Buddy needs help with Computer

[SGT Kahrs]

Hey guys,

So I have a friend of mine who, in his infinite wisdom, downloaded something unsafe. It seems to be a virus, but I'm not that great with software. Anyways, he has lost all his pictures and videos and such and is quite upset. I was wondering if anyone might have heard of something like this or run into a similar issue and could help us in solving the problem.

Thanks!
SPC Kahrs

[R. F. Nelson]

First thing's first; your buddy needs to ensure whatever malicious software has been removed. First, I would have your buddy check his Recycle Bin. Depending on the malicious software, it may have simply deleted them, and they might be located there. However, most types of malicious software aren't in the business of deleting media files; e.g., could be a trojan where a person on the other end swiped said goodies. Most malware these days are after those sweet sweet digital monies; credit card numbers, etc.

All that said, you may want your bud to download and try this https://www.piriform.com/recuva for the attempted recovery of the media. It's a program I've used myself, to recover data off HDDs of old (including those that had been re-formatted), and it had some decent success. It's the same company that makes CCleaner, so they're rather reliable.

Hope it helps.

[SGT Kahrs]

Thanks for the help! It turns out that it is actually ransomware. While the program has been taken care of, the files are now encrypted. If anybody knows how to fight ransomware, your knowledge would be greatly appreciated! Specifically it is Cerber Ransomware.

[akoch]

Thanks for the help! It turns out that it is actually ransomware. While the program has been taken care of, the files are now encrypted. If anybody knows how to fight ransomware, your knowledge would be greatly appreciated! Specifically it is Cerber Ransomware.

I'm afraid there's not much you can do. Either your friend will have to pay the ransom and get his files back, or pray he had them backed up somewhere.

Source: I deal with ransomware response at work

[R. F. Nelson]

1.) Never ever ever pay money. They will insist on a credit card, and have a form to fill out. I'm sure you can guess the kind of information required; birth date, address, credit card number and security code, and so forth.

2.) There are a few things you buddy can do. The first, is if there's a restore point from a couple of days ago, then a system restore back to that point, should do the trick.

Kaspersky has a removal tool for some of the .crypt and might work, so long as the virus itself has been removed. You can find the instructions, and the download for the tool (which is free), here: https://support.kaspersky.com/viruses/disinfection/8547?_ga=1.184281509.2049776603.1466197312#block1

[akoch]

1.) Never ever ever pay money. They will insist on a credit card, and have a form to fill out. I'm sure you can guess the kind of information required; birth date, address, credit card number and security code, and so forth.

They use Bitcoin most of the time, so they don't know said details

2.) There are a few things you buddy can do. The first, is if there's a restore point from a couple of days ago, then a system restore back to that point, should do the trick.

Won't normally help since it doesn't store files with the restore points, only system files and applications

Kaspersky has a removal tool for some of the .crypt and might work, so long as the virus itself has been removed. You can find the instructions, and the download for the tool (which is free), here: https://support.kaspersky.com/viruses/disinfection/8547?_ga=1.184281509.2049776603.1466197312#block1

This may work, my bad!

[SGT Kahrs]

Thanks guys! I will try a little later this evening and let you know how it turns out.