Ransomware question!

[Korobo]

Hello! I've registered in your forum to ask question about .sh1t ransomware. No joke, virus changed all files extensions at my work laptop to .sh1t (with i) . And now it claims 2 BTC for decryption tool. I'm not ready and not eager to pay hackers so I've tried to cope with this problem by myself. So I've read bleeping computer, this guide and used ShadowExplorer, Recuva and TrendMicro decrypt tool. But unfortunanetly no help from all this methods...
So I want to ask you if it is any chance for me to get my files back without paying virus developers? Because my work can't wait.
Thank for your reply's.
p.s. i've also read this topic - http://forums.windowscentral.com/ask-question/414960-ransomware-what-does-do.html?mn_qa=1
but no answer there...

 

[jmshub]

Hi Korobo and welcome to our message board.

I am lucky to have never had to deal with ransomware first-hand. This is definitely a problem, and it's made worse by the fact that if the developer of the virus does everything right, it is extraordinarily difficult to reverse on your machine.You're talking about every file on that machine being encrypted with a unique key. You are unlikely to get these files back.

Do you have a backup of this computer? Your first and best bet is to get the files off of a backup before there's a chance that the malware encrypted files are backed up in it's place.

Sorry to hear about your troubles. Keep us posted on how it goes.

 

[Korobo]

Unfortunately I don't have backups of important data and it is my own fault

 

[holdum333]

Hi Korobo! That's sad that you don't have backups. To many people think this won't happen to them, but it can and it does. The chances of you getting your files back is very slim.
Here's a good read for you. I preach all the time to create backups. I feel your pain. You should read this. http://www.businessinsider.com/here...computer-gets-taken-over-by-ransomware-2015-6
Well, the first thing you may want to do is alert law enforcement, said Jason Glassberg, the cofounder of the security firm Casaba Security. While they might not be able to help you much, they should still be made aware of the crime.

Second, you should turn off your infected computer and disconnect it from the network it is on. This is important because an infected computer can potentially take down other computers sharing the same network, Glassberg said.

 

[xandros9]

Unfortunately I don't have backups of important data and it is my own fault

Unfortunately you've learned the value of backups the hard way.

If there's the possibility of copies ANYWHERE else I would try those whether file history on Dropbox, etc.

Anyways, I'm not sure we can help you.

What's funny is that those ransomware developers NEED good "customer support" to be successful so if that makes you feel better... (because running off with people's money or not supporting the "customer" after payment is *really* bad for "business") but the risk is there.

 

[a5cent]

I just want to point out that this should not only be viewed as a demonstration as to why backups should be mandatory, but also as a demonstration as to why we must take care to not run any old executable file on our computers. Based on what I've read, this particular malware reaches their victims via spam-mail attachments or similar methods. There is no way this malware can launch itself on a remote machine, i.e. it depends on the users making mistakes:

1) the OS asks the user if they really want to execute the program, as it can't be guaranteed to originate from a safe source. Confirming this despite it not being from a safe source is what let the malware loose.
2) there was no backup to recover from after the malware had done the damage

The basic rule to getting (1) right is to simply never run anything on your computer you can't guarantee is safe. Anytime you see the dialog posing the question whether to run the executable or not, you have to step back and ask yourself if you can guarantee it is safe. If you're unsure, click "cancel".

Anyway, yeah, this is really crummy. Sorry Korobo. Not trying to make your day any worse. Just hoping people can learn from it.