Help!!!!!!! All my files have been encrypted.

Forums › Desktop computing › Help!!!!!!! All my files have been encrypted.

RickW

298 posts

Ultimate Geek

#166256 7-Mar-2015 16:58

I just tried streaming a tv show from my file server but it wouldn't stream.

I log into the server and all the drives are encrypted. There is a txt file on the desktop named "important to read" that states

"Hello there. Your documents, files, pictures, etc, etc etc is in safe place. If you want to regain access to your local disk, all your files, documents, etc please send 2 BTC (Bitcoin) to this address: [removed] as fast as you can and email me at [removed] If you dont know what bitcoin is, search on google for a local Bitcoin shop and transfer 2 BTC to this address: [removed]

Please note: Do Not hesitate to contact me soon when you see this message for your safety. Do no try to recovery your data files or restore windows because you risk to damage your hard disk and never you can get back your documents. Here are only one way to regain access to your local hard disk drive and this way is to send 2 Bitcoin to this address: [removed]

Waiting for your reply to my email address ( [removed] ) if you wanna get the bitlocker password. Thanks"

Can anyone help. All of my photos are on the hdds and I need to get them back.

[Moderator edit (MF): removed all references to email and Bitcoin addresses]

1 | 2 | 3 | 4

BDFL - Memuneh
79061 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#1252829 7-Mar-2015 17:08

See if any of this helps:

If you use the second option you might have to follow instructions to cleanup your PCs to make sure it doesn't happen again.

Other than this backup, backup, backup. And not cloud (Google Drive, OneDrive, Dropbox) but real backup (Crashplan).

Tradepub

Free professional, reference and technical white papers (affiliate link).

RickW

298 posts

Ultimate Geek

#1252836 7-Mar-2015 17:23

Im looking at that website, I can't upload any files as I cannot acces any of the hdds. When I click on one of the hdds I get a pop up asking for my bit locker password.

Lias

5575 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#1252838 7-Mar-2015 17:30

Most likely, you will have to pay the ransom or write off those files and restore from backups.

You do have backups right?

I'm a geek, a gamer, a dad, a Quic user, and an IT Professional. I have a full rack home lab, size 15 feet, an epic beard and Asperger's. I'm a bit of a Cypherpunk, who believes information wants to be free and the Net interprets censorship as damage and routes around it. If you use my Quic signup you can also use the code R570394EKGIZ8 for free setup.

sonyxperiageek

2955 posts

Uber Geek

Trusted

#1252840 7-Mar-2015 17:32

Just wondering, if you have files on a cloud storage e.g OneDrive, if Cryptolocker encrypts those files saved on the PC (that are linked to OneDrive), will they still open on OneDrive?

Sony

RickW

298 posts

Ultimate Geek

#1252842 7-Mar-2015 17:36

I have 2 hdds offsite from a backup I did 6 months ago. my current backup drive for the new photos/home movies was in the system when I was infected and it was encrypted too. I was doing a backup last night and didn't unplug it this morning. :-(

RickW

298 posts

Ultimate Geek

#1252843 7-Mar-2015 17:37

No I don't use any cloud services for backup

RickW

298 posts

Ultimate Geek

#1252844 7-Mar-2015 17:37

If I pay will I get my files back?

Lias

5575 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#1252846 7-Mar-2015 17:41

RickW: If I pay will I get my files back?

Almost certainly yes.

paulspain

417 posts

Ultimate Geek

Trusted

Lifetime subscriber

#1252847 7-Mar-2015 17:42

There is no guarantee you'll get your files back if you make the payment. But without backups if you can't decrypt the drive on your own you may be stuck for choices if you really value your data.

geocom

593 posts

Ultimate Geek

Subscriber

#1252851 7-Mar-2015 17:52

sonyxperiageek: Just wondering, if you have files on a cloud storage e.g OneDrive, if Cryptolocker encrypts those files saved on the PC (that are linked to OneDrive), will they still open on OneDrive?

Depends. If you let onedrive sync the files to the cloud then those files would become encrypted.

It has to sync everything back to the cloud so there would be every chance that you could stop it depending on how much you have in your one drive and your internet upload speed and how soon you catch it.

I will add that Microsoft may have backups and if you have another computer that is off and isolate it then you will have a safe copy there.

Geoff E

RickW

298 posts

Ultimate Geek

#1252857 7-Mar-2015 17:55

C: dosnt appear too of been touched only the other drives which have been fully encrypted.

michaelmurfy

meow
13197 posts

Uber Geek

Moderator

ID Verified

Trusted

Lifetime subscriber

#1252861 7-Mar-2015 18:14

Just out of interest what software is the server running and what ports were exposed to the internet?

Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

DravidDavid

1907 posts

Uber Geek

#1252871 7-Mar-2015 18:28

michaelmurfy: Just out of interest what software is the server running and what ports were exposed to the internet?

Definitely interested in this too.

That ransom letter does not seem to be part of the norm. It seems quite personal somehow. The ones I usually see appear quite generic in comparison. This kind of worries me.

Did you download anything in particular? Did anyone else connected to your network download anything recently within the last few days to a week or so?

Batman

Mad Scientist
29691 posts

Uber Geek

Trusted

Lifetime subscriber

#1252874 7-Mar-2015 18:37

goodness golly!

PoHq

465 posts

Ultimate Geek

#1252911 7-Mar-2015 19:36

michaelmurfy: Just out of interest what software is the server running and what ports were exposed to the internet?

Plus one on this. Probably not the OP's primary concern right now but I'm keen to know if the default ports were used. Also a run down of what security was in place they managed to get through.

1 | 2 | 3 | 4