My PC had been infected by a Ransomware!

[Styx_Me]

Just this week, before the convention day, I have acquired a ransomware.All my files had been encrypted. Since we don't usually do back ups, I am now desperate to recover my data.IAll my files now have a .nile extension. Can somebody help me? 

[Musky]

I'm sorry brother, but you have a tough road ahead. It's much easier to prevent a ransomware attack then it is recovering from one. 

 

See if malewarebytes can help you. 

https://www.google.com/url?sa=t&source=web&rct=j&url=https://www.malwarebytes.com/ransomware/&ved=2ahUKEwjAjZXMs5LrAhUO-6wKHYzTDIgQFjAfegQIBRAB&usg=AOvVaw2FzYamk7bh8i2hoRwl3V9V

[Foxes53]

That's a good reminder to have a good backup system. I use Onedrive and backup my important files manually once or twice a week.

[Styx_Me]

4 hours ago, Styx_Me said:

Just this week, before the convention day, I have acquired a ransomware.All my files had been encrypted. Since we don't usually do back ups, I am now desperate to recover my data.IAll my files now have a .nile extension. Can somebody help me? 

Thanks for your suggestion @Musky .I did install them just yesterday. I did all the scanning. I already installed Spyhunter 5, Hitman Pro,AVG but nothing seems to change. I'm not really sure if the virus/ransomware is totally gone after all the scans I've run.The files are still encrypted into .nile extensions. I was still hoping I could recover the files.

[Styx_Me]

38 minutes ago, Foxes53 said:

That's a good reminder to have a good backup system. I use Onedrive and backup my important files manually once or twice a week.

Yeah I'll probably start doing that after I have dealt with this.Can't really do much with your PC having this virus/malware. New files (ex. photos) get encrypted as well. I badly need to fix this right away since it's the only way we can watch the remaining RC videos.

[luisenriquereyes]

Very difficult to recover from this.  I have had to deal with these people when customers decided to pay the ransom.

 

For now seems like there is no fix for this .nile ransomware.  Here is recent information from Microsoft and Bleeping Computer:

 

https://answers.microsoft.com/en-us/protect/forum/all/i-have-been-infected-with-malware-nile-extension/a00689aa-7348-45fe-b5ad-85bf8fdb53b6

 

https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-stop-puma-djvu-promo-drume-help-support-topic/page-690#entry5037803

[shali]

We had a brother that had the same thing happen and he had to pay the ransom. I think he opened an email that was telling him that his Windows computer needed to be updated or something.  Do you know how it happened to you?

Edited August 11, 2020 by shali

[carlos]

Jan, I am afraid there is no way to recover that information, except, maybe, by paying the ransom.

 

If you have Google Photos on your phone, it's possible that Google keeps a copy of the pictures. You can try here, loging in with your usual Google user and password:

https://www.google.com/intl/en/photos/about/

 

Now the easiest way to get rid of the virus is to use the option to restore your computer to factory settings. That formats the computer and leaves it as the first day. There is even an option to do it without deleting your documents, although those documents are now useless.

[lord-360]

6 hours ago, Styx_Me said:

Yeah I'll probably start doing that after I have dealt with this.Can't really do much with your PC having this virus/malware. New files (ex. photos) get encrypted as well. I badly need to fix this right away since it's the only way we can watch the remaining RC videos.

https://www.emsisoft.com/ransomware-decryption-tools/ seems to be one way you can try decrypting, but i think this current ransomware is too new. Factory reset your pc and if windows 10 i suggest only using windows defender as your virus program and also adding an extension to your browser called ublock origin or adblock plus. (Turn these blockers off for certain websites like banks and jw.org etc... To make sure they work as intended.) This combo generally prevents most viruses. If you have a google account your stuff might have backed up. Or through one drive. Be careful of emails you click and check the file name of file before you try to download them. Sorry this has happened.

[Myew]

RIP data, I'm sorry to read this. Don't run executable e-mail attachments or files from sketchy websites, etc.
There is a slim possibility you can identify it and it will be de-encryptable, maybe in the future. But for now, you really need a complete hard drive repartitioning.

https://www.howtogeek.com/434676/should-you-pay-up-if-you-get-hit-by-ransomware/
https://www.howtogeek.com/437148/what-to-do-right-now-to-make-yourself-immune-to-ransomware/
https://www.nomoreransom.org/en/index.html
https://id-ransomware.malwarehunterteam.com/

Edited August 11, 2020 by Myew

[.Ivan.]

I had that case on boss work pc. My boss opened some file from email and whole database was encripted with extension i think .ptt or somethinh like that.. lucky for us we have backup on external drive.
Paying ransom did not work in many cases.. those people are criminals, and will take money but not restore your files. Do not trust them.
Backup all you need, restore pc on factory settings, delete all, because files are useless and be careful next time. Do not open emails from people you dont know and do not open links you are not familiar with..
Use chrome addon Adguard, and chrome have its own blocker.
Can use Brave browser for windows based on chrome...

https://brave.com/

Set your UAC to avoid exidental opening unknown files

https://en.m.wikipedia.org/wiki/User_Account_Control

Do not surf porn or piracy

Here are some other tips..


https://support.microsoft.com/en-us/help/4013263/windows-10-stay-protected-with-windows-security

[carlos]

The developers of the McAfee antivirus have this tool that claims to decrypt the files encrypted by some those viruses:

https://www.mcafee.com/enterprise/es-es/downloads/free-tools/ransomware-decryption.html

 

Even if it cannot decrypt your files now, it's possible that it will in the future, so keep a copy of them.

[Styx_Me]

On 8/11/2020 at 8:37 PM, luisenriquereyes said:

Very difficult to recover from this.  I have had to deal with these people when customers decided to pay the ransom.

 

For now seems like there is no fix for this .nile ransomware.  Here is recent information from Microsoft and Bleeping Computer:

 

https://answers.microsoft.com/en-us/protect/forum/all/i-have-been-infected-with-malware-nile-extension/a00689aa-7348-45fe-b5ad-85bf8fdb53b6

 

https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-stop-puma-djvu-promo-drume-help-support-topic/page-690#entry5037803

 thanks brother..I'll take some time to read that info

[Styx_Me]

 Thank you brothers for your suggestions..appreciated it. We'll I was a kind of exhausted the whole week looking for answers to this problem since I have limited knowledge towards this situation (but I like techie stuffs too so, yeah) ..I'm glad all of you had answered to this thread @luisenriquereyes @lord-360 @Myew @.Ivan.@carlos ..and this is just  what I needed.

 

I had acquired this by downloading some crack software. Really , it was quite a lesson for me 😂  

Edited August 13, 2020 by Styx_Me
hyperlinks not properly linked

[Styx_Me]

On 8/11/2020 at 9:01 PM, shali said:

We had a brother that had the same thing happen and he had to pay the ransom. I think he opened an email that was telling him that his Windows computer needed to be updated or something.  Do you know how it happened to you?

ohhh that's quite devastating for him..I'm not sure it will do any good if you will pay the ransom as some have commented on this thread.And I have read somewhere in an article  that you should not try to open the email they gave you..I don't know why..but since I had acquired this from them, I'm not sure if they can be trusted in that.

 

I was able to find a cracked version of some software..and I was a bit groggy since it's 2 am. Ran the executable file as usual. Then my PC hangs for a minute or two.Then I saw a notification..I really thought it was the windows defender notifying me that there is some malware.Then the Windows requested me to download some outdated windows file.So I did it.multiple times.Then I got really tired so I had to sleep.Next thing in the morning about 7 am , googled everything that happened (I was quite good at that haha) and then checked my files and boom! my files are already encrypted with this .nile thingy.

[Styx_Me]

On 8/11/2020 at 9:16 PM, carlos said:

Jan, I am afraid there is no way to recover that information, except, maybe, by paying the ransom.

 

If you have Google Photos on your phone, it's possible that Google keeps a copy of the pictures. You can try here, loging in with your usual Google user and password:

https://www.google.com/intl/en/photos/about/

 

Now the easiest way to get rid of the virus is to use the option to restore your computer to factory settings. That formats the computer and leaves it as the first day. There is even an option to do it without deleting your documents, although those documents are now useless.

"I have prepared myself that this day would come" (sad violin tone playing). I was hoping this worst case scenario while I was feeling all  hopeless searching for answers and solutions.

I am using our desktop at the moment this did happen. Now, I can't surf the internet peacefully knowing this could cause them to gain access( or maybe not.I'm not sure if they can) to our google accounts.

[shali]

Does "cracked" version" of software mean it's software you'd normally have to pay for but with a "cracked" version you don't have to (it gives you the key code you need)?  I'm not familiar with that term.

[Musky]

Does "cracked" version" of software mean it's software you'd normally have to pay for but with a "cracked" version you don't have to (it gives you the key code you need)?  I'm not familiar with that term.

Yes, that's exactly what it means. The license activation system that protects the software from being "pirated" or illegally used by someone who has not purchased it, has been modified or removed. There are also "key generators" that produce bogus license keys that unlock the software. These kind of things are usually full of malware, viruses and Spyware etc.

 

 

[Styx_Me]

On 8/11/2020 at 9:16 PM, carlos said:

Jan, I am afraid there is no way to recover that information, except, maybe, by paying the ransom.

 

If you have Google Photos on your phone, it's possible that Google keeps a copy of the pictures. You can try here, loging in with your usual Google user and password:

https://www.google.com/intl/en/photos/about/

 

Now the easiest way to get rid of the virus is to use the option to restore your computer to factory settings. That formats the computer and leaves it as the first day. There is even an option to do it without deleting your documents, although those documents are now useless.

I was thinking to do that

 

I have a question...If I do format my computer to it's factory settings, how will I know if the virus is totally gone ?

[Qapla]

Look at the file extensions and see if any have that .nile extension

 

Run a few detection programs before installing any additional software.

 

Check on MajorGeeks.com and BleepingComputer.com for scanning programs designed to detect ransomware

[Floyd]

The best way to reinstall is to boot from a usb that was created from the windows media creation tool. One of the options will be to format the drive. That will get rid of 99.99% of any maleware.

 

I can't help but think of Gal. 6:7

[jwhess]

8 hours ago, Floyd said:

The best way to reinstall is to boot from a usb that was created from the windows media creation tool. One of the options will be to format the drive. That will get rid of 99.99% of any maleware.

 

I can't help but think of Gal. 6:7

I had a Surface 3 tablet that got scrambled (not by ransom-ware).  It had a full-sized USB port that was very handy.  I made a bootable USB flash drive with the Media Creation tool.  After some aggravation and entanglements between BIOS and UEFI I finally got booted and installed.  A completely new setup.  I have never tried such a device update with a micro-USB.

[Qapla]

I had a hard drive die on me many years ago. Among other things, I lost a document I had been working on for quite some time. I kept the drive and would check eBay for a "control board" from time-to-time - it had to be the "same" board (certain numbers have to match) It too a couple years but I finally found a board and got it. After installing the new board I was able to recover all the files from that drive.

 

I kept using the drive for some time after that - but, since I didn't totally trust it, I never stored anything critical on it.

 

I now keep several copies on different storage solutions for anything critical.

 

I do not d/l cracked/hacked/or otherwise subverted software

 

 

Edited August 16, 2020 by Qapla

[LRJW]

It is dangerous to download pirated programs, not to mention it's just not a good moral choice.  Not passing judgement here; when I was younger, I would do it all the time. 

 

Many people also download pirated movies and shows, although I'm not sure you have the same potential for damage in those files.  

 

Anyway, I learned my lesson the hard way as well - had to wipe my computer and lost a LOT of valuable data.  Nowadays, if I can't afford a program or movie/show, I just wait until I can, or I look for a free alternative.