Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Files encrypted by Locky, but no virus detected on computer


  • This topic is locked This topic is locked
1 reply to this topic

#1 r4nd0mt4sk

r4nd0mt4sk

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:29 AM

Posted 09 June 2016 - 03:19 PM

Hello all, this is my first post on your forum,

 

This is a new one for me.  The receptionist at the company I work for appears to fallen victim to a Locky attack.  It encrypted her DropBox account completely, (including somehow the previous versions, if you try to restore in the DropBox web gui, it just restores the same .locky file but with the date of the restore).

 

Now here's where it gets weird, it encrypted *some* of the files on the computer itself.  All the files affected have time stamp of between 10:30am and 10:32am.  For example, only 2 files on the desktop were encrypted, and just over half of the images in the "my pictures" folder were encrypted.  Some of the files in a network mapped drive were encrypted, but relatively few.

 

She didn't discover the issue until yesterday (13 days later), so the program had at least 13 days to run, but it didn't complete.  I pulled the computer from the network and ran the latest version of MalwareBytes and it didn't detect a *single* bit of malware, let alone Locky.

 

I pulled up the security camera footage of the reception area for that day and watched around the time that the local files were encrypted, and didn't see any unusual activity.  The footage isn't clear enough to tell exactly what she was doing, but it looked like mostly web browsing.

 

So the question is, how could select local files on a computer, the entire DropBox, and select files on a share drive be encrypted, but no sign of the virus on the computer itself?  Her computer is the only computer on the Dropbox account, and the laptop is not sharing any local folders over the network.

 

Computer is a Microsoft Surface Book running Windows 10 x64 Pro.

 

I'm stumped, any ideas are welcome.

 

Thanks!

 

-M@

 

 



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,954 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:29 AM

Posted 09 June 2016 - 05:10 PM


A repository of all current knowledge regarding Locky Ransomware is provided by Grinler (aka Lawrence Abrams), in this topic: Locky Ransomware Information, Help Guide, and FAQ

There is an ongoing discussion in this topic where you can ask questions and seek further assistance.Rather than have everyone with individual topics, it would be best (and more manageable for staff) if you posted any more questions, comments or requests for assistance in the above support topic discussion...it includes experiences by experts, a variety of IT consultants, end users and company reps who have been affected by ransomware infections. Doing that will also ensure you receive proper assistance from our crypto malware experts since they may not see this thread. To avoid unnecessary confusion, this topic is closed.

Thanks
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users