Endpoint Protection

My customer in Russia uses SEP 12.1.2 with latest updates. He reported that one of his systems (accounting server) was infected and users' and database files was encrypted. The files are renamed, the template is %ID%help@antivirusebola.com

One of our competitor's web site determines the threat as Cryptor.701. The encryption algorithm is AES with 128 bit key. Can we decrypt these files? Can we protect the systems from this threat? What can we do to help Symantec protect customers from this?

You can't recover that files.It's new variants you can submit submission file symantec Security Response Team

See this thread

https://www-secure.symantec.com/connect/forums/virus-cant-open-my-word-excel

You may get lucky trying this new site

https://www.decryptcryptolocker.com/

Hi hdablin,

This article may be of use:

Recovering Ransomlocked Files Using Built-In Windows Tools
https://www-secure.symantec.com/connect/articles/recovering-ransomlocked-files-using-built-windows-tools

Restoring from a known good backup is the solution against these.  There's no way to undo the sabotage.

If they have identified the file which caused the damage, please do ask them to submit it to Security Response.

Symantec Insider Tip: Successful Submissions!
https://www-secure.symantec.com/connect/articles/symantec-insider-tip-successful-submissions

It will not help them to decrypt the files, but it will save other users from suffering the same fate.  Please feel free to PM me the Tracking number if there is a submission! &: )

With thanks and best regsrds,

Mick