Windows 10: Got all my files encrypted by RSA2048/AES-128 NASTY!

Hi! I am new here and here is what happened. I opened an email which had an attachment. It was an electricity bill. I know I should not have opened the attachment but I did! wrong move!
Found an overlay message in large red letters on my desk top and all my documents, videos, photos encrypted. I never paid the .5 Bitcoin.
I have VIPRE and malwarebytes did not stop it. I have windows 10 so I then established the Administrator entry.
So now, I have two ways of getting into W10, through my local name account and through administrator.
Thank god for administrator because all signs of encrypted files are gone! Its a clean fresh version, Great! Only problem is I cannot upload anything!.
If I login with my old account then all the encrypted files are there and that threatening message from Russia saying send us money!
What I would like is for someone to point me in the right direction. I can lose all my files I have no choice, but I need a functioning windows 10. How can I clean out my old one? Thanks for any help and I am reasonably literate in computer usage but I need clear step by step explanations if you don't mind! Thanks!

:)

 

Encripted files

Hello-

A SCARY message appeared on my screen. "All your files are encrypted with RSA-2048 and AES-128 ciphers." WORD documents and pictures are affected. How do I restore my files?

 

bit locker error: The Bitlocker encryption on this drive isn't compatible with the version of windows. Try opening the drive using newer a version of windows.

Also keep in mind that the AES 128 encryption method works perfectly fine on the 8TB drive. It's the new XTS-AES 128 that's having problems.

 

Hi Lancaster and welcome to Tenforums, albeit under less-than-ideal circumstances.

I assume you have the Locky infection? If so, there is currently no hope of getting your files decrypted. Some older versions of encryption viruses have been defeated though. What are the names and/or extensions of the files now? Does each folder have a "How to decrypt" or something similar in it? (for instance, are all *.jpg photo files now *.ecc or something else?)

You say you have Malwarebytes on the system - is it functioning? If so, can you update the virus definitions and run of full scan of the entire operating system drive? (usually C ) Or, is it disabled and not working properly?

I really would like to identify the name of the Ransomware you have, as there is hope for recovering your files from some of them. Is there any way for you to post a screen shot of the ransom note? From a phone perhaps?

Edit: You say you are unable to upload, but are you able to download?

 

There's very little you can do now, other than hope you had a file backup or system image taken recently to roll back to

 

oke with a guy from malware in Santa Clara and There is no way out of the encryption but malware can deal with infection.
As far as I can see through running full scans there is NO infection on my system.
I am resigned to losing my files. I would appreciate advice on how to deal with cleaning out the encrypted files. As I indicated I have a clean version of Windows 10 but it is administrator priviledged and so I cannot get anything into the clean files. Hope that answers your queries.
Thank you for your reply. all the filesare encrypyed with .LOCKY I don,t want to post a picture of the ransom note as it has my recovery info on it. I sp

 

Yes, okay, there is no way at present to decrypt Locky. The best you can do right now is copy the encrypted files to another drive and store them in the hopes something will break through, or the servers get confiscated by the authorities, and you can get your personal key.

You could check the volume shadow service on the computer, to see if the ransomware was unsuccessful in turning it off - sometimes this does happen. See here:
CryptoLocker Ransomware Information Guide and FAQ
Scroll down to Using ShadowExplorer -

A full scan of the operating system drive with Malwarebytes Antimalware or ESET Online Scanner should remove all traces of the ransomware. Note that, once the encryption is completed and the ransom note appears, its work is finished, and it shouldn't be doing anything further on the system (basically rendered harmless once finished).

If you are unable to run these, you could try Kaspersky's Rescue Disk. It would need to be downloaded and burned to disk from a working, clean computer and then run on the infected system at boot.

Kaspersky Rescue Disk 10


How to Use the Kaspersky Rescue Disk to Clean Your Infected PC


Make A Bootable USB Kaspersky Rescue Disk 10 - gHacks Tech News

.

 

Good morning! Coffee time so I will start on this after coffee. Makes sense about the E drive I will try that Tout a l'heure!

 

Got my "Other User" edition now up and running! Now I will follow the one for deleting the "bad" one!

 

Hi. Good luck, and waiting for your response on the scans. Thanks.

 

Well what do you know? I now have an Administrator Account, and a User account and the other one is GONE! The last thing I will do is run a malwarebytes full scan on each one. I also have VIPRE and CClean. If you were close I would buy you a drink! A very useful site. How do you make your money? I will let you know the results. I lost about 3000 photos, I also am a musician so had lots of tunes and these A H's do it to the average ordinary guy but it has been a LESSON!

 

Good deal! I'm sorry about all the photos and music you lost. Hopefully, these crooks will be caught and their servers confiscated. If that ever happens, and you still have your encrypted files, you should be able to get them back. It's a hard lesson to learn, indeed.

I would suggest you purchase an external hard drive, (large enough to hold several images of your system), and use the free version of Macrium Reflect to make an image of your data every so often, then disconnect the drive from the system when it's not in use. Should you ever get hit again, at least you will be able to restore the latest image and have your stuff from up to that point.

As for the drink, well, that would be nice! But I'll have to settle for a virtual drink. *Wink Everyone here at TenForums is a volunteer. We give help, and we get help. We do this because we love it. Happy endings are our reward.

Cheers!

 

p.s. when you are satisfied, please go ahead and mark the thread as solved. *Smile

 

p.p.s. You also might want to have a read here:
Solved BitDefender Releases Combo Crypto-Ransomware Vaccine - Windows 10 Forums

 

all I can say is holy crap