All of my files on my external hard drive just got encrypted. I removed all of the viruses with malwarebytes, but now every single one of my files have the extension " .id[42B18849-2275].[checkcheck07@qq.com].Adame "
Is there any way to remove the extension and recover my files or am i just 100% screwed?
These types of attacks are nasty and most likely means you will have to resort to restoring your files from backups previous to being encrypted.
You do take backups of your data, correct? If not, it would be a good time to start. Perhaps also set up a cloud service that can sync your data in multiple locations.
I'm sorry this happened to you, and hoping you have some type of backup. Make sure you check "Previous versions" or shadow copies to see if your computer has saved your bacon for you.
I actually don't have a backup. What these were were DVD Rips of Movies & TV Shows that I kept as backups on my computer just in case something happened to the DVDs. Well, I no longer have the DVDs. I never thought an external hard drive could get hacked. . Now, the weird thing is, My TV Shows FOLDER was not affected, only my music, Movies, and other folders.
STOP Ransomware (.STOP, .Puma, .Djvu, .Promo, .Drume) Help & Support Topic - Ransomware Help & Tech Support
https://www.nomoreransom.org/en/index.html
Hi RainbowPride,
I don't think you can decrypt the files, sorry.
It would be interesting to understand how it happened, so we can all learn and avoid the problem hopefully; did you receive an email, did you download some files or were you using some site (?).
Also a question for security experts, how did the antivirus did not stop/recognize the threat?
thanks.
Yeah, because a Goggled link will now save the day
Anyway @RainbowPride, sorry to hear of your issue but do considers pparks1 suggestion of backing up your critical data.
Quick story... when I first got into PC's, I'd often mess around with hardware and software in an effort to lean about stuff. One day I decided I was going to install Windows 2000 (Win2k) on a spare drive I had in my system. This way I could BIOS boot to either XP or Win2K. The install went well and I was happy until I went to boot into my XP drive... nothing. Turns out I wiped my main OS drive when I installed Win2K and thus all my data. The hard lesson was I had nothing backed up.
That day taught me the value of backups and I've been doing them ever since. In fact I run two backup programs (Acronis & cloud backup) on an automatic schedule. Acronis runs weekly while the cloud backup (Carbonite) runs continuously. You can choose your scheduled backup times with Acronis and if that time is missed due to PC downtime, will automatically run the next time the PC is started. Carbonite will do an initial backup and then continuously scan your system for file changes and update as needed.
There are many backup programs out there (the popular one here is Macrium, though I use Acronis), and you should find one that suites your comfort level and develop a backup plan. This way when you run into issue such as you find yourself in now, there's no worry about data loss.
This doesn't help your situation at this moment as it didn't help mine at my moment but it did save me over the years since.
Good luck and hopefully can find a way to retrieve your files. But even if you do, do consider a backup plan.
Peace
Nothing is 100 percent and there is a modicum caution users should develop when going online opening files. That said, you could be as careful as you think and still be hit. It's why you should always be aware of the sites you visit and or are (re) directed to and be weary of any and all suspicious links or emails. And even with all that, anyone of us could be got!!!
BTW This is also one of the reasons I don't click inks from new users asking to look at off-site images. Sorry.
Those files are not retrievable. Lesson learned. I don't even have a way to backup almost 3TB of stuff after I get everything back, which is gonna take me forever. I had over 300 movies. Plus, I don't even have any income at the moment. I'm 1 or 2 months away from receiving my backpay, which i'm hoping to get it all at once, seeing that I meet the qualifications. If so, I'll get around $13,000. I'm going to build a brand new computer, which is going to cost almost $4,000, then invest in some sort of cloud backup that will allow me to backup movies & TV Shows to the cloud.Yeah, because a Goggled link will now save the day
Anyway @RainbowPride, sorry to hear of your issue but do considers pparks1 suggestion of backing up your critical data.
Quick story... when I first got into PC's, I'd often mess around with hardware and software in an effort to lean about stuff. One day I decided I was going to install Windows 2000 (Win2k) on a spare drive I had in my system. This way I could BIOS boot to either XP or Win2K. The install went well and I was happy until I went to boot into my XP drive... nothing. Turns out I wiped my main OS drive when I installed Win2K and thus all my data. The hard lesson was I had nothing backed up.
That day taught me the value of backups and I've been doing them ever since. In fact I run two backup programs (Acronis & cloud backup) on an automatic schedule. Acronis runs weekly while the cloud backup (Carbonite) runs continuously. You can choose your scheduled backup times with Acronis and if that time is missed due to PC downtime, will automatically run the next time the PC is started. Carbonite will do an initial backup and then continuously scan your system for file changes and update as needed.
There are many backup programs out there (the popular one here is Macrium, though I use Acronis), and you should find one that suites your comfort level and develop a backup plan. This way when you run into issue such as you find yourself in now, there's no worry about data loss.
This doesn't help your situation at this moment as it didn't help mine at my moment but it did save me over the years since.
Good luck and hopefully can find a way to retrieve your files. But even if you do, do consider a backup plan.
Peace
Yeah, I do the same, I remove all the stupid ads and menus and keep just the movie.
You have just missed out on some good deals during black friday, I bought a lifetime 1TB for $100.
Most AVs are unable to detect unknown malware by watching processes, only a handful is capable.
99,99% of ransomware runs via WSH (windowsscriptinghost) and uses the powershell to auto-elevate.
WSH can be disabled, it is hardly used by anything and it virtually blocks all malware ("that runs by itself").
Norton has a utility Symantec Noscript to do it (must be run as admin), but they do not propagate it much, obviously, why would any even buy their AV, if they could simply "disable" malware.Code:reg add "HKLM\Software\Microsoft\Windows Script Host\Settings" /v "Enabled" /t REG_DWORD /d "0" /f reg add "HKLM\Software\WOW6432Node\Microsoft\Windows Script Host\Settings" /v "Enabled" /t REG_DWORD /d "0" /f
There are also utitilies, that deal with default Windows weaknesses, much more useful than any AV.
Hard_Configurator — Home
Harden Windows Settings with SysHardener | NoVirusThanks
Ransomware can be also easily blocked by permissions, the similar way, that Windows Defender anti-ransomware works. I tested on wannacry, it failed to encrypt my files, since it uses SYSTEM.
Code:Backup partition - all changes require admin access, SYSTEM is blocked. takeown /f E: /a /r /d y icacls E: /remove "Authenticated Users" "Users" "System" /grant "Users":(OI)(CI)RX /t /l /q /c icacls E: /deny "System":(OI)(CI)F /t /l /q /c
Left unsaid, so far, is how the EXTERNAL drive got hit but NOT the User's main drive. I think ransomware only affects outside devices, like external drives or networked computers (like in a business) that are CONNECTED at the time of attack. The main computer would be affected first and then serve as a ransomware conduit to other devices. Curious how it would even run on, what seems to be, a data-only drive without going thru the primary computer first or the main computer being affected too. This is why I only connect my external backup drive when actually using it and then immediately disconnect.
Years ago, I was hit with ransomware and just re-installed Windows & programs and restored data from my external drive which was not connected. Pretty similar to doing a clean install and, while a hassle, up and running in a few hours.
Quote
