Locky Ransomware

M_Dirt · May 4, 2016

I am being extorted by cyber terrorist. Thousands of files have been encrypted on my server. When I decided to visit the Locky DecryptorTM site and pony up/risk the 0.5 to 1 BTC for the decryptor I was asked to send 5.1 BTC. I'm running SBS 2008 & the malware tunneled through a Win7 pc on the domain. A few questions...

1. How would I detect the Locky variant? I've tried malwarebytes but it doesn't detect anything i can search. Search results come back empty. Is there a more suitable tool to detect the variant?
2. Fresh install & backup is absolute last resort as my last backup is 2 days old & SBS policies & install was no small feat for me. Tooks me weeks to figure it out
3. What are the odds that they'll even honor the transaction.

Where should I go from here? Any sage advice or additional details Ii can provide?

Desperately seeking guidance...

M_DIRT

chaslang · May 4, 2016

M_Dirt said: ↑

3. What are the odds that they'll even honor the transaction.
Click to expand...

] We cannot say for sure as these have been unreliable in the past with other infections. Plus who knows if you can really trust your PC afterwards. Can you really be sure what other hooks they may have placed on your PC? And now you are looking to running possibly some other software from them!!!

M_Dirt said: ↑

Where should I go from here? Any sage advice or additional details Ii can provide?
Click to expand...

I suggest that you read the below nice write up from Bleeping Computer and then possibly post in the link that they reference.

http://www.bleepingcomputer.com/new...ypts-local-files-and-unmapped-network-shares/

Log in or Sign up

Locky Ransomware

M_Dirt Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member