PDA

View Full Version : Just got infected Crypto something



capilta
06-26-2013,
Have a customer's Dell W-7 machine. Brought in for corrupt OS. Had no access to internet, all browsers, OK CMD prompt.

Copied data, Doc, Pic, Downloads to External HD.

I use d7II and ran all programs and tests. Found a few problems but still no internet.

Used Dells system recovery Datasafe and restored to factory defaults on clean HD.

PC now OK. Did all MS updates.



Started to load the backup from the ext drive and saw a file "crypto_information.txt and "crypto_information.html.

Stopped doing any more transferring and tried to open a couple of files moved back to the PC.



Looks like "crypto whatever" was triggered, was probably on the external drive.

jpg's say "Invalid image"

.doc's say can't open xml file problems with the content.

.pdf's won't open, "...not supported or file damaged.



I ran the Eset scanner and it picked up 101 w32/filecoder's and quarantined. I then removed the quarantined files.



I tried uploading some files to the Fireeye Decryption Assistance and it said they were not "Cryptolocker files"



I now have the files on both the external and internal drives encrypted.



Do I have a chance for recovery?



Pete

capilta
07-04-2013,
I have advised our Security Colleagues who specialize in crypto malware ransomware with a link to this topic.

chloeross
07-12-2013,
Any chance you can restore the quarantined files and send them as samples to http://www.bleepingcomputer.com/submit-malware.php?channel=3?

Also can you please submit the "crypto_information.txt and crypto_information.html files to the same address above?

Is there any indication from your client how and when this started happening? Did they open an email attachment and it started?

chloeross
07-20-2013,
I'd be very interested in the outcome of this. Also recently was notified that a client of mine had their business network infected. Currently working with ESET to mitigate.