Hi ,

Goodday my friends ..
i have nas storage inf acted with Virus locky .. have u face this virus before .. there is any solution ?

thanks for help

http://howtoremove.guide/locky-virus-fi ... n-removal/


READ THIS TOPIC

Thanks Galaxy for ur help ..

but it's not a computer .. it's Nas storage ..
i will read and see ..

thanks

read here.
http://www.kmitldss.org/kmitldss/articles/fde_p3.pdf

_________________
Data Recovery Pakistan

This artical advertising RECUVA software to buy it. It doesn't help to decrypt affected files. It helps only to restore some deleted files which wasn't encrypted, this can do any other data recovery software, and IMHO RECUVA is not the best one

_________________
Angel Data Recovery

Hello, me and my brother got hit by Locky, a few days ago. We had many files on a NAS too. We called an IT expert and he was able to find out how it entered our PC. He asked us if we have a backup but we said no, as our NAS was infected as well. He left a note in English about it, that we thought to share:

"TROJ_LOCKY.DLDRA is the name of the trojan. Downloaded through svchost.exe. Locky Ransomware new version was installed. Files encrypted with .locky extension."

Now that we know about this ransomware, we are trying to find if we can restore our files. Recuva software did not work. We are searching the internet for information about the file restoration. Any help will be valued.

There is absolutely no way to decrypt locky. Yet.

_________________
http://www.northwind.gr
SandForce SSD Recovery
Ransomware Reverse Engineering - NoMoreRansom! partners

Agree

_________________
__________
There is no substitute for education and experience
THANK YOU
SHAHI
shahi.mahbub@gmail.com

The encrypted file name is changed to random characters or just add .locky ???

So, we have found the following article where some methods for restoring files from Locky were mentioned at the end.

http://sensorstechforum.com/remove-lock ... ted-files/

Stellar Phoenix Data Recovery mentioned there, worked! It only restored a few pictures and documents, but it is something!

http://www.stellarinfo.com/

@northwind and @shahij - we also didn't find any working decryption method, but with some Data Recovery software it appears you can restore a tiny portion of files...

if encrypted files keep the original name , not the locky authentic and whether they can be decrypted .
if the name is changed to random characters , can not be decrypted

@colanco, the extension is .locky of every file, but they are all locked. Me and my brother couldn't find any decryption method (at least for now - we'll continue looking).

Apparently the ransomware deletes original files and locks their copies, so that's how a Data recovery program can recover some files. I wonder why the effect was so little if all files got deleted. Maybe it doesn't delete all files but uses a random principle?

The extension is .locky, ok, but the file name is the original or changed by random characters ????

The file names are the same as before. Only the extensions are changed (like .doc is now .doc.locky).

EDIT: We have tried reverting the names back by deleting the locky extension and also trying burning the files to DVDs if we can change them somehow but that doesn't work...

Of course not, the files are encrypted

is AutoLocky , can be decrypt.



PM sent.

@jermy - now we know.

@colanco - THANK YOU! It worked and all files seem to be restored - some files on the NAS are still encrypted, but they might be corrupt and they are not too important. We will try to copy them and decrypt on a PC...

I HAVE PROBLEM OF CRYPZ EXTENSION AFTER THE ORIGINAL FILE NAME. PLEASE SUGGEST HOW TO DECRYPT THE FILES.

THANKS

Hi
From Where in India. We can recover partial data. PM your details.

It is CryptXXX 3.x.

There are several partial methods, with different result, but not a complete solution at this time