to scan the PC and let it run until it has completed. A few items in red will appear in the status window, and the time it takes will depend on how much malware is present on the PC and how much data resides on it (a lot, by the sounds of it).
Once this has completed, quit Avira rescue CD and reboot, tapping F8 repeatedly until you reach a dialogue consisting of booting into Safe mode, Safe mode with Networking and Safe mode with command prompt.
Choose Safe Mode with Networking.
Log in once Windows allows you to, into the Administrator account of the machine. After the desktop has fully loaded up, open Internet Explorer. (The encryption malware should now no longer be present and should not appear; if it does then you may need to re-run the Rescue CD).
Go to Google and search for Malwarebytes free version (I usually use the one from C-net) and download it. Install the program and allow it to check for updates.
You should then see the main menu. Select 'run full scan'. Allow this to run. Anything left over should be detected and removed. Ensure that all traces have been removed and reboot back into Windows.
You should now be free of this malware. Hope this helped...
That might get rid of a message, but they maintain the work is genuinely encrypted. If the second post is to be believed, it's one tough nut to crack.
There's a tool that might help issued by Kaspersky
http://support.kaspersky.com/1809
Either way it looks like a major pain in the proverbial.
I hope the Kaspersky tool can help rectify the issue if it has genuinely been encrypted.
Check back here before if you're not sure if any of the info you find is genuine. And give your friend a slap for not having their 'irreplaceable data' backed up. There's no excuse nowadays.
Will people never learn?
If the data was that important you'd have thought they would have backed it up so that in the event of a virus, burglary, hardware failure etc they still have it.
Maybe their backup is encrypted as well, what if the OP's friend has done a recent backup before they knew of the problem?
He'd had a PC repair guy out who got rid of the virus ok, but yep, the files are deffo encrypted.
im not sure if he managed to get his stuff back, ive not spoken to him. I will come back and let you know - thanks for the replies.
that one does infact actually include images of juvenile porn too. terrifying.
That is terrifying, I suspect most of us would rather do time than be accused of something like that.
It's interesting innit. like if it came up on a shared family computer, for example, how many parents or husbands or wives would pay to cover it up.
And yes, these scams have been doing the rounds in one form or another for ages, they rely on fear, knowing that many perfectly innocent people will pay up rather than have the finger of suspicion pointed at them.
The Met Police variant claims it is an online fine. Wonder how many people pay up and think they have to declare it under the Convictions section of applications for social work, teaching or nursing jobs?
You should backup as regularly as possible, and also archive older backups if possible. In this case it may be that the regular recent backup is affected, and the last archive backup is six months ago, which realistically is an acceptable level of backup. It's what I do.
I can't help this issue, but my advice for anyone in the future is to run anti virus and malewarebytes before the regular backup.
This is a sad situation. (Find a virus-maker and shake them warmly by the throat.)
Nastier because if you put something that nasty on a computer many people won't take it to a computer expert to fix it either. The problem of course is that the crooks won't take it off for the money, but will use the credit card details to empty the account credit. About time someone got on top of this at the security or the credit card ends of the problem.
It's relatively easy to do a lot about credit card fraud especially online but the banks are willing to accept fraud rather than make transactions more difficult. One measure that would really cut fraud would be if we could opt in that our credit card could only be used routinely for deliveries to our home address.
I'm going slightly off topic here, but that would only work where you are using the credit card to buy a physical product. What if you want to use your credit card to pay for a service (subscription TV, car service, etc), or a product that isn't physically delivered (e.g. digital music).
If you do the backup correctly you copy the files and only replace duplicates, any encrypted files wouldn't be duplicates, they would be different as the encryption would change the file size and hash. The same goes for an online backup, it would store the encrypted files as duplicates.