Addressing encryption viruses (Locky,Coinvault etc.)

Addressing encryption viruses (Locky,Coinvault etc.)

For a long time, clients come with the same problem. Locked files from different versions Ransomware.

The problem has existed for 5 years at least with several versions, others with little impact and others that cause immense destruction in a computer file. Especially where there is a rudimentary backup, then the problem is devastating. The size of the file corruption may be up 100% in most cases.

figure4Problem description

The ransomware is an application that comes as an attachment to an e-mail. Most experienced users perceive, but when the job this double click runs is instinctively. I have seen e-mails more insidiously.

Once you choose the attached zip format. jpeg, pdf, doc etc., begins to encrypt files and rename them with different endings.(.locky, .zzzzz, etc.). Our files are now encrypted and if there is no backup, then we lose.

Manufacturers seeking ransom to unlock your files from 2000 € and above depending on the version of ransomware.

After what we do ; There is a solution ;

The first move is to get the virus from our computer, There are many articles on, but our experience on the subject says that proper deletion will become a good antivirus (Paid), do not expect free versions make sense. The first steps are important especially if you have no backup, so that we can stop the process of encryption as we can. You can download a trial version of course without cost here (Kasperksy Internet Security). Once clean our PC Antivirus, go to the next step which is restoring our files.

restore options

fig-1-volume-shadow-copy-service-used-to-restore-previous-versions-folderWindows has the Shadow Copy, which practically previous versions of our files. This feature of course by default keeps a very small number of copies of the sense of space come through. If you right-click on any folder or file you'll see Previous versions (greek Windows) Previous versions or (English Windows). By choosing, It opens up a window as shown in the next photo. A good program for this function can be downloaded from here (Shadow Explorer), It will help you especially to recover previous versions.

Many times the above function will be unavailable, so what we can do is to lower various tools decryption. Unfortunately the virus evolves and these tools do not help, nevertheless lost good records to keep, maybe in the future lead to new versions.

The first is the Trend micro and can be downloaded from here .

The second is a set of decryptors of Kasperksy, which assumes that you know which version you have. Drivers will find that there are ways of recognizing. Read more here

Summary

Unfortunately or fortunately the Internet is moving very fast and many users without the necessary familiarity in the subject of e-mail, They are faced with many problems. Preventive think that a good Antivirus (Paid) It will save many times from such problems. Seeing and many businesses small or medium to large volume files without rudimentary backup, An external hard drive is enough, because of course that made periodic use and are not permanently connected to the computer, We would lose files and from there.