Encrypted Files help needed

Mother in law has somehow downloaded a malicious rogue file that has encrypted all her photographs and documents.

The file has put a html message in the same folder that essentially asks for money to decode the encrypted files.

Anyone know any ways to overcome this
and getting the files back? Clearly paying what is essentially blackmail is not a good idea and a clean reinstall loses all the documents.

 

Any way you could upload one of the files? (obviously one that isnt of a sensitive nature)

I could have a look at the file and see if i can access it.

There's a chance it could just be nothing, and they've just made it look like there's something encrypting it, but there's a good chance that they are unrecoverable, unfortunately.

 

Second Thoughts:

Have a look at this article before uploading anything https://malwaretips.com/blogs/remove-your-personal-files-are-encrypted-virus/

It has some helpful tips about possible solutions

 

Cheers, will look.

 

Try system restore

 

That's leaves your documents as they are.

 

Correct. Sounds like she's stuffed from what I've read.

 

Unfortunately you're probably buggered.

 

Have you informed the police? I doubt that they can get your files back but there must be a way that the hacker will receive the money so perhaps the police can trace them that way?

 

Run a system scan with a piece of anti-virus software.

 

There is a program called Shadow Explorer portable that searches for shadow copies of your files. It takes snapshots of your files at certain dates that should have remained unaffected. Once you select the date of the files you want you can extract and save them somewhere else.

 

I was just about to suggest that which can be downloaded here (hopefully the virus hasn't already deleted them): http://www.shadowexplorer.com/downloads.html

A video of how to use it here: [video=youtube;oaXtQ6rbvxA]https://www.youtube.com/watch?v=oaXtQ6rbvxA[/video]

Or Recuva which will recover deleted files (the virus may have copied your files, encrypted them and then deleted the original).

You can get a free version here: https://www.piriform.com/recuva

A video of how to use it here: [video=youtube;LeEICG0zWqY]https://www.youtube.com/watch?v=LeEICG0zWqY[/video]

 

When councils and large company's are paying thousands in ransom fees i don't think there is any hope.

http://www.usnews.com/news/articles...ware-is-the-most-profitable-malware-scam-ever

 

Cheers Marc - I don't have her PC with me, but I know she sat on the problem for about a month before she asked me about it (I'm her go to tech guy), but I'd never seen anything like it. I've passed it on to an IT company I know, but they've said the only sure way to deal with it is a clean install. I'd back up the encrypted files first. It's mainly photographs that have been encrypted and I think she has copies on CDs etc. so it's not as desperate as it could have been.

 

Think the latest version of the ransom virus deletes these, I understand infection happened in June, she's stuffed.

 

Deleted