Ransomware Bitlocker, Can anything be done?

[klr650r]

I've recently been hit with some ransomware. I'm usually real careful with viruses and adware but this one blind sided me good.
I woke up one morning with my secondary partition locked with bitlocker in Windows 7 and two ransom notes on my desktop. One in txt and the other a doc file.
Both had the same thing a request for 1btc forwarded to an address.
Don't have the money to pay them.
It sucks because I'm pretty sure I'm going to loose my family photos.

No AV or internet security I've tried has found anything. Norton, Bitdefender, MS security essentials was actually running during the attack.
So as of right now it looks like my best plan of action is to format both partitions and start fresh.

Unless someone has some insite, about where I could find this ransomware on my PC and disable it. Then some kind of a way of cracking that Bitlocker encryption. And if anyone has any idea how it got to me. Let me know.
Thanks,

 

[emdea22]

How did this happen? What did they use as a server?

 

[06yfz450ridr]

so you had 3 anti virus programs running at once?

that's your first problem.

more than one will cause more issues.

I highly recommend disabling windows defender and downloading avira free or even their pro it is hands down the best free av you can get the pro is really good as well.

that alongside malwaybytes pro if running the free is a very good option as well.


but try this https://www.decryptcryptolocker.com/


i didnt think the cryptolocker was still around I got hit with this at work and knew another company that got this.


backups are really the only option unless you want to pay.


do not remove it but run that on the site and then download malware bytes and scan, it will find it.

 

[USAFRet]

There is no way to crack a true BitLocker encrypted volume.
If there were, it wouldn't be much good as encryption.

 

[geofelt]

If you really want the family photos, I know of no way to recover except paying.
But. I hope you don't pay those SOB's..

In the future, keep your photos on an external backup device.

As to how you were infected, there are many ways.
Most likely would be a email link that you opened or even a malicious advertisement that made it's way to a legitimate web site that you accessed.

 

[bignastyid]

Are you sure it's bitlocker and not cryptolocker? If it's cryptolocker there's a removal guide.http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information

http://www.bleepingcomputer.com/forums/t/543518/decryption-keys-are-now-freely-available-for-victims-of-cryptolocker/

 

[ex_bubblehead]

Are you running Windows 7 Enterprise or Ultimate? If neither then it isn't BitLocker. If your files have actually been encrypted, and you don't have the key, then unless you have a backup (you do make backups, right?) your files are gone for good. Forget trying to crack encryption, it'll take several lifetimes.

A clean install on freshly wiped drives is the only way to ensure that nothing of the trojan/virus remains. And, dump Security Essentials, it's almost useless as an anti-virus.

 

[klr650r]

No all 3 AVs were not running at once. I only run MS Essential now a days. (since its inception or no AV at all) Installed the other ones one by one to see if they would find anything (tryed malware bytes as well just forgot to mention it.)
Don't know what to use for an AV anymore, in my experience either they suck at detecting or they hog your resources, never had one in between.

Pretty sure its true bitlocker. That happened on a Win7 Pro box(I think, can't remember) Looks legit when I try to get onto that drive. Also the key that would be used in case you forget your password was automatically removed from my PC.

It's not cryptolocker or cryptowall, or any of the mainstream ones I found on google.
Pretty stealthy whatever they used to get in, and they didn't leave a trace I could find except for those two docks and a locked drive.

I had relaxed my backups (I was going to do one that day, but I had nothing for the past 8 months.) as I had been safe for years, lesson learned the hard way I guess

 

[ex_bubblehead]

Unless you're running Enterprise or Ultimate it is not BitLocker, it's not present in any other versions. Either way it's not crackable.

 

[winteruk]

Bilocker fist make a backup of your fils and when encrypted will deleted old files get a file recovery scan your partition get it back that's what I did for a friends

 

[ex_bubblehead]

Bilocker fist make a backup of your fils and when encrypted will deleted old files get a file recovery scan your partition get it back that's what I did for a friends

Bit locker deletes the old files without shredding them first? Deleted file recovery..loving the sound of that.

No, there's absolutely nothing in the clear left behind.

 

[FALC0N]

If there is nothing that will decrypt it now, don't assume there never will be. Wait a few years. Sooner or later a solution will present itself. That doesn't help if you need the data now, but for family photos and such, it's a long term solution.

 

[06yfz450ridr]

if it was crypto I believe it was the one our office got hit by the decryption tool does work, i've used it and tested it. you might be in luck. its faily easy just follow the steps exactly as they look and and copy everything in the key file into the command prompt.


we were all running 7 pro as well

give it a go

https://www.decryptcryptolocker.com/