Odin Locky

[PBComputer]

Before I start I know the problems not addressed. They are getting sorted.

- email filtering
- actually backing up the file
- documents signed saying this is being backed up
- cloud backup

I've had a client hit today after downloading the DHL email. Mav (bitdefender) never picked it up.

So now all documents are encrypted. They stores the files on an external drive and did not tell me so nothing was being backed up.

I now need to find a decryption tool. Ideally before Monday.

Hope your days going better

 

[AndyM]

@PBComputer Was that the LogicNow implementation of MAV?

Andy

 

[PBComputer]

@AndyM Yes it was.

 

[Porthos]

Only thing is to manage their EXPECTATIONS first. some crypto variants wont have decryption for weeks or months and and might be never.
Paying the ransom sometimes works but sometimes not. And it just feeds the crooks.

The folks at bleeping computer are your best chance.

CLONE it first and work from that.

 

[PBComputer]

Hard drive has being pulled and images

Fitting a new drive.

Just ran shaddowexplorer and found some documents on an encryted drive for May 2015.

Its a start. Just hope there is a decryption key soon. I'm now paying 3bt

 

[AndyM]

@AndyM Yes it was.

I have it on (very) good authority, that the version of MAV that is used by both LogicNow (and also N-Able), is not the latest version. If you have Bitdefender GravityZone MSP, I would switch them over to that.

Also, as you stated, put in some hosted email filtering, Cloud and local backups, and also make sure that they are using some form of safe DNS.

Andy

 

[AndyM]

Also, try this:

https://www.nomoreransom.org/

A decent amount of information there

Andy

 

[PBComputer]

I have it on (very) good authority, that the version of MAV that is used by both LogicNow (and also N-Able), is not the latest version. If you have Bitdefender GravityZone MSP, I would switch them over to that.

Also, as you stated, put in some hosted email filtering, Cloud and local backups, and also make sure that they are using some form of safe DNS.

Andy

They where due to move tomorrow to GZ

Just reading the link above. Very interesting

 

[PodnutzPro]

I have been seeing quite a bit of e-mails coming from gmail addresses with subject of something like Receipt: random number and the receipt is an xls file. This is hitting many different clients.

 

[GTP]

www.emsisoft.com has a large collection of decryptors.
you could try them as well.

 

[PBComputer]

I will try there in a few minutes. I have managed to recover a lot via ShaddowExplorer some docs wherein Dropbox I can get them back via Previous Versions.