Are there any file extensions appended to your files...such as .ecc, .ezz, .exx, .zzz, .xyz, .aaa, .abc, .ccc, .vvv, .xxx, .ttt, .encrypted, .locked, .crypto, _crypt, .crinf, .XRNT, .XTBL, .crypt, .pzdc, .good, .LOL!, .OMG!, .RDM, .RRK, .encryptedRSA, .crjoker, .EnCiPhErEd, .0x0, .bleep, .1999, .vault, .HA3, .toxcrypt, .CTBL, .CTB2,
or 6-7 length extension consisting of random characters?
Is there any notice (message) which says something like..."Your files are locked and encrypted with a unique RSA-1024 key!
Did you find any ransom note
? These infections are created to alert victims that their data has been encrypted and demand a ransom payment. Check your documents folder for an image the malware typically uses for the background note. Check the C:\ProgramData (or C:\Documents and Settings\All Users\Application Data) for a randomly named .html, .txt, .png, .bmp, .url
These are some examples:
HELP_DECRYPT.TXT, HELP_YOUR_FILES.TXT, HELP_TO_DECRYPT_YOUR_FILES.txt
HELP_RESTORE_FILES.txt, HELP_TO_SAVE_FILES.txt, RECOVERY_KEY.txt, DecryptAllFiles.txt
DECRYPT_INSTRUCTIONS.TXT, INSTRUCCIONES_DESCIFRADO.TXT, How_To_Recover_Files.txt
DECRYPT_INSTRUCTION.TXT, HOW_TO_DECRYPT_FILES.TXT, ReadDecryptFilesHere.txt, About_Files.txt,
FILESAREGONE.TXT, IAMREADYTOPAY.TXT, HELLOTHERE.TXT, READTHISNOW!!!.TXT, SECRETIDHERE.KEY
IHAVEYOURSECRET.KEY, SECRET.KEY, Help_Decrypt.txt, HELP_DECYPRT_YOUR_FILES.HTML
YOUR_FILES.HTML, DecryptAllFiles_<user name>.txt, encryptor_raas_readme_liesmich.txt
DecryptAllFiles_.txt, RECOVERY_FILES.txt, help_decrypt_your_files.html, YOUR_FILES.url
Howto_RESTORE_FILES_.txt, RECOVERY_FILE.TXT, RECOVERY_FILE_.txt, restore_files_.txt
howto_recover_file_.txt, how_recover+[random].txt, _how_recover_.txt, recover_file_[random].txt
Note: The [random] represents random characters which some ransom notes names may include.
Did you or your anti-virus find any malware? These are common locations malicious executables related to ransomware infections may be found:
Once we have identified which particular ransomware you are dealing with, I can direct you to the appropriate discussion topic for further assistance.
Please read section
in How Malware Spreads - How your system gets infected
which explains the most common methods Crypto malware
and other forms of ransomware is typically spread and delivered