Endpoint Protection

 View Only

  • 1.  Word , Excel and other file is encrypted and not opening..

    Posted Jan 14, 2015 05:43 AM

    Dear Team,

     

    The Symentec Endpoint is running in my fileserver and today My file server is afftected by virus and generate the file " " automatically in each folder with the contect mentioned below.

    “Attention!!!
    BlackCryptor Code:
    BCC-88534567
    All necessary files on your PC (photos, documents, data bases and 
    other) were encoded with a unique RSA-100. Decoding of your files 
    ins 
    only possible by a special program that is unique for each 
    BlackCryptor 
    ID. Specialist from the computer repair services and anti-virus labs 
    won’t be able to help you. In order to receive the program 
    decryptor 
    you need to follow this link…
    Remember, the faster you act the more chances to recover your 
    files 
    undamaged.”

    BlackCryptor is an encryption utility that would conceal all 
    documents on 
    a target machine within a bitmap image; whereupon, all files would 
    manifest them with extra extensions, such as 
    blabla.jpg.BlackCryptor 
    or blabla.xls.BlackCryptor. By encrypting files, BlackCryptor 
    ransomware could make profitable income for its author as 1.645 
    BTC 
    (about € 500) is required for each decipher.

     

     

    when we open the file ( .xlsx, docx ) getting the message "Excel found unreadable content <filename.xlsx>, if you trust the source of this workbook , click yes. if we click on yes then getting the new message "Excel can not open the file <file name.xlsx> because the file format or extention is not valid , varify the file has not been corrupted and that the file extention matches the format of the file".

     

    and than finally the file does not open..Please give the solution.

     

     

    Thanks and regards

     



  • 2.  RE: Word , Excel and other file is encrypted and not opening..

    Posted Jan 14, 2015 02:18 PM

    That's cryptolocker. You need to restore from backup.

    There's two solutions:

    Pay the ransom (NOT advised, not guaranteed) or restore from a previous backup.

    If you don't have a backup, the data is lost.

     



  • 3.  RE: Word , Excel and other file is encrypted and not opening..

    Posted Jan 14, 2015 11:39 PM

     

    https://www-secure.symantec.com/connect/articles/recovering-ransomlocked-files-using-built-windows-tools

    See the above great article of Mr. Brian, also read his PDF Article - Using Symantec Endpoint Protection 12.1 to Protect Against Advanced Persistent Threats (APTs)".

    "prevention is better than cure"

     

     

     



  • 4.  RE: Word , Excel and other file is encrypted and not opening..

    Posted Jan 15, 2015 04:58 AM

    Hi Amit_tyagi2901,

    This definitely looks like a new Cryptolocker clone.  Cryptolockers will attempt to encrypt files on all drives that it has mapped.  For example: it will encrypt the files in the infected computer's own directories, and then attempt to encrypt those shared on the company's file server which that computer has as its "F" drive (or similar).  That is probably what happened in your case.

    Tracking down the computer which is infected is usually simple enough: it's the one with a mapped network drive on that file server, displaying an identical ransom note. Please do try to track down the malicious file which did the damage (likely a suspicious email attachment) and submit it to Symantec Security Response for analysis.  (Feel free to PM me the tracking number! I will make sure it is examined swiftly.)

    This will not help to decrypt any documents already sabotaged (those need to be restored from a known good backup) but it will help to spare others from falling victim to the same threat.

    These articles may help as well:

     

    Recovering Ransomlocked Files Using Built-In Windows Tools

    https://www-secure.symantec.com/connect/articles/recovering-ransomlocked-files-using-built-windows-tools

     

    Ransomcrypt: A Thriving Menace (aka Cryptolocker: A Thriving Menace)

    https://www-secure.symantec.com/connect/blogs/ransomcrypt-thriving-menace    

     

    Cryptolocker Q&A: Menace of the Year

    https://www-secure.symantec.com/connect/blogs/cryptolocker-qa-menace-year    

     

    First Response to: Cryptolocker \ Ransomcrypt\ Encryptor

    https://www-secure.symantec.com/connect/articles/first-response-cryptolocker-ransomcrypt-encryptor

     

    Also:

     

    The Day After: Necessary Steps after a Virus Outbreak

    https://www-secure.symantec.com/connect/articles/day-after-necessary-steps-after-virus-outbreak

     

    And:

     

    A good Connect forum thread on how to protect yourself: https://www-secure.symantec.com/connect/forums/cryptolockercryptodefense-defenses

     

    Please do keep this thread up-to-date with your progress!

    Many thanks,

    Mick



  • 5.  RE: Word , Excel and other file is encrypted and not opening..

    Trusted Advisor
    Posted Jan 15, 2015 09:37 AM

    We had Cryptolocker in the past and the best way to fix this is to restore the files from backup. But before you do that, make sure you CLEAR OUT all of the sources (user profile, startup, etc) and do a full scan, otherwise it will infect the restored files all over again.

    Once cleared out, restore the files and you're good to go.

    It's a messy job but you can do it - good luck!



  • 6.  RE: Word , Excel and other file is encrypted and not opening..

    Posted Jan 16, 2015 12:38 AM

    Dear Mr. Mick2009,

    Thanks for yoyr reply. 

     

    we have not applyed any type of encryption on our file srever or shared drived. Even I have tryed to decrypet the file using windows 2008 Server inbuilt utility but all are vain. As far as i think this is the malware attack on our server because all the files of my file server  has beed encrypted and each folder gets a one .txt file named  " your file is encrypted and can not be opened.txt" with hte content mentioned in my first post shown above in the blog.

     

    Thanks 

     

     

     



  • 7.  RE: Word , Excel and other file is encrypted and not opening..

    Posted Jan 16, 2015 12:45 AM
      |   view attached

    Dear Mr. Mick2009,

    Thanks for yoyr reply. 

    we have not applyed any type of encryption on our file srever or shared drived. Even I have tryed to decrypet the file using windows 2008 Server inbuilt utility but all are vain. As far as i think this is the malware attack on our server because all the files of my file server  has beed encrypted and each folder gets a one .txt file named  "HOW TO DECRYPT FILES.txt" with hte content mentioned in my first post shown above in the blog.

     

    The .txt file is attached with this block.

    Thanks 

    Attachment(s)

    txt
    HOW TO DECRYPT FILES.txt   955 B 1 version


  • 8.  RE: Word , Excel and other file is encrypted and not opening..

    Posted Jan 16, 2015 06:29 AM

    This is malware, you got infected. There is no way to decrypt them as it uses unbreakable encryption.

    You're left with either restoring from backup or losing the file permanently.



  • 9.  RE: Word , Excel and other file is encrypted and not opening..

    Posted Jan 16, 2015 07:07 AM

    Yes, this is definitely malware.  See if you can identify the computer which was infected and then the file which caused the damage.  If that file can be submitted to Security Response for analysis, it could spare other companies from falling victim to the same attack.

    With best regards,

    Mick



  • 10.  RE: Word , Excel and other file is encrypted and not opening..

    Trusted Advisor
    Posted Mar 17, 2015 10:28 AM

    Hopefully you have resolved this? If so, please mark this topic as Solved.