Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Files on server appear to be encrypted


  • Please log in to reply
7 replies to this topic

#1 Kilroy99

Kilroy99

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:38 PM

Posted 04 October 2013 - 01:21 PM

However, I haven't found the computer that might have been the original culprit so I don't know exactly what I'm dealing with. The server itself isn't infected with a virus, just the files are now encrypted. I've used the xoristdecryptor and rectordecryptor but they don't seem to recognize the files. is there any hope of uncorrupting/undecrypting these files? some there are no backup for.



BC AdBot (Login to Remove)

 


#2 Kilroy99

Kilroy99
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:38 PM

Posted 04 October 2013 - 04:47 PM

If it helps, the "virus" or whatever seemed to leave .pub files alone. It also changed the date of the folder that the files were in, but not the date of the actual files. the files get a LOT bigger, and the file names and extensions stay the same.



#3 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:38 PM

Posted 04 October 2013 - 05:26 PM

Hello Kilroy -

Without you saying it, there seems to be a form of Ransomware infection involved.

Are you able to list the version that is causing you problems, it should be on the computer screens.

 

Once we know this, we can direct you a bit better for help.

 

How many computers are involved in the system ?

 

Thank You -



#4 Kilroy99

Kilroy99
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:38 PM

Posted 04 October 2013 - 06:23 PM

There are around 50 computers and I'm not sure which one is the culprit yet. And I noobed out and replied by way of the "report" button on your post without looking. So I reported you... sorry! Sorry Admins. It's been a long and possibly career-ending day.

 

Mod Edit: The text contained in Kilroy99's accidental report button press was:

 

"That's the problem, I haven't found the infected computer. I spent all day looking for ways to repair the server files which, apparently is impossible.

I was reading that some of these change the owner name to that of the infected computer. I'm going to check that now. It may be a matter of paying the ransom to save my job at this point!"


Edited by Platypus, 04 October 2013 - 06:54 PM.


#5 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:38 PM

Posted 04 October 2013 - 06:59 PM

It may be a matter of paying the ransom to save my job at this point!"

This is not an option, as there will often never be a decryption code given, and you are still infected !!!

 

How to Remove Ransomware - This is one of the better methods -

 

Common Ransomware Threats

 

Many computer users encounter the following threats:
- FBI MoneyPak ransomware (Citadel Reveton)
- EUROPOL virus
- U.S. Cyber Security ransomware
- West Yorkshire Police Ukash
- Internet Complaint Center (locks computer)


Edited by noknojon, 04 October 2013 - 07:36 PM.


#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,503 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:38 PM

Posted 04 October 2013 - 10:33 PM

If you open an encrypted word or excel file, do you see a message or does it just not open with a corrupted file message?

#7 Kilroy99

Kilroy99
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:38 PM

Posted 05 October 2013 - 05:48 AM

no message, just a windows from the app saying "File Conversion: and then a sample of the text in the document that is all garbage.



#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,503 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:38 PM

Posted 05 October 2013 - 10:12 AM

My guess is this is Cryptolocker, but without seeing the infection files hard to tell.

Can you setup wireshark on your network to see which is causing the most traffic? Also, an old tried and true test is to look at the switch and hub and find the ports that are constantly flickering on their network traffic led. You can then examine those machines to see if they are the infected ones.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users