All my Excel/Word docs encrypted and unreadable. Tor-browser download demand.

[Sviss Geez]

All of my documents have somehow been encrypted between switching off my laptop one night and turning it on the next day making them unreadable and in the case of the Excels unaccessable. When I turn on the computer a screen is telling me to download a Tor-browser(?) so that I can access and read my documents and "not to bother searching for other solutions because there aren't any".

The only thing I have downloaded recently (2 weeks ago) is Betternet vpn to enable access to Andrew Drummond's blocked site.

My knowledge of computers is very limited to the point that I don't even know how to copy to this post the screen that appears when I switch on although I have copied the text of one of the messages as follows:-

"What happened to your files ?
All of your files were protected by a strong encryption with RSA-2048 using CryptoWall 3.0.
More information about the encryption keys using RSA-2048 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem)

What does this mean ?
This means that the structure and data within your files have been irrevocably changed, you will not be able to work with them, read them or see them,
it is the same thing as losing them forever, but with our help, you can restore them.

How did this happen ?
Especially for you, on our server was generated the secret key pair RSA-2048 - public and private.
All your files were encrypted with the public key, which has been transferred to your computer via the Internet.
Decrypting of your files is only possible with the help of the private key and decrypt program, which is on our secret server.

What do I do ?
Alas, if you do not take the necessary measures for the specified time then the conditions for obtaining the private key will be changed.
If you really value your data, then we suggest you do not waste valuable time searching for other solutions because they do not exist.

For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below:
1.http://7oqnsnzwwnm6zb7y.paygateawayoros.com/1cxk345
2.http://7oqnsnzwwnm6zb7y.paymentgateposa.com/1cxk345
3.http://7oqnsnzwwnm6zb7y.optionpaymentprak.com/1cxk345
4.http://7oqnsnzwwnm6zb7y.watchdogpayment.com/1cxk345

If for some reasons the addresses are not available, follow these steps:
1.Download and install tor-browser: http://www.torproject.org/projects/torbrowser.html.en
2.After a successful installation, run the browser and wait for initialization.
3.Type in the address bar: 7oqnsnzwwnm6zb7y.onion/1cxk345
4.Follow the instructions on the site.


IMPORTANT INFORMATION:
Your personal page: http://7oqnsnzwwnm6zb7y.paygateawayoros.com/1cxk345
Your personal page (using TOR): 7oqnsnzwwnm6zb7y.onion/1cxk345
Your personal identification number (if you open the site (or TOR 's) dir"

The other operations of the computer don't seem to be affected in any way.

Can anyone with knowledge and the patience to explain in layman's terms what has happened know what the solution is?

[NeverSure]

It looks like you may have the Crytowall virus. That's this stuff people are talking about as ransomware. If someone offers to fix it for money don't pay it as you just encourage them and they probably won't fix it.

Visit this page, read some and watch a youtube vid on removing it. I've never had it and every computer is different. Just read and make a game plan and execute it. People are getting rid of it.

Good luck.

Edit; You may have gotten it by visiting a web page or from an email attachment or another way.

[IMHO]

You've been hit by ransomware, just like this recent poster: http://www.thaivisa.com/forum/topic/828057-got-hit-by-ransomware/

[NeverSure]

There are more than one of these ransomware deals. He has Cryptolocker, apparently. I would go after instructions for that, specifically.

Cheers

[Sviss Geez]

Thanks, Neversure and IMHO, I'll have a look at what you both suggest.

[faraday]

Here's a bit more info for you:

http://www.pcwintips.com/remove-cryptowall-virus-and-restore-cryptowall-files/

[katana]

http://www.bleepingcomputer.com/forums/t/563169/after-a-brief-hiatus-malware-developers-release-cryptowall-30/

http://www.bleepingcomputer.com/virus-removal/cryptowall-ransomware-information#cryptowall3

[Guest]

Wow, bad luck there, sorry to hear this and hope the advice you got by others helps.

To help us, can you please let us know which Virus solution you were using, since it seems to have let you down, and we may want to change if that is the one we have.

Thank You, and best of luck on the repair.

[Straight8]

Agree, it looks like you have been infected with 'Ransomware' and if so; unless you have recent backups [a day or two old to a 1 week] to recover from, you may be effedd!!!

I have heard of people paying up and getting the files unlocked, while others have paid and never recovered their files.

It all depends how valuable your files are if in fact you are infected and their is no way to recover from if you should pay up or not.

[BudRight]

About you can do is hire a hacker to skull <deleted> them to death. You may not get your files back, but revenge is sweet.

[Guest]

I have a question, when these attacks occur, what happens to the versions stored in the cloud ... One Drive, Drop Box, etc?

I know they originate from our hard drives, but since they can be accessed even if that hard drive is physically destroyed .. are these files immune from this type of attack?

Thanks ...

[maidee]

go to thai police & try to explain it to them

hope they don't jail YOU for IT crime

[Fullstop]

Backups man! Backups!

Too late now I guess.

[Guest]

go to thai police & try to explain it to them

hope they don't jail YOU for IT crime

Here is a guy with his goods in a wringer and really looking to the Expat community for help, and the best you can do is grind your tired old ax?

Thanks .. but no thanks .. now get back to it, your beer is getting warm.

****

I am pretty "techie" but have no solutions here, wish I did.

[Guest]

Backups man! Backups!

Too late now I guess.

Professional grade Antivirus Software.

Awareness that you NEVER click on a link in an email unless you are 1000000000000% positive of the sender. (Even then you can get burned by accident)

Simply use One drive, Drop Box, etc .. once you set it up properly, it is invisible and never in the way.

I use One Drive, and keep my most important files on a Kingston Thumb Drive for double security.

Too late for this guy, but a help to others reading this .. perhaps.

[wump]

Does OneDrive help? As fair as I know, the encryption process takes place in the background over a couple of days and OneDrive syncronizes every hour or so. Wouldn't the encrypted files get synchronized as well, and therefore the original files be overwritten?

[NeverSure]

This is why we image our hdd's regularly to an external drive and have a scheduling backup such as Cobian run every night.

I hope OP can get this solved.

[hawker9000]

It looks like you may have the Crytowall virus. That's this stuff people are talking about as ransomware. If someone offers to fix it for money don't pay it as you just encourage them and they probably won't fix it.

Visit this page, read some and watch a youtube vid on removing it. I've never had it and every computer is different. Just read and make a game plan and execute it. People are getting rid of it.

Good luck.

Edit; You may have gotten it by visiting a web page or from an email attachment or another way.

It's important to differentiate between removal of the "virus", and recovery of the files that were encrypted. Success with the former does not mean getting your files unencrypted and usable again as well, unless the tool you're using happens to have the key that was used and is capable of more than just "cleaning" the malware off your PC.

TOR is a popular anonymous browsing tool that makes connection end-points difficult to trace. That's why the attackers are requiring its use.

[chingching]

Does OneDrive help? As fair as I know, the encryption process takes place in the background over a couple of days and OneDrive syncronizes every hour or so. Wouldn't the encrypted files get synchronized as well, and therefore the original files be overwritten?

True, you do not want a "synching" program. You want a backup program. Or run your "synching" program, once a week, after checking files you are about to synch are o.k. ( which really wouldn't be that easy if u have many files )

[pumpuy]

Change your OS to Linux 17 , best I ever had , you don't even need Virus Protection !

Bach up your important files on external drive , no problems of this kind , never again ...

[Chicog]

Backups man! Backups!

Too late now I guess.

Professional grade Antivirus Software.

Awareness that you NEVER click on a link in an email unless you are 1000000000000% positive of the sender. (Even then you can get burned by accident)

Simply use One drive, Drop Box, etc .. once you set it up properly, it is invisible and never in the way.

I use One Drive, and keep my most important files on a Kingston Thumb Drive for double security.

Too late for this guy, but a help to others reading this .. perhaps.

Antivirus is useless against 0-day attacks.

If you read the other ransomware thread mentioned above there are several other tricks to deploy.

Backups are the key though. Doesn't matter where as long as they can't be deleted or overwritten by the malware.

[MauiSteveBKK]

I have an infected computer, too.

It put the .ecc extension to every picture and word/excel spreadsheet.

I will keep watching to see how it gets fixed.

Also, the "registry" has been damaged, so that I can not even use Dreamweaver MX web site development software.

Nasty, nasty VIRUS.

HELP TOO!!!

[Chicog]

If it's a variant of TeslaCrypt, I'd suggest you read this:

http://deletemalware.blogspot.com/2015/03/encrypted-files-ecc-extension-malware.html

Although it doesn't offer any method of decryption.

[ozterix]

check this, it certainly contains your solution

http://deletemalware.blogspot.com/2015/01/how-to-remove-cryptowall-30-virus-and.html

[Chicog]

check this, it certainly contains your solution

http://deletemalware.blogspot.com/2015/01/how-to-remove-cryptowall-30-virus-and.html

A Cryptowall solution for Teslacrypt?

From my link above:

If most of your files are encrypted and have a .ecc extension, for example work.docx.ecc, then your computer is almost certainly infected with TeslaCrypt ransomware.

[Jaggg88]

If you use back ups that are synchronized then your back ups will also be infected. The encryption makes changes to your files so the synchronizing software detects this and backs them up overwriting your clean data. Some cloud storage sites keeps a history or archive of your files which allows you to revert to an earlier version - MS Onedrive does this with Win 8.1.

For those that aren't aware TOR (The Onion Ring) Network Project uses multiple layers to make it difficult to track people/servers, but not impossible. This is where Dark Net/Dark Web services resides. Everything illegal uses TOR (which is basically a vpn) to hide from the authorities which is why its called Dark Net.

[Sviss Geez]

Wow, bad luck there, sorry to hear this and hope the advice you got by others helps.

To help us, can you please let us know which Virus solution you were using, since it seems to have let you down, and we may want to change if that is the one we have.

Thank You, and best of luck on the repair.

I didn't have one apparently.

[Sviss Geez]

Agree, it looks like you have been infected with 'Ransomware' and if so; unless you have recent backups [a day or two old to a 1 week] to recover from, you may be effedd!!!

I have heard of people paying up and getting the files unlocked, while others have paid and never recovered their files.

It all depends how valuable your files are if in fact you are infected and their is no way to recover from if you should pay up or not.

Yes, that is what it was. Lost all the files as I'm not going to pay $500 to (maybe) get them back.

[Sviss Geez]

go to thai police & try to explain it to them

hope they don't jail YOU for IT crime

Just the sort of response I'd expect from you. Why would you choose to turn this into a police-bash?

[Sviss Geez]

Backups man! Backups!

Too late now I guess.

As I mentioned in my OP I know nothing about computers/IT so what do you think the chances are of my knowing about back-ups! Still don't know anything about them.