±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 1 Overall: 35520
New Yesterday: 6 Visitors: 136

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Webinars

cryptolocker

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

giandega
Senior Member
 

cryptolocker

Post Posted: Mar 21, 19 17:33

dear all,
a cryuptolocker has entered by rdp connection. and corrupted a sql back server. The file vhd are crypted and deleted the content of shadow copy.
On kaspersky site I saw nothing new.
Has anybody hint?
thanks  
 
  

Igor_Michailov
Senior Member
 

Re: cryptolocker

Post Posted: Mar 21, 19 19:43

What do you want?
_________________
Computer, Cell Phone & Chip-Off Forensics

linkedin.com/in/igormikhaylovcf 
 
  

TinyBrain
Senior Member
 

Re: cryptolocker

Post Posted: Mar 22, 19 17:43

Have you peers to the Hacking Team?  
 
  

badgerau
Senior Member
 

Re: cryptolocker

Post Posted: Mar 22, 19 23:20

Firstly you need to know which Ransomeware family you are dealing with, as there are decryption keys available for some of them.

id-ransomware.malwarehunterteam.com

Use the above site to try and ID the family. Once you know this then report back to see if anyone has any solutions.  
 
  

Dimi
Member
 

Re: cryptolocker

Post Posted: Mar 23, 19 12:30

Try www.nomoreransom.org

With the cryptosheriff you can identify the kind of crypto, with the crypto tools you can hopefully decrypt.  
 
  

giandega
Senior Member
 

Re: cryptolocker

Post Posted: Mar 25, 19 08:35

thanks all  
 

Page 1 of 1