Larry Jamieson
From:
Walton, NY USA
|
Posted 11 Mar 2015 4:55 pm |
|
Somehow some kind of malware got into my lap top and
encrypted all my picture files. They have a picture of an orange marigold blossom over each picture and they will not open. There is a "What happened to my files" box with instruction on how to pay to get them
fixed.
Is there any way I can fix this my self, or any reasonably priced software I can download that will
fix it? If I delete all the pics I have on file and replace them, will the new pictures become encrypted?
Thanks for any help you can provide. |
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 11 Mar 2015 6:59 pm
|
|
Evidently, you did clicked on a poisoned link, or opened a rigged email attachment, or plugged in an infected thumbdrive, or visited a website that was unknowingly serving exploited ads, while having an outdated version of Adobe Flash, or Oracle Java, or Adobe Reader, or Microsoft Silverlight, or while being behind on security updates from your computer's operating system and browsers. Your laptop has been infected with a type of underground ransomware known generically as CryptoLocker.
The average CryptoLocker is almost 100% effective at doing its evil job, thus unrecoverable unless you pay the ransom and follow the instructions provided by shady characters in the former Soviet Union. The ransom is typically 1 Bitcoin, which varies in actual price from 250 to 350 dollars.
If you have saved backups to an external drive that was not connected at the time you got infected, you will be able to restore them from there. Acronis True Image backups are safe from crypto lockers also. Backups to the cloud will probably be good, because these lockers change the file extension to one not recognized as an image, audio file, movie, document, etc.
Before you even attempt to restore anything, you must disinfect the computer completely. I recommend a combination of Malwarebytes Anti-Malware and Hitman Pro. Feel free to contact me via a PM for more details.
You can get professional assistance by creating an account with http://www.bleepingcomputer.com/forums/, in the malware removal forum. Malwarebytes also has malware removal forums.
NB: If you have saved routine full system image backups, an image restore to a recent date prior to the infection will remove it. These full system images became available in Windows version 7 and newer. Acronis True Image also makes full system images.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
