| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 143754 | 2017-04-02 05:09:00 | Ransomware questions | Tony (4941) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1433656 | 2017-04-02 05:09:00 | Hi All, The elderly father of a friend of mine has been hit with ransomware. Of course he has no backups, so is panicking somewhat at the thought of a $1000 payout. As I understand it his options are: Pay up. He is worried that the money will go but he won't get a fix, but my understanding is that that doesn't happen as it is not in the interests of the scammers to not perform as then everyone will just not pay. Go to a specialist to decrypt the files. I don't know what the likelihood is of success, or how much that would cost - but I'm guessing it is likely to be less than $1000. Format the drive and start all over again - but as I said he has no backups to recover his data - lots of family pics, family tree - all the usual stuff. Do nothing and chuck the PC in the skip - which I think he is inclined to do. I don't know how he got infected or what brand of ransomware it is, but all suggestions will be gratefully received. |
Tony (4941) | ||
| 1433657 | 2017-04-02 05:39:00 | Depends on what type of ransomware it is. To try and recover data, you can try running www.shadowexplorer.com The portable version works fine from a USB drive. You open a system restore point from the list and copy out the data. AGAIN though, depends on what the ransomeware actually is, that may be encrypted as well. It can also encrypt the USB drive so dont go using any hat have important stuff as they may need to be reformatted as well. If it were the scam lockout, that's easy to bypass, several ways. 7986 |
wainuitech (129) | ||
| 1433658 | 2017-04-02 05:49:00 | I really know nothing more than what I wrote. The old guy lives down country somewhere so I can't help him directly. His daughter (my friend) is more knowledgeable than he is, but I suspect she wouldn't want to be doing stuff by herself. My own opinion is that his best bet would be to find someone locally that he can pay to fix it. I'll ask her to get more info about what he is infected with. |
Tony (4941) | ||
| 1433659 | 2017-04-02 06:42:00 | Please please please don't suggest that he pay the ransom! :eek: | Greg (193) | ||
| 1433660 | 2017-04-02 06:55:00 | Please please please don't suggest that he pay the ransom! :eek:I certainly won't be pushing that solution and it would definitely be the last resort, but if he can't get the PC fixed and he wants all his files... | Tony (4941) | ||
| 1433661 | 2017-04-02 10:27:00 | there is a few ransomware crowds that take the money and don't unlock it, or ask for more etc. so no longer worth paying it. theres a few decrypt programs out now for some of them. |
tweak'e (69) | ||
| 1433662 | 2017-04-02 10:35:00 | there is a few ransomware crowds that take the money and don't unlock it, or ask for more etc. so no longer worth paying it. theres a few decrypt programs out now for some of them.Not delivering seems totally counterproductive to me. Asking for more on the other hand... Here's hoping what he is infected with is one of the solvable ones. I've asked my friend for more info. |
Tony (4941) | ||
| 1433663 | 2017-04-02 11:06:00 | If I had this problem I would make, say, 10 clones of the encrypted HDD, leaving the original machine as it is then try the various decryption programs offered by Kaspersky , ie Rakhni Decryptor, there are many others, to try and get the desired info off the affected machine, via 'cracking' the clones. That way all the original options are still available. |
zqwerty (97) | ||
| 1433664 | 2017-04-02 11:13:00 | If I had this problem I would make, say, 10 clones of the encrypted HDD, leaving the original machine as it is then try the various decryption programs offered by Kaspersky , ie Rakhni Decryptor, there are many others, to try and get the desired info off the affected machine, via 'cracking' the clones. That way all the original options are still available.I could maybe do that too, but remember this is an old technologically-challenged man who is going to be totally dependent on others to solve this for him. If he goes to a specialist that is what could possibly happen anyway. |
Tony (4941) | ||
| 1433665 | 2017-04-02 19:30:00 | Always get the comp posted to you (About $20/25) This place might be the best bet to ascertain whats going on www.nomoreransom.org |
Lawrence (2987) | ||
| 1 2 3 4 5 6 7 | |||||