Main machine at our workplace became infected with virus that encrypted the database. Criminals sent a message demanding money for a "decryption" key.

We cleaned our system, restorted to the latest backup we had, but there is still some recent data hanging encrypted. Our technitian, being such a simp forgetting to install antivirus after recent changes claims that "it would take 10 years to decrypt that and that wasn't even an executable but a batch file". That sounds totally ridiculos and I do not beleive that.

Has anyone had an experience with such ransomware? What did you do to recover your data? We have decided to try Dr.Web so far after doing some research.

You could always open (not run) the batch file in a text editor. If you don't execute something, there is no danger.

My work had the same thing happen to them a few months ago. Luckily our contracted IT company caught onto it before we ran our scheduled backups offsite. After that from what I understand it was just a matter of cancelling the backup job, cleaning the system and then doing the restore from offsite to recover our data.

Though all and all we got really lucky with it. If we didn't catch it in time and it did transfer over to our backups we would have been screwed. As for the decryption taking 10+ years, honestly I would believe, these attacks use some pretty hefty encryption (If they didn't there would be no point to the attack). Though am not familiar with ransomware other then a general knowledge of it so can't say if it was indeed a batch file or not that infected your systems.

So without a clean backup your only options as far as I know is to take the lose of whatever data you could not recover or try and pay the ransom to get it back. The ransom is tricky, as far as I have heard some actually do let you recover your files but then again some don't. So it is really just a gamble.

Sorry to hear about the attack hopefully you guys can figure out a way to get your data back :(.

I really wouldn't pay them. Your only real option is to just restore from a backup before you were infected. Ransomwares are a nasty thing, and as your technician said, it's not feasible to try to decrypt it. 10 years is an optimistic estimate.

If you are in the US contact the FBI if you haven't already.

What did you do to recover your data?

Google around about exact thing you were hit with. Some ransomware is poorly written (for example uses single private key for everyone and that key is became known) and decryptors are already exist.

Thanks for replies. Perhaps I wasn't clear enough, our backup was not damaged because it was stored in external hard drive. So the most important parts survived and the rest has either been already recreated or not crucial.

We've sent corrupted files to the antivirus company mentioned above. Whether they manage to decrypt it or not, the damage is manageable and of course that criminal scum won't get any money.