Endpoint Protection

Expand all | Collapse all

ID_help@antivirusebola.com cryptor

Jump to Best Answer
  • 1.  ID_help@antivirusebola.com cryptor

    Posted 09-09-2014 07:06 AM

    My customer in Russia uses SEP 12.1.2 with latest updates. He reported that one of his systems (accounting server) was infected and users' and database files was encrypted. The files are renamed, the template is %ID%help@antivirusebola.com

    One of our competitor's web site determines the threat as Cryptor.701. The encryption algorithm is AES with 128 bit key. Can we decrypt these files? Can we protect the systems from this threat? What can we do to help Symantec protect customers from this?

  • 2.  RE: ID_help@antivirusebola.com cryptor

    Posted 09-09-2014 07:21 AM

    You can't recover that files.It's new variants you can submit submission file symantec Security Response Team

    See this thread


  • 3.  RE: ID_help@antivirusebola.com cryptor

    Posted 09-09-2014 08:00 AM

    You may get lucky trying this new site


  • 4.  RE: ID_help@antivirusebola.com cryptor
    Best Answer

    Posted 09-09-2014 11:57 AM

    Hi hdablin,

    This article may be of use:

    Recovering Ransomlocked Files Using Built-In Windows Tools

    Restoring from a known good backup is the solution against these.  There's no way to undo the sabotage.

    If they have identified the file which caused the damage, please do ask them to submit it to Security Response.

    Symantec Insider Tip: Successful Submissions!


    It will not help them to decrypt the files, but it will save other users from suffering the same fate.  Please feel free to PM me the Tracking number if there is a submission! &: )

    With thanks and best regsrds,