Cryptolocker attack

Firblog

Small business has been hit with the cryptolocker virus, shared folders encrypted, no option but to pay the ransom.


How do you go about buying the bitcoins to pay them off?

petes

Would you not be better off getting the virus removed rather than funding them?

Cuddlesworth

petes wrote: »

Would you not be better off getting the virus removed rather than funding them?

Depending on the virus, some of them are unremovable until payment is made. You should instead question how it populated into the business.

OP, is it cryptolocker or something similar?

yoyo

petes wrote: »

Would you not be better off getting the virus removed rather than funding them?

Cryptolockers encrypts the files, only choice (without external backup) is to pay for decryption key

Nick

industrialhorse

If it is a business, small or large, then it would be very amateur of them to not have backed up the files to tape or cloud!!

gouche

To answer the OP's initial question: You'll need to buy Bitcoins off a Bitcoin exchange. MtGox was the most popular but don't think that's trading any more.
Not sure myself of any other reputable exchanges - I'm sure someone will let you know though.

Edit: Here's a list of places you can buy Bitcoin from. I can't speak on the safety or ease of doing business of any of these though - quick Google search should sort you out.

Firblog

They had raided the data drive incase of HDD failure, a full backup to NAS in another building every friday, and using shadow copy for backups of the files incase of ppl deleting folders by accident etc. Only problem they had was shadow copies overwrote after 3 days due to the amount of data involved.
Virus hit on friday afternoon (so files were overwritten on NAS that night), no one looked for outside help until Tuesday, shadow copies were overwritten with encrypted files by then.

Cheers Gouche for the info, was hoping someone could actually reccommend a place to purchase like MtGox.. what's the story with the bitcoin ATM in Dublin? Is it operational? Could that be used?

Dulchie

There s just a possibility that previous versions of the affected files may be recoverable using a program called Shadow Explorer

see http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information for more details. This will only succeed if cryptolocker has not managed to encrypt the previous versions.

munkus

Friend had a variant of this, cryptodefence, on his office PCs. Thundering cnut of a virus. Have read that even after paying you may not get the right key back.

Same happened with local and network share file encryption but was able to remove virus and restore server files from backups. Local PC files came back with previous version and then a system restore.

industrialhorse

I had a strange dream the other night that my laptop made a weird beeping noise then it sounded like the hard drive crashed and then BAM!! cryptolocker or something equivalent took control of the laptop and I suddenly couldnt access any files. Thank f*ck it was only a dream but it has still spurred me into action and so I'm going to back everything up to MEGA or maybe invest in a cheap 250GB external drive (yes my bloody laptop only has 250GB of hard disk space and its quickly running out of space thanks to legit downloads!!):o

Mr. G

I got a 1TB external hard drive on Amazon for ~£50. For the sake of your sanity, it would be no harm to get one.

Did the majority of you people get them through email?

Dulchie

Why not try an Irish based supplier you can get a 1 TB drive delivered for just over €70.

Be sure to disconnect the external drive when the backup is complete.

Cryptolocker can encrypt files on external hard drives if they are connected to the computer.

Firblog

Well they've decided to not pay to have the files decrypted.. are going to trawl through emails etc to recover as much as they can, hopefully they'll not be missing too much.

Lessons learned, new backup, security and user training protocols being put in place.

Dulchie

Have you tried Shadow Explorer ?

Firblog

Will give it a go, cheers