Download a copy of Ubuntu and make a bootable usb stick. You will need a second laptop to create the usb and a second usb to save your files on.
You can then run the Ubuntu from the usb stick and access the infected hard drives. You can then download all your pictures etc.. onto a second usb stick.
Then just reformat the infected computer afterwards and start fresh.
I just had this issue with a friends laptop. You need a bit of CPU knowledge but it works.
on the new usb still after the linux usb way I suggested. As I mentioned when I did it this way it worked well but it was not the sodinokibi ransomware.
The webpage linked has a second method specifically for your ransomware. This page explains the method that your ransomware works. www.acronis.com/en-eu/articles/sodinokibi-ransomware/ Sodinokibi ransomware removal - ( New Window )
according to my IT guy the recommended software doesn't even touch it. They are using Malwarebytes Premium. It will take them a few days to get to us as they are working on a first come first serve basis.
but your options at this point are likely limited to:
1. Restore from backup
2. Pay the ransom
Companies like Bitdefender put out decryption tools for some ransomware variants like Gandcrab, though I do not believe any such tools exist for Sodinokibi.
I recommend you immediately disconnect that laptop from your network, avoid connecting to any other networks until the system has been confirmed to be clean, and that all security patches are up-to-date.
on the new usb still after the linux usb way I suggested. As I mentioned when I did it this way it worked well but it was not the sodinokibi ransomware.
The webpage linked has a second method specifically for your ransomware. This page explains the method that your ransomware works. www.acronis.com/en-eu/articles/sodinokibi-ransomware/ Sodinokibi ransomware removal - ( New Window )
According to this article the ransomware works by encrypting the the victims files. If thats the case I don't see how your suggestion will work. An Ubuntu USB stick will allow you to boot the system and access the disk partitions and maybe even the individual files, depending on how the encryption was done. But those files will be useless if they are encrypted.
on the new usb still after the linux usb way I suggested. As I mentioned when I did it this way it worked well but it was not the sodinokibi ransomware.
The webpage linked has a second method specifically for your ransomware. This page explains the method that your ransomware works. www.acronis.com/en-eu/articles/sodinokibi-ransomware/ Sodinokibi ransomware removal - ( New Window )
According to this article the ransomware works by encrypting the the victims files. If thats the case I don't see how your suggestion will work. An Ubuntu USB stick will allow you to boot the system and access the disk partitions and maybe even the individual files, depending on how the encryption was done. But those files will be useless if they are encrypted.
Like I mentioned. I did it and it worked not long ago. It was not this particular "virus" . I wish I could remember the name. When I did it there were no extra extensions on the files. I copied everything over to the extra usb and checked by opening them on my laptop which is Linux.
on the new usb still after the linux usb way I suggested. As I mentioned when I did it this way it worked well but it was not the sodinokibi ransomware.
The webpage linked has a second method specifically for your ransomware. This page explains the method that your ransomware works. www.acronis.com/en-eu/articles/sodinokibi-ransomware/ Sodinokibi ransomware removal - ( New Window )
According to this article the ransomware works by encrypting the the victims files. If thats the case I don't see how your suggestion will work. An Ubuntu USB stick will allow you to boot the system and access the disk partitions and maybe even the individual files, depending on how the encryption was done. But those files will be useless if they are encrypted.
Like I mentioned. I did it and it worked not long ago. It was not this particular "virus" . I wish I could remember the name. When I did it there were no extra extensions on the files. I copied everything over to the extra usb and checked by opening them on my laptop which is Linux.
What you are mentoning will not work for any ransomware. Please do not suggest this for ransomware.
What you are suggesting is someone should essentially mount there drive to a Linux OS and copy there files over, which would normally be fine (and really an obtuse process) for any other malware out there. But with Ransomeware it just locks your files up.
At this point in time, you really can't do anything unless a security research team have come out with an application or algorithiim to decrypt and get you the ransomware key.
My suggestion/Questions:
1. What was the most important thing to you on this machine?
If its pictures, do you have them backed up on google photos or icloud? Don't worry blow out the machine, start fresh.
2. Documents: Same to what I mentioned above, blow out the machine; if not it is a loss.
3. Applications/Programs: Unfortunately these will be lost anyways and you will have to install from scratch.
Ransomware at a personal level is much easier to handle then an enterprise level, don't give in and don't pay them.
Double check your cloud accounts (OneDriive, Google Docs/Photos, and iCloud)
Thanks. My IT guy came to basically the same conclusion. I was hoping for a more simple fix. Fortunately we do have a backup. Unfortunately the IT guy is busy restoring several other systems. This bug apparently hit on Thurs nite around 5:15pm est. He and staff are working on first come first serve.
You can then run the Ubuntu from the usb stick and access the infected hard drives. You can then download all your pictures etc.. onto a second usb stick.
Then just reformat the infected computer afterwards and start fresh.
I just had this issue with a friends laptop. You need a bit of CPU knowledge but it works.
If that's the case, you need to fire up good old DOS, and use text commands to navigate to the stick.
If that's the case, you need to fire up good old DOS, and use text commands to navigate to the stick.
The Ubuntu OS will not need any access to anything windows. It sees the other laptop HD's as storage only.
When ever you get them, they are un usable (encrypted)
The webpage linked has a second method specifically for your ransomware. This page explains the method that your ransomware works. www.acronis.com/en-eu/articles/sodinokibi-ransomware/
Sodinokibi ransomware removal - ( New Window )
1. Restore from backup
2. Pay the ransom
Companies like Bitdefender put out decryption tools for some ransomware variants like Gandcrab, though I do not believe any such tools exist for Sodinokibi.
I recommend you immediately disconnect that laptop from your network, avoid connecting to any other networks until the system has been confirmed to be clean, and that all security patches are up-to-date.
The webpage linked has a second method specifically for your ransomware. This page explains the method that your ransomware works. www.acronis.com/en-eu/articles/sodinokibi-ransomware/ Sodinokibi ransomware removal - ( New Window )
Quote:
on the new usb still after the linux usb way I suggested. As I mentioned when I did it this way it worked well but it was not the sodinokibi ransomware.
The webpage linked has a second method specifically for your ransomware. This page explains the method that your ransomware works. www.acronis.com/en-eu/articles/sodinokibi-ransomware/ Sodinokibi ransomware removal - ( New Window )
According to this article the ransomware works by encrypting the the victims files. If thats the case I don't see how your suggestion will work. An Ubuntu USB stick will allow you to boot the system and access the disk partitions and maybe even the individual files, depending on how the encryption was done. But those files will be useless if they are encrypted.
Like I mentioned. I did it and it worked not long ago. It was not this particular "virus" . I wish I could remember the name. When I did it there were no extra extensions on the files. I copied everything over to the extra usb and checked by opening them on my laptop which is Linux.
Quote:
In comment 14776772 Scott in Montreal said:
Quote:
on the new usb still after the linux usb way I suggested. As I mentioned when I did it this way it worked well but it was not the sodinokibi ransomware.
The webpage linked has a second method specifically for your ransomware. This page explains the method that your ransomware works. www.acronis.com/en-eu/articles/sodinokibi-ransomware/ Sodinokibi ransomware removal - ( New Window )
According to this article the ransomware works by encrypting the the victims files. If thats the case I don't see how your suggestion will work. An Ubuntu USB stick will allow you to boot the system and access the disk partitions and maybe even the individual files, depending on how the encryption was done. But those files will be useless if they are encrypted.
Like I mentioned. I did it and it worked not long ago. It was not this particular "virus" . I wish I could remember the name. When I did it there were no extra extensions on the files. I copied everything over to the extra usb and checked by opening them on my laptop which is Linux.
What you are mentoning will not work for any ransomware. Please do not suggest this for ransomware.
What you are suggesting is someone should essentially mount there drive to a Linux OS and copy there files over, which would normally be fine (and really an obtuse process) for any other malware out there. But with Ransomeware it just locks your files up.
At this point in time, you really can't do anything unless a security research team have come out with an application or algorithiim to decrypt and get you the ransomware key.
My suggestion/Questions:
1. What was the most important thing to you on this machine?
If its pictures, do you have them backed up on google photos or icloud? Don't worry blow out the machine, start fresh.
2. Documents: Same to what I mentioned above, blow out the machine; if not it is a loss.
3. Applications/Programs: Unfortunately these will be lost anyways and you will have to install from scratch.
Ransomware at a personal level is much easier to handle then an enterprise level, don't give in and don't pay them.
Double check your cloud accounts (OneDriive, Google Docs/Photos, and iCloud)
Best of luck.
Newjack
Yes, and you butchered his name
If you are at an enterprise level 500-1000+ machines there are other tools out there you can get.
I would also disable admin powershell (or at least require the use of a password) on the machine since thats how most ransomeware lock your files.