Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Russian Locky Virus ....? [Solved]


  • This topic is locked This topic is locked

#1
Ditch

Ditch

    Member

  • Member
  • PipPip
  • 43 posts

Genuinely asking for a friend .....

 

Seems he'd had this. They've locked up / 'encrypted' an entire manuscript of what was mean't to be his latest book. And about a million photographs. He reckons the FBI couldn't sort this one out.

 

Is he right? :huh:

 

Thanks for any opinions.

 


  • 0

Advertisements


#2
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 7,501 posts
Hi Ditch,
 

Is he right? :huh:

Far as I know, there is no way to decrypt files encrypted by Locky, yet. Can I assume that he did not keep backups? :(

We are advising people who are affected by ransomware and do not plan on paying the ransom, that their best bet is to immediately image the drive before doing anything else since there is a possibility that in the future there might be a way to decrypt the files.

He may be in luck if System Restore was enabled on the computer since Windows creates shadow copies of your files from that point in time when the system restore snapshot was/is created and even though Locky will attempt to delete these shadow copies the infection is not always successful and there may be a small chance that he may be able to restore copies of those files using one of two methods.

The first would be with using Windows previous versions as follows:
  • Right-click on the file then click on Properties.
  • Select the Previous Versions tab.
This tab will list all copies of the file that have been stored in a Shadow Volume Copy and the date they were backed up.

The second method is by using Shadow Explorer.

Hope this small bit of information helps in some way. You can read more about Locky Ransomeware here.

Donna :)
  • 0

#3
Ditch

Ditch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

Oh god .....  Thanks, Donna. And, if ye could see my eyes, right now? Ye'd see the truth behind it. [bleep]!!!! 

 

Now, I just need to rant and rave.

 

Okay. I'm working on another issue issue, on here, with another of ye excellent people. I now have to get back to that and hand over time.

 

Just completely gutted though that someone has, literally, snatched my mates book from him. And a life time of photo's? Dear god .....


  • 0

#4
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 7,501 posts
Yes, Ditch. Very sad indeed. Hard to believe that there are those who walk amongst us that enjoy causing so much pain and suffering to the good peoples of the Earth for monetary gain. I call it blood money... :(

Your friend could have prevented this from happening. Give him a link to GeeksToGo and ask him to register as a member. We would be more than happy to educate him on the technique of safe computing with the hope that we can prevent this from ever happening again.

:)
  • 0

#5
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 7,501 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP