17

Our canonical malware question is a gem. At the time it was written, though, the various malware that encrypts your files weren't even a thing. We periodically get questions on how to recover from those, and people are usually just uselessly directed to our canonical thread.

It used to be that the only advice was restore from backup if you have a backup, or pay up if you don't. I've recently seen mention of some tools for specific malware packages (but don't recall the details). Whatever the current recovery options are (even if there aren't any), it would be nice to add this class of malware to our thread.

I'm not familiar enough with this subject to write an answer. Does anybody want to tackle this?

6
  • 1
    The only thing I caution whom ever writes this answer, you should make sure it is crystal clear that, decrypting your files is only possible if the private key is leaked. Typically this only happens when the author of the malware makes a fatal flaw, like using the same private key for everyone, or when the command and control server is compromised by law enforcement (since most fo the time its done because of private companies).
    – Ramhound
    Commented Sep 13, 2016 at 18:28
  • 1
    I think it'd be great to have coverage of cryptomalware (the technical term for "the various malware that encrypts your files"), but we also need to include other categories of malware and badware that have cropped up and how best to identify and deal with them. Maybe this meta Q should be for discussing what those categories are which are missing from the canonical Q, so we can motivate people to write on them. Commented Sep 13, 2016 at 18:29
  • @allquicatic, absolutely. People should suggest what holes need filling (and could also suggest key points to include in answers), in answers to this Meta question. And cat pictures are welcome but not a requirement. :-)
    – fixer1234
    Commented Sep 13, 2016 at 18:36
  • Sure someone can. Offer a bounty, with a clear description that you want new answers, and the answers will come :) Commented Sep 13, 2016 at 18:40
  • @ThatBrazilianGato, that thread is at the point where new answers are automatically community wiki, so altruism will need to prevail.
    – fixer1234
    Commented Sep 13, 2016 at 18:45
  • @fixer1234:  I just stumbled across this question.  The Help Center says “Community wiki questions are eligible for bounties.” Commented Aug 18, 2017 at 18:27

2 Answers 2

18

The new ransomware answer

I just hammered out the above answer, which overviews how ransomware works, what to do, and how to avoid it in the future. Most importantly, I linked to this Google Doc (from this Reddit thread), which is a list of ransomware variants, their characteristics, and (when available) links to the decryptors.

Feel free to suggest improvements! The post is community wiki at the moment; it might be a candidate for un-wikiing based on how much is filled in by other people, but it's fine with me either way.

2
  • 2
    Nice job. I'm going to accept this answer because that's specifically what the question is about (and a +1 for the cat). But as allquicatic suggested, we can use this thread to identify other holes in our canonical answers, so I hope the checkmark doesn't discourage that use.
    – fixer1234
    Commented Sep 13, 2016 at 22:42
  • The only thing I would add is a section of what to do now that you have the ransomware. Which should include "disconnect from your network imediatelly" as the first step. Some of these work on Samba shares. Commented Sep 25, 2016 at 17:27
4

enter image description here

... But I can upvote your question in hopes that someone else will.

(This answer brought to you by Humor. Sometimes, you just gotta have fun.)

2
  • 3
    The cat picture, alone, is worth a +1.
    – fixer1234
    Commented Sep 13, 2016 at 18:27
  • 3
    Flagged as NAA ;p
    – DavidPostill Mod
    Commented Sep 13, 2016 at 19:55

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .