My company had the same Virus / Ransomware. It uses what appears to be a windows exploit, but elevating permissions to run and doesn't trigger UAC. It's disguised as a hidden system file and no AV that I have tested can detect it if all the system files are hidden. However the AV's that I tested would find it with the system files un hidden.
This of course is not best practice for any environment so we had to find another solution. We found that Malware Bytes will catch it no matter how it's executed. It will run through and Encrypt everything including mapped drives. We did find that it leaves a trail of its destruction in the registry and you can export the files it's encrypted using a power shell script. Lastly, our backup system had failed for the drives we needed to restore so rather than losing almost 6 months of work we took a chance and paid for the decryption key, and it worked. The biggest struggle if getting a BitCoin, because they don't seem to be allowing the Green Dot cards anymore. That's my two cent's hope it helps! Thanks again, From: [email protected] [mailto:[email protected]] On Behalf Of [email protected] Sent: Friday, March 21, 2014 2:51 PM To: [email protected] Subject: RE: [mssms] System infected with Bitcrypt virus Odds are, your screwed. Hope you have a good backup of the data. Christopher Catlett Consultant | Detroit [MCTS_2013_small] Sogeti USA Office 248-876-9738 |Fax 877.406.9647 26957 Northwestern Highway, Suite 130, Southfield, MI 48033-8456 www.us.sogeti.com<http://www.us.sogeti.com/> From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Rajan Hotmail Sent: Friday, March 21, 2014 3:06 PM To: [email protected]<mailto:[email protected]>; [email protected]<mailto:[email protected]> Subject: [mssms] System infected with Bitcrypt virus Dear, One of my PC is infected with Virus with Bitcrypt virus. Anyone have idea about this Virus and the how decrypt the all files? Regards Rajan MiTek Holdings, Inc., 2011-2014, All Rights Reserved ________________________________ This communication (including any attachments) contains information which is confidential and may also be privileged. It is for the exclusive use of the intended recipient(s). If you are not the intended recipient(s), please note that any distribution, copying, or use of this communication or the information in it is strictly prohibited. If you have received this communication in error, please notify the sender immediately and then destroy any copies of it.
<<inline: image001.jpg>>
