Help: Ransonware: All files are encrypted

charlie123

Registered
hi there

My mate was completing some work online (he’s a dentist) then was alerted to an on-screen message saying get all his files have been encrypted and have pay by bitcoin.

His IT guy advised to do a system restore via the disk on the PC, which is running fine now but he has an external hard disk with patient files that shows this ransonware message when he’s tries to access them - this has patient records as a backup

Is there any free software that can be run on the external hard disk to remove the ransonware ?
I have enclosed the image of the ransonware

He had tried malwarebytes but after scanning that showed no threats

Thanks in Adance
Charlie
 

Attachments

wooshman

VIP Member
Forum Supporter
They normally live in your registry and don't encrypt your files UNLESS you are unlucky enough to have contracted one of the ones which actually does encrypt your file.

Start here and try and find which one you have.
https://www.bleepingcomputer.com/virus-removal/

Their guides are very very good and should help you remove it.

First thing to try is starting in safe mode. If the computer starts up it is a good start.
 

charlie123

Registered
Thank you for the post, I will take a look as he’s a non techie

All the files are his external hard disk are infected so seeing what can be done to Remove it

Cheers
 

stuss

TK Veteran
Forum Supporter
A dentist wanting free ransomware software.. 2k for my screw in tooth
What version of Windows is your dentist using ??
 

charlie123

Registered
I know the cheeky sod - but he doesn’t charge me for treatment -lol

He’s Running Windows 7
 

charlie123

Registered
So after a lot of research it’s the:

[email protected] is a crypto-malware closely related to Arrow ransomware

So trying to work out what free malware tool can be used remove it....as Malwarebytes didn’t pick up any threats on the external hard drive
 

charlie123

Registered
Thanks, l did see that whilst researching it and have told him to try it - cheers

Also told him about storage of personal data :-(
 

pabloescaban

TK Veteran
Forum Supporter
the thing is, this HDD with the ransomware is only a backup of patient data?
which means he must also have that data elsewhere?
Create a new backup on a new disk, then verify everything is there and intact, then erase the drive with ransomware on it.
DBAN is about best, other than nuking it from orbit
 

steptoe

TK Veteran
Forum Supporter
try reading the files using Linux,
 
Top