Mate of mine has done the following

a) let his AV subscription expire
b) not loaded the free MS AV stuff
c) opened up a zip file in an attachement

A quick look suggests:L http://www.theguardian.com/technology/2014/jun/03/cryptolocker-what-you-need-to-know as he cannot access any of his office files. No ransom demand tho although maybe that was swiped when we installed Microsoft Security Essentials and Malabytesaware – both of which picked up Trojons and destroyed them.

No file access tho, everything on the web suggests he’s screwed. This is W7 BTW.

Oh and

d) never did a backup even when I created him a google folder and said – stick everything in there once a week and keep four copies.

Any thoughts? Or should I just let him down gently 😉

d) never did a backup even when I created him a google folder and said – stick everything in there once a week and keep four copies.

[video]https://www.youtube.com/watch?v=N48qg6PX2TU[/video]
Install MSE scan then work forward

I can’t help at all, but thank you for the Google folder tip!

😉 well if it saves someone. What he really should have done is to get an app to automate the backups. I think i still have the email with the links I sent him!

There’s so much ‘free’ storage now google, dropbox, box, etc you’d be mad not to do regular backups.

https://www.decryptcryptolocker.com/

I’m using Genie Timeline to do the auto-backup (for my W7 incarnation).
That and regular Winclone backup of the W7 BootCamp partition.

The OS X side is taken care of with SuperDuper! and Time Machine. The proof is when something goes wrong though!

Time machine works for me. I store all my work stuff encrypted in the cloud anyway. And every week take a full copy then monthlies after that. But that’s because I was brought up on the vast importance of regular backup!

I’ll take a look at the genie timeline one if/when we get any files back.

Thanks for the dec… link, been there.

Timeline works the way you’d expect – I also had another backup system running, but that was on a regular backup routine rather than mostly incremental – SyncBack (mostly free).

When I had something similar I could still boot up in console mode, then was able to run a script to create a new clean user. From within there I could run a virus remover.

If the files are still there but Word etc. is unable to open them – it does sound like crytpolocker. It’s possible there are shadow copies.

<right click> a file and choose <properties> -> check the <previous versions> tab. If the shadow copies exist* try opening one of the earlier versions.

* cryptolocker has been known to remove the previous versions … in which case you’re stuffed.

I can’t help at all, but thank you for the Google folder tip!

It won’t help you though if you map it to a normal drive – the cryptolocker virus will just encrypt the Google drive contents too. You need to limit access to web only.

Crikey … this is one hell of a virus. 😮

Yeah mogrim that’s right.. hence getting the files backed up by an app to something password protected in the cloud is the better option. I was less concerned about virus protection than HD failure 😉 small steps and all that.

Ta for the tips, he may have version turned on (it’s configurable on W7 I think). I’ll pop in and take a look later.

Experienced this at work. It’s a bastard of a virus. Some sites claim to be able to “fix” corrupted files but in my experience, they don’t.

Treat every email with suspicion and don’t double click on attachments unless you are sure of the originator.

There are many variations, some say that they are Cryptolocker and aren’t

There’s a blog here with a link to a decryption tool for a weaker variation. The same company also do an anti-malware ”emergency kit” to clean infections

I’ve used their AV and firewall for years

Be careful with automatic backups, you can easily overwrite good backups with crypto’d versions, they are after all just changed versions of files. Need previous versions as well. I had a client where the crypto’d files backed up and overwrote previous backups. 100gb data destroyed. Very lucky to have a synch copy on a laptop.

@timba – thanks for that. We had another look last night and had just about given up, but if it’s the newer, easy to crack one that’d be fab. We’ll give th decrypter a go

@hutch – yeah, that’s a fair point. I guess we’ll need to get him to try opening a file before hitting backup. Will keep 3-4 full versions tho.