1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

Dads Legal Files Infected

Discussion in 'Is my Computer infected?' started by Justin Perreault, Aug 11, 2021.

  1. Justin Perreault

    Justin Perreault

    Joined:
    Aug 11, 2021
    Messages:
    4
    Operating System:
    Windows 10
    Hi

    My dad had his computer infected by some sort of malware that converted a lot of his legal documents to a different file extension and made them un-readable to any word processor software out there.

    It wanted my dad to pay a fee then download a generator that would unlock his files. He somehow had the program removed but the damage was done.

    Any idea what the name of that program was? I think file extensions were renamed to Zapdos or something along those lines. I will update this thread with the file extension name so you guys can know what malware I am talking about.

    Any help here would be great, Thanks!
     
  2. IJAC

    IJAC Super-Moderator Super Moderators

    Joined:
    May 8, 2017
    Messages:
    886
    Location:
    Here
    Operating System:
    Linux Based
    Computer Brand or Motherboard:
    I have a Asus prime Z270A MB
    CPU:
    Intel i5 Quad core
    Memory:
    Rip Jaw 32 GB
    Hard Drive:
    Samsung Evo 500 GB SS
    Graphics Card:
    Radeon R7 260X/360
    Power Supply:
    750 Watt Corsair
    It sounds like a ransomware malware. When you get more information let us know.
     
  3. Tony D

    Tony D Administrator Administrator

    Joined:
    Sep 25, 2009
    Messages:
    5,062
    Location:
    SE Pennsylvania, USA
    Operating System:
    Windows XP Professional
    Adding to IJAC's comment - I agree, it's ransomeware. You can pay the fee, but there's no guarantee that you'll get the files decrypted. The bad actor may not send you the key and if you made changes to your computer, that may prevent the key from working.

    Here's where a backup would come in handy. You wouldn't have to be concerned about paying a fee. You would just restore your files from your backup. It's also the reason I prefer to have backup off-line. If the backup drive was connected to the computer when it was hit with the malware, in addition to all your files being encrypted, the malware would attack the attached backup drive and encrypt all those backed up files also.
     
    allheart55 (Cindy E) and IJAC like this.
  4. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Justin,

    That isn't the best way to deal with ransomware, I'm afraid.
    With the files in place and a copy of the ransomware note, it makes it easier to see what we are dealing with.
    What did he use to remove the ransomware program?
    Is he sure that he removed it all?

    That's not a ransomware file extension that I'm aware of.

    There are some decryptors available for some of the older ransomware types, but these don't always work.
    Unfortunately there's a good chance that the encrypted files are lost.

    @Tony D is spot on with this.
    Unfortunately a lot of people don't bother with regular backups.

    With a regular backup, it would have been a simple case of reinstalling the OS and then running the backup.
     
    Last edited: Aug 12, 2021
    allheart55 (Cindy E), Tony D and IJAC like this.
  5. Justin Perreault

    Justin Perreault

    Joined:
    Aug 11, 2021
    Messages:
    4
    Operating System:
    Windows 10
    I believe you are right it is ransomware and it's called "zepto". That's pretty much the only info I have about it.
     
  6. IJAC

    IJAC Super-Moderator Super Moderators

    Joined:
    May 8, 2017
    Messages:
    886
    Location:
    Here
    Operating System:
    Linux Based
    Computer Brand or Motherboard:
    I have a Asus prime Z270A MB
    CPU:
    Intel i5 Quad core
    Memory:
    Rip Jaw 32 GB
    Hard Drive:
    Samsung Evo 500 GB SS
    Graphics Card:
    Radeon R7 260X/360
    Power Supply:
    750 Watt Corsair
    Last edited: Aug 13, 2021
    starbuck and Tony D like this.
  7. plodr

    plodr CHF Advisor CHF Advisers

    Joined:
    May 31, 2017
    Messages:
    1,106
    Operating System:
    Windows 7
  8. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Tony D likes this.
  9. plodr

    plodr CHF Advisor CHF Advisers

    Joined:
    May 31, 2017
    Messages:
    1,106
    Operating System:
    Windows 7
    Yup, I spent some time looking at quite a few sites that had decryption tools but I came up empty. I was hoping to find a solution.

    Several things to keep in mind so other files are not lost forever to malware:
    1. Get a malware detection program
    2. Keep at minimum 2 copies of important files off the computer (I've been working on a large database for 6 years. One copy is kept on a computer. 1 copy is kept on a USB stick. A 2nd copy is kept on a different USB stick and from time to time I've uploaded a copy to my google drive.)
    3. Learn to make images of the computer. If the computer does manage to pick up something, restore the image and you will be back in business in under an hour. You might lose a few things. (I keep a list of everything that has been updated since the last image so if I need to restore, I know exactly what updates/new versions I need to install.)
     
    allheart55 (Cindy E) likes this.

Share This Page