Many Personal Files turned into .micro files

3

Yesterday, I shut down my computer and went to sleep. I woke up today, went to school, came back and now when I turn it on, it shows this .TXT file. Many of my files have turned into .micro files, and are unable to be opened.

enter image description here

For example, most of my .zip files have turned into .zip.micro files. This also happened to many other file formats including .rar, .pdf, .png, and .doc. However, this did not apply to .exe files as they are fine. Originally, I thought I have been infected with a virus similar to the .lnk virus, but I haven't seen any answers to this .micro extension yet. I have tried Iobit Malware Fighter and it has found nothing. I also tried restoring to an earlier date but it didn't change the files.

JohnD314

Posted 2016-01-18T22:03:13.413

Reputation: 31

1

A word of advice. Don't make a payment no matter how important your files were. There is no guarantee that they'll really unlock your files or help you in any way. Most of time attackers demand several other payments and even then do nothing to decrypt your files. In fact you'll be paying money and helping criminals which is a crime itself in many countries. Disconnect the infected machine from your network, copy your backups to a clean drive just in case. After that try following this guide : http://howtoremove.guide/micro-file-virus-extension-removal/ It explains how to clean your system.

– conquistador – 2016-01-19T07:46:17.233

I'm not advocating paying these criminals, but at the end of the day, it might be worth it. We got hit and decided not to pay. However, they were able to unlock a sample file. This suggests they are "honest thieves". Current cost was $500. – Otheus – 2016-01-29T16:34:36.950

TeslaCrypt has been decoded in the meantime: http://www.bleepingcomputer.com/forums/t/576600/tesladecoder-released-to-decrypt-exx-ezz-ecc-files-encrypted-by-teslacrypt/

– Moh-Aw – 2016-05-19T09:10:29.890

http://www.bleepingcomputer.com/news/security/teslacrypt-shuts-down-and-releases-master-decryption-key/ @JohnD314 – Moab – 2016-05-20T15:31:01.830

Answers

5

You are being held hostage by a TeslaCrypt based Ransomware, it has encrypted your files and now they want money to give you the unlock key.

No way to un-encrypt your files yourself, either pay them, restore your files from a safe backup or lose your files forever.

I would clean reinstall the Operating System after you pay ransom and un-encrypt or Before you restore files from backup.

Micro file extension

EDIT, you can get your files back if you still have the encrypted files

TeslaCrypt has released a master code to decrypt the files

Moab

Posted 2016-01-18T22:03:13.413

Reputation: 54 203

https://blog.kaspersky.com/teslacrypt-strikes-again/10860/ – Otheus – 2016-01-28T15:44:59.640

From a link in that article"The current list of extensions used by TeslaCrypt are .ecc, .ezz, .exx, .xyz, .zzz, .aaa, .abc, .ccc," which is not true in this case. – Moab – 2016-01-28T16:08:10.517

That link refers to an older version (old as of January 2016). I found a newer one that is relevant. The keys are stored in a registry file instead of a system file. – Otheus – 2016-01-29T16:37:39.580

Post it as an answer if you think they can unencrypt their data. – Moab – 2016-01-29T23:19:26.143

Asked: 2016-01-18T22:03:13.413

Viewed: 8 480 times

Active: 2016-05-20T15:29:47.700