I am the network administrator and have Sophos Endpoint Protection - Advanced 2 package across our domain computers which I manage through Sophos Enterprise Console.
We have recently been hit by the Locky Ransomware where we have lost many documents due to being encrypted and the following text file was generated:
!!! IMPORTANT INFORMATION !!!!
All of your files are encrypted with RSA-2048 and AES-128 ciphers.
More information about the RSA and AES can be found here:
http://en.wikipedia.org/wiki/RSA_(cryptosystem)
http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
Decrypting of your files is only possible with the private key and decrypt program, which is on our secret server.
To receive your private key follow one of the links:
1. http://25z5g623wpqpdwis.tor2web.org/AE91F5FC7CE031A5
2. http://25z5g623wpqpdwis.onion.to/AE91F5FC7CE031A5
3. http://25z5g623wpqpdwis.onion.cab/AE91F5FC7CE031A5
If all of this addresses are not available, follow these steps:
1. Download and install Tor Browser: https://www.torproject.org/download/download-easy.html
2. After a successful installation, run the browser and wait for initialization.
3. Type in the address bar: 25z5g623wpqpdwis.onion/AE91F5FC7CE031A5
4. Follow the instructions on the site.
!!! Your personal identification ID:
Unfortunately Sophos did not seem to pick this up. What is the best way for safely removing this ransomware? We have not found where it came from yet so must check every PC.
This thread was automatically locked due to age.