So far, two of our clients have been infected with this in the last week, and it's nasty. When you try to close it, it often will pop up a message box that simply says, "I'll be back!". Then it re-opens. Here;s what my team has found so far:
1) Hitman Pro.Kickstart can rip it out, but will not decrypt the files.
2) It will quickly jump to USB and external drives, so make sure you are careful to check anything you put in the system for infected files.
3) So far, I haven't found a way to decrypt the files, but you can restore to a previous version of most of the encrypted files if you have System Protection and shadow copies turned on. Right click the file, choose "Restore previous version...", and select the closest date before the infection. You can do this to entire folders as well, but remember that it recreates the folder COMPLETELY from that date, so newer files may be missing from the backup. It also doesn't work on offline files (files accessed over a network).
I hope this helps. Good luck!
via Bleeping Computer Last 20 Posts http://www.bleepingcomputer.com/forums/t/508120/cryptolocker-restore-previous-version-to-get-back-some-encrypted-files/
Aucun commentaire:
Enregistrer un commentaire