-
January 2nd, 2017, 01:43 PM
#1
[Inactive] files are encrypted with rsa 2048 and AES 128 cyphers!
I am a total newbie to this process so be gentle. Believe infected on 12/25/2016. tried to transfer files to external drive, all files corrupted. is there any way to correct or is my laptop fried?
-
January 2nd, 2017, 02:35 PM
#2
First, you need to remove the malware from your system. After that there are some free tolls that may be able to decrypt the files. If you do get your files decrypted, then it is time to start a regular backup program for future protection.
Our resident malware removal expert will be along to assist you in removing the malware.
Decryption links:
https://noransom.kaspersky.com/
http://www.zdnet.com/article/remove-...se-free-tools/
-
January 2nd, 2017, 02:57 PM
#3
Osiris ransomware
Originally Posted by rosemaryholt
I am a total newbie to this process so be gentle. Believe infected on 12/25/2016. tried to transfer files to external drive, all files corrupted. is there any way to correct or is my laptop fried?
I believe the ransomware is Osiris, if that helps.
-
January 2nd, 2017, 09:53 PM
#4
-
January 3rd, 2017, 10:34 AM
#5
Originally Posted by Broni
looks like saving the encrypted files and waiting for a solution is my only option.
Thanks for your help.
-
January 2nd, 2017, 09:52 PM
#6
For whatever reason I can't post my reply here.
When I do I'm getting this error:
Sadly, you’ve reached a page that can’t be displayed.
We’ve logged this action, so we are aware there is an issue!
At this time, please hit your browser’s back button or simply close this page!
The incident ID is: N/A.
-
January 3rd, 2017, 10:27 AM
#7
EDIT: I was able to post the following without error:
Any files that are encrypted with the Locky (.Osiris) ransomware variant will be renamed with random alpha-numerical characters and have the .siris extension appended to the end of the encrypted data filename (i.e. 11111111--1111--1111--FC8BB0BA--5FE9D9C2B69A.osiris) and leave files (ransom notes) named DesktopOSIRIS.bmp, DesktopOSIRIS.htm, OSIRIS-[4_numbers].htm, OSIRIS-[4_numbers].htm as explained here.
Unfortunately, there is no known way at this time to decrypt files encrypted by Locky variants regardless of the extension without paying the ransom.
There is an ongoing discussion in this topic where you can post comments, ask questions and seek further assistance. Other victims have been directed there to share information, experiences and suggestions.
Locky Ransomware (Zepto) Support and Help Topic - _HELP_instructions.html
When or if a solution is found, that information will be provided in this support topic and you will receive notification if subscribed to it. In addition, a news article most likely will be posted on the BleepingComputer front page.
Rather than have everyone with individual topics, it would be best (and more manageable for staff) if you posted any more questions, comments or requests for assistance in the above support topic discussion...it includes experiences by experts, a variety of IT consultants, end users and company reps who have been affected by ransomware infections. To avoid unnecessary confusion, this topic is closed.
If you're happy and you know it......it's your meds.
-
January 3rd, 2017, 10:20 PM
#8
If you don't have any recent healthy backup that would be your only option.
I'm sorry.
@Steve
Possibly some links in my quote were triggering some board security.
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|