Windows 10: I got a notification of a ransomware but none of my files encrypted - Ransom:Win32/Zudochka!MSR

Detected : Ransom:Win32/Zudochka!MSRStatus : Removed or restoredThis threat or app was removed from quarantine or restored to the deviceAffected items: file: G:\images.exeBackstory: I wanted to copy something into a usb. I had an old usb stick which i plugged it and received this notification. I didnt open anything only formatted the usb stick. None of my file are encrypted does that mean im safe????

:)

 

Filed encrypted by Tor ransomware

More information is needed to determine specifically what infection you are dealing with since there are many variants of crypto malware (file encrypting ransomware).
RSA-4096 / RSA-2048 / RSA-1024 / AES-256 / AES-128 are
encryption algorithms and not an explicit way of identifying a particular ransomware infection.

Are there any obvious file extensions appended to or with your encrypted data files (i.e. several random hexadecimal characters, words or email addresses)? If so, is the extension the same for each encrypted file or is it different?

What is the actual name of your ransom note? These infections are created to alert victims that their data has been encrypted and demand a ransom payment. Check your documents folder for an image the malware typically uses for the background note. Check the
C:\ProgramData (or C:\Documents and Settings\All Users\Application Data) for a randomly named
.html, .txt, .png, .bmp, .url file. Most ransomware will also drop a ransom note in every directory/affected folder where data has been encrypted.

The best way to identify the different ransomwares is the ransom note (including it's name), the malware file itself, any obvious extensions appended to the encrypted files, samples of those encrypted files and information related to the email address used
by the cyber-criminals.

You can submit samples of encrypted files and ransom notes to ID Ransomware for
assistance with identification and confirmation. This is a service that helps identify what ransomware may have encrypted your files and then attempts to direct you to an appropriate support topic where you can seek further
assistance. Uploading both encrypted files and ransom notes together provides a more positive match and helps to avoid false detections.

After gathering that information, please read and follow the instructions below.

• How to Post a Topic Asking for Help With Ransomware

 

How crypto ransomware spreads... is it decryptable...should I pay the ransom

Locky Ransomware encrypts data using
AES Encryption and completely changes the filenames. Any files that are encrypted with
Locky will have the .locky extension appended to the end of the filename and leave a file (ransom note) named _Locky_recover_instructions.txt. When Locky encrypts a file it will actually rename the file to the format [unique_id][identifier].locky...(i.e.
something like F67091F1D24A922B1A7FC27E19A9D9BC.locky).

Unfortunately, at this time, there is no known way to decrypt files encrypted by Locky. More information in this BC News article.

• Locky Ransomware Encrypts Local Files and Unmapped Network Shares

 

Ransomware

Did you find any ransom notes? These infections are created to alert victims that their data has been encrypted and demand a ransom payment. Check your documents folder for an image the malware typically uses for the background note. Check
the C:\ProgramData (or C:\Documents and Settings\All Users\Application Data) for a randomly named
.html, .txt, .png, .bmp, .url file. Most ransomware will also drop a ransom note in every directory/affected folder where data has been encrypted.

Nemucod,

Win32/Filecoder.E and
Win32/Filecoder.J all append a .crypted extension to the end of filenames.

Based on infection rates we see, you are most likely dealing with Nemucod.

However, you can submit samples of encrypted files and ransom notes to ID Ransomware for assistance with identification
and confirmation. This is a service that helps identify what ransomware may have encrypted your files and then attempts to direct you to an appropriate support topic where you can seek further assistance. Uploading both encrypted files and ransom notes together
provides a more positive match and helps to avoid false detections.