Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 8 subscribers
  • Views 19743 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Ransomware? how to detect/remove the problem, and how to get files back

Nikta Bor

Yesterday I noticed that many of my files (music/video) have disappeared from the directory they were in. I suspect ransomware but cannot find a ransom demand. Have run sophos scans and malwarebytes scans and no issues were detected. In the first instance I would like to know how to detect/remove the problem, and in the second it would be nice to get files back (although most are backed up). Any help much appreciated!



This thread was automatically locked due to age.
  • 0

    Hi Nikta,

     

    It doesn't sound like ransomware, as you say there should be a ransom note left behind, you would also see the encrypted versions of your files. Typically ransomware is very obvious to spot as the attacker wants you to know you have been made a victim so that you pay the ransom. if it isn't obvious it's ransomware then it probably isn't.

     

    Have you noticed anything else suspicious? what AV product are you using exactly?

     

    Stupid question I know but I have to ask, are you sure you haven't just deleted the files? were they on your computer or an external drive?

  • 0 in reply to PeterM

    Hi Peter,

    Thanks for the response. I am using Sophos (home), but I think it may have had trouble updating recently, until this problem arose and I fixed it.

    The files were on the computer, not a hard drive.

    I dont think I accidentally deleted the files. I cant find any evidence of the files in the recycle bin, and files are missing from 2 distinct locations. I can (sort of) imaging accidentally deleting files from one location, but two seems unlikely, if that make sense.

    Appreciate any suggestions!

    Cheers!

  • 0 in reply to Nikta Bor

    If this was malware and the AV wasn't up to date at the time that could be  reason why nothing was detected. Unfortunately it doesn't sound like we have much information to go on. My suggestion would be to make sure Sophos Home is working correctly and up to date, if you login to the dashboard make sure all the protection options are enabled, then run a full scan and see if it finds anything.

     

    You could also join the Sophos Home Premium Beta which is currently free for 1 year: https://home.sophos.com/register/beta 

    It includes some very powerful anti ransomware technology, as well as many other new technologies.

  • 0

    Nikta Bor said:

    Yesterday I noticed that many of my files (music/video) have disappeared from the directory they were in. I suspect ransomware but cannot find a ransom demand. Have run sophos scans and malwarebytes scans and no issues were detected. In the first instance I would like to know how to detect/remove the problem, and in the second it would be nice to get files back (although most are backed up). Any help much appreciated!

     

    Nita,

    This doesn't sound like ransomware since no request was made in exchange for your files.

    Have you checked the quarantine in your AV/security products?  Perhaps one of them hid the file for some reason.

Unfiltered HTML