.krypted Files In Drop Box

I have some shared files with a friend of mine. There are 2 folders on dropbox that are hosted by him and one that is hosted by me. We both have edit rights to the other person's files. I also have another files of my own in dropbox.

It seems he has some sort of ransomware now on his computer. The ransomware seems to encrypt files in folders that he opens. It did this to one of the shared folders that he was hosting in dropbox. A few days ago, he told me that the files had been encrypted and asked me to look into it since I was the last one that had edited/ added files there. At first, I figured it had something to do with me being on a Mac and him being on a PC so I connected to my secondary computer which is a PC and opened the dropbox folder there. I tried opening the files from there and noticed the same thing. Then I tried on my Mac (which also has Parallels for Windows [I was using the Mac side of things, though]) and noticed the same encryption. Maybe a day or so after that I was working to recover the files using Time Machine and noticed that the files had become encrypted around the same time that he accessed them (as opposed to the time that I last edited/ uploaded). At that point, he realized that other files on his computer had become encrypted as well.

Here is what I have done so far:
1) I disconnected my external hard drive, which has time machine files on it.
2) I tried to burn some backup data to a DVD but it failed 2x. Probably the burner is malfunctioning
3) I installed Virus Barrier and Malwarebytes on my Mac computer. I ran a scan of each. Neither of them found anything. Right now Virus Barrier is scanning again and so far it has scanned 690,000 files. Kinda seems like a lot since I have 227GB/ 499.25 GB free and I don't remember it scanning that many yesterday.
4) wireless card is disabled on windows computer (which I do a lot anyway as that's more of an offline computer as it has sensitive files).
5) I don't have any antivirus software, anti-malware, etc on any other computer besides what I mentioned in "3)"

Primary objective for me is to not lose files. If I have to spend some time reinstalling an operating system or whatnot that's no where near as big of a deal as losing files.

 

the full virus scan finished and it founds some files, which are in a directory (my username)/library/mail/v3/iMap(my email address)/[Gmail].mbox/...
The files are of type .emlx & .doc
Should I quarantine them?

 

the software thinks it's W97M/Lys.C malware

 

Unfortunately, e-mails are the way some ransomware is distributed. Have you or your friend been contacted about unencrypting the files? A local hospital in my area was hit by ransomware and had to pay the perpetrator $13,000 US to get the decryption key.

 

No, we were not contacted.
The files that the virus scanner found were from a long time ago. Had a last modified date of 12/2014.

 

Can I just clarify one thing: The files that are 'encrypted' so that neither you nor your friend can access them are actually stored on Dropbox's Cloud servers right? Not actual files stored on either of your windows or Mac systems?
If that is the case (and files stored on Dropbox's cloud servers are already encrypted anyway) then I would think it is Dropbox you need to communicate with.
If your friend's system itself has been subject to a form of ransomware then it would normally be all files on their system that were encrypted and not just Dropbox.

 

It's in 1 folder in drop box. I have the drop box program on my computer (I use this instead of web based drop box). he has a lot of encrypted files on his computer. I was trying to use the Dropbox support site but it seemed like it was made for some kind of more upgraded account. I will search around a bit more.

 

You should still be able to sign in to your Dropbox account from any internet connected device. You need to try and sign into your Dropbox account on the web, via a web browser. If when you try to do that, you still cannot see the files, then you will need to submit a help request to Dropbox Support and searching that seems to show it is possible for any actual Dropbox account. I am still unclear as to what exactly has actually been encrypted - the ability to sign in to the desktop program or the files contained themselves.
Whether or not a user has a desktop Dropbox program the files are stored in the Cloud on Dropbox servers.

Your friend's computer is a different matter, and if and when they resolve it - even if it means a total fresh and clean install of their Operating System - they need to then install a security program such as CryptoPrevent
It is available here on MajorGeeks:
http://www.majorgeeks.com/files/details/cryptoprevent.html
You might want to consider installing it on your Windows system now.

 

I agree about CryptoPrevent. I have it installed on ALL of my Windows versions from XP to 10. I also always install EMET.

 

He says it was Kryptloker.
The only files that I show as encrypted are some folders in a drop box folder in his drop box account. The folder is shared with me.
I will install Crypto prevent on all of my Windows Machines.
Do you have any recommendation of what I should install on my Mac?

 

No idea about Mac and I don't even know if that particular malware targets iOS systems.

 

ok, thanks. I will try contacting Apple.
I installed the software on 1 of my PCs and on the Windows running through Parallels on my Mac.
It wasn't able to install on one of my computers which is a Windows Vista machine. I emailed the Cryptoprevent support.

 

OK hopefully they will get back to you but I was able to successfully install it on a friend's Vista desktop PC while signed in as an Administrator and did make sure I clicked 'ok' to the User Account Control permission request.

 

This is the only thing I found for Mac. It's been taken over by MalwareBytes.