Help: Ransonware: All files are encrypted

hi there

My mate was completing some work online (he’s a dentist) then was alerted to an on-screen message saying get all his files have been encrypted and have pay by bitcoin.

His IT guy advised to do a system restore via the disk on the PC, which is running fine now but he has an external hard disk with patient files that shows this ransonware message when he’s tries to access them - this has patient records as a backup

Is there any free software that can be run on the external hard disk to remove the ransonware ?
I have enclosed the image of the ransonware

He had tried malwarebytes but after scanning that showed no threats

Thanks in Adance
Charlie
 

Attachments

  • 546B3DDE-170D-4E92-B595-DE636AA9FE69.jpeg
    546B3DDE-170D-4E92-B595-DE636AA9FE69.jpeg
    91.2 KB · Views: 13
They normally live in your registry and don't encrypt your files UNLESS you are unlucky enough to have contracted one of the ones which actually does encrypt your file.

Start here and try and find which one you have.
https://www.bleepingcomputer.com/virus-removal/

Their guides are very very good and should help you remove it.

First thing to try is starting in safe mode. If the computer starts up it is a good start.
 
Thank you for the post, I will take a look as he’s a non techie

All the files are his external hard disk are infected so seeing what can be done to Remove it

Cheers
 
A dentist wanting free ransomware software.. 2k for my screw in tooth
What version of Windows is your dentist using ??
 
So after a lot of research it’s the:

Badfail@qq.com is a crypto-malware closely related to Arrow ransomware

So trying to work out what free malware tool can be used remove it....as Malwarebytes didn’t pick up any threats on the external hard drive
 
Thanks, l did see that whilst researching it and have told him to try it - cheers

Also told him about storage of personal data :-(
 
the thing is, this HDD with the ransomware is only a backup of patient data?
which means he must also have that data elsewhere?
Create a new backup on a new disk, then verify everything is there and intact, then erase the drive with ransomware on it.
DBAN is about best, other than nuking it from orbit
 
Back
Top