0

Today some computer on my domain got infected with crypto-ransomware and have infected some folders on file server that only some computers on network have access to.
So I presume one or more of five computers that can access to that folders got infected.

Ransomware encrypted files and gave them names < filename >.< extension >.< id-9760537953_fud@india.com > so on the end of every Microsoft office file there is .id-9760537953_fud@india.com extension.
Is there some tool that can decrypt office files?

Luckily I had backup of the files but now I'm trying to find this ransomware on computers and had no luck with AVG, Avira or Malwarebytes.
What's the best way to protect my network from these type of malware and how do I find it and delete it?

Davidenko
  • 101
  • 2
  • If it hasn't been identified then security programs won't find it. You will need to find it yourself by looking at each system yourself. There will be some notification asking you to pay them in order to decrypt your files on the infected machine. Of course its also possible it was already removed before you went looking for it so check your logs. – Ramhound Feb 26 '15 at 12:33
  • 1
    Luckily I had backups from last friday so not all work was lost... – Davidenko Feb 26 '15 at 12:34
  • There is not tool to just decrypt the files. That's the whole point of cryptolocker-type viruses, to make money for the author, you have to pay if you want your data back. – Dan Feb 26 '15 at 13:01
  • 1
    If it is cryptolocker: https://isc.sans.edu/forums/diary/Free+Service+to+Help+CryptoLocker+Victims+by+FireEye+and+FoxIT/18493 – charlesbridge Feb 27 '15 at 18:33

1 Answers1

0

  1. The best way is constant vigilance as to what you are opening.

  2. Once it gets through your defenses there is little you can do other than use the backup you have or pay the ransom.