[Ditch]

Genuinely asking for a friend .....

 

Seems he'd had this. They've locked up / 'encrypted' an entire manuscript of what was mean't to be his latest book. And about a million photographs. He reckons the FBI couldn't sort this one out.

 

Is he right?

 

Thanks for any opinions.

 

[Advertisements]

Hi Ditch,
 

Is he right?

Far as I know, there is no way to decrypt files encrypted by Locky, yet. Can I assume that he did not keep backups?

We are advising people who are affected by ransomware and do not plan on paying the ransom, that their best bet is to immediately image the drive before doing anything else since there is a possibility that in the future there might be a way to decrypt the files.

He may be in luck if System Restore was enabled on the computer since Windows creates shadow copies of your files from that point in time when the system restore snapshot was/is created and even though Locky will attempt to delete these shadow copies the infection is not always successful and there may be a small chance that he may be able to restore copies of those files using one of two methods.

The first would be with using Windows previous versions as follows:

• Right-click on the file then click on Properties.
• Select the Previous Versions tab.

This tab will list all copies of the file that have been stored in a Shadow Volume Copy and the date they were backed up.

The second method is by using Shadow Explorer.

Hope this small bit of information helps in some way. You can read more about Locky Ransomeware here.

Donna

[DonnaB]

Hi Ditch,
 

Is he right?

Far as I know, there is no way to decrypt files encrypted by Locky, yet. Can I assume that he did not keep backups?

We are advising people who are affected by ransomware and do not plan on paying the ransom, that their best bet is to immediately image the drive before doing anything else since there is a possibility that in the future there might be a way to decrypt the files.

He may be in luck if System Restore was enabled on the computer since Windows creates shadow copies of your files from that point in time when the system restore snapshot was/is created and even though Locky will attempt to delete these shadow copies the infection is not always successful and there may be a small chance that he may be able to restore copies of those files using one of two methods.

The first would be with using Windows previous versions as follows:

• Right-click on the file then click on Properties.
• Select the Previous Versions tab.

This tab will list all copies of the file that have been stored in a Shadow Volume Copy and the date they were backed up.

The second method is by using Shadow Explorer.

Hope this small bit of information helps in some way. You can read more about Locky Ransomeware here.

Donna

[Ditch]

Oh god .....  Thanks, Donna. And, if ye could see my eyes, right now? Ye'd see the truth behind it. [bleep]!!!! 

 

Now, I just need to rant and rave.

 

Okay. I'm working on another issue issue, on here, with another of ye excellent people. I now have to get back to that and hand over time.

 

Just completely gutted though that someone has, literally, snatched my mates book from him. And a life time of photo's? Dear god .....

[DonnaB]

Yes, Ditch. Very sad indeed. Hard to believe that there are those who walk amongst us that enjoy causing so much pain and suffering to the good peoples of the Earth for monetary gain. I call it blood money...

Your friend could have prevented this from happening. Give him a link to GeeksToGo and ask him to register as a member. We would be more than happy to educate him on the technique of safe computing with the hope that we can prevent this from ever happening again.

[DonnaB]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.