1. Korobo's Avatar
    Hello! I've registered in your forum to ask question about .sh1t ransomware. No joke, virus changed all files extensions at my work laptop to .sh1t (with i) . And now it claims 2 BTC for decryption tool. I'm not ready and not eager to pay hackers so I've tried to cope with this problem by myself. So I've read bleeping computer, this guide and used ShadowExplorer, Recuva and TrendMicro decrypt tool. But unfortunanetly no help from all this methods...
    So I want to ask you if it is any chance for me to get my files back without paying virus developers? Because my work can't wait.
    Thank for your reply's.
    p.s. i've also read this topic - http://forums.windowscentral.com/ask...o.html?mn_qa=1
    but no answer there...
    Last edited by Korobo; 10-25-2016 at 02:25 PM.
    10-25-2016 01:58 PM
  2. jmshub's Avatar
    Hi Korobo and welcome to our message board.

    I am lucky to have never had to deal with ransomware first-hand. This is definitely a problem, and it's made worse by the fact that if the developer of the virus does everything right, it is extraordinarily difficult to reverse on your machine.You're talking about every file on that machine being encrypted with a unique key. You are unlikely to get these files back.

    Do you have a backup of this computer? Your first and best bet is to get the files off of a backup before there's a chance that the malware encrypted files are backed up in it's place.

    Sorry to hear about your troubles. Keep us posted on how it goes.
    Last edited by jmshub; 10-25-2016 at 02:23 PM. Reason: typo
    holdum333 likes this.
    10-25-2016 02:21 PM
  3. Korobo's Avatar
    Unfortunately I don't have backups of important data :( and it is my own fault
    10-25-2016 02:28 PM
  4. holdum333's Avatar
    Hi Korobo! That's sad that you don't have backups. To many people think this won't happen to them, but it can and it does. The chances of you getting your files back is very slim.
    Here's a good read for you. I preach all the time to create backups. I feel your pain. You should read this. http://www.businessinsider.com/heres...somware-2015-6
    Well, the first thing you may want to do is alert law enforcement, said Jason Glassberg, the cofounder of the security firm Casaba Security. While they might not be able to help you much, they should still be made aware of the crime.

    Second, you should turn off your infected computer and disconnect it from the network it is on. This is important because an infected computer can potentially take down other computers sharing the same network, Glassberg said.
    jmshub, aximtreo and a5cent like this.
    10-25-2016 03:16 PM
  5. xandros9's Avatar
    Unfortunately I don't have backups of important data :( and it is my own fault
    Unfortunately you've learned the value of backups the hard way.

    If there's the possibility of copies ANYWHERE else I would try those whether file history on Dropbox, etc.

    Anyways, I'm not sure we can help you.

    What's funny is that those ransomware developers NEED good "customer support" to be successful so if that makes you feel better... (because running off with people's money or not supporting the "customer" after payment is *really* bad for "business") but the risk is there.
    holdum333, jmshub and a5cent like this.
    10-25-2016 03:31 PM
  6. a5cent's Avatar
    I just want to point out that this should not only be viewed as a demonstration as to why backups should be mandatory, but also as a demonstration as to why we must take care to not run any old executable file on our computers. Based on what I've read, this particular malware reaches their victims via spam-mail attachments or similar methods. There is no way this malware can launch itself on a remote machine, i.e. it depends on the users making mistakes:

    1) the OS asks the user if they really want to execute the program, as it can't be guaranteed to originate from a safe source. Confirming this despite it not being from a safe source is what let the malware loose.
    2) there was no backup to recover from after the malware had done the damage

    The basic rule to getting (1) right is to simply never run anything on your computer you can't guarantee is safe. Anytime you see the dialog posing the question whether to run the executable or not, you have to step back and ask yourself if you can guarantee it is safe. If you're unsure, click "cancel".

    Anyway, yeah, this is really crummy. Sorry Korobo. Not trying to make your day any worse. Just hoping people can learn from it.
    Last edited by a5cent; 10-25-2016 at 06:31 PM.
    10-25-2016 04:29 PM

Similar Threads

  1. Questions for Windows 10 mobile users
    By RobbieRobski in forum Windows 10
    Replies: 8
    Last Post: 11-03-2016, 11:14 PM
  2. Question related Windows 8.1 App deploment
    By Windows Central Question in forum Ask a Question
    Replies: 0
    Last Post: 10-24-2016, 09:32 AM
  3. Camera & Video App Question
    By mattdodwell in forum Windows Phones
    Replies: 6
    Last Post: 10-20-2016, 07:51 AM
  4. Firmware Update Question (Windows 10 Mobile)
    By awesome777 in forum Ask a Question
    Replies: 4
    Last Post: 10-13-2016, 12:38 PM
  5. Question about Gears of War 4 Horde 3.0
    By paddy_pilani in forum Gaming Discussion
    Replies: 4
    Last Post: 10-13-2016, 04:59 AM