The only reason the cryptolocker ransomware is so effective is because they honor every transaction and unlock your data. The malware itself is relatively easy to remove, but the encrypted files are the lasting effect.
Chris Wright Network Administrator From: Af [mailto:af-boun...@afmug.com] On Behalf Of Adam Moffett Sent: Friday, September 30, 2016 7:49 AM To: af@afmug.com; af@afmug.com Subject: Re: [AFMUG] OT: Ransomware The ransomware is still on the computer after you pay the ransom, right? So the only way to stop them from hitting you again when they're hard up for cocaine money is to invest a lot in IT fixes anyway. Same problem, except if you pay the ransom maybe you get your data back. But paying the ransom also encourages them to keep doing it to other people, and maybe contributes to the ongoing problem. I guess it comes down to whether you have enough of it backed up. ------ Original Message ------ From: "That One Guy /sarcasm" <thatoneguyst...@gmail.com<mailto:thatoneguyst...@gmail.com>> To: "af@afmug.com<mailto:af@afmug.com>" <af@afmug.com<mailto:af@afmug.com>> Sent: 9/30/2016 9:54:35 AM Subject: Re: [AFMUG] OT: Ransomware the ransoms are relatively cheap if youre not a targeted corportation, running between 150 and 8The amount of work stoppage and time investment alot of people put into this exceeds the ransom anyway On Fri, Sep 30, 2016 at 8:42 AM, Ken Hohhof <af...@kwisp.com<mailto:af...@kwisp.com>> wrote: FireEye was providing a decrypt tool for the original Cryptolocker but likely you are out of luck. Find a backup, pay the ransom, or kiss your data goodbye. From: Af [mailto:af-boun...@afmug.com<mailto:af-boun...@afmug.com>] On Behalf Of Jason McKemie Sent: Friday, September 30, 2016 1:26 AM To: af@afmug.com<mailto:af@afmug.com> Subject: Re: [AFMUG] OT: Ransomware Depends on the ransomware. I found a decryption tool for my mom's computer when she managed to get it infected - depends on the particular flavor I'm sure. I think this one had .crypt or .crypted extensions on all the files. I did need an copy of one of the encrypted files prior to the infection for the program to do its job though. On Fri, Sep 30, 2016 at 12:14 AM, Travis Johnson <t...@ida.net<mailto:t...@ida.net>> wrote: Hi, One of our office computers was just infected with "ransomware". It has encrypted all the files on that computer, plus many files on a server that computer was connected to. Any ideas or suggestions on the best way to try and fix/remove this crap and unencrypt all the files? Travis -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team.
