Question about ‘Savefiles’ Ransomware Attack

  Dan_28 12:46 10 Sep 2018

I would start by saying that my skills place me firmly in the novice bracket. I have an old laptop and at the weekend I managed to fall foul of a Ransomware attack. It has encrypted a number of my files and renamed them with “Savefiles” in the extension and opens a very nice txt file telling me I have to pay $500 in 72 hours for the encryption key. I cannot find hardly any mention of this variant of Ransomware when I search for it. I have rebooted in safe mode and copied all the unaffected files on to an external hard drive. My question is would it be safe to put these files on a new laptop (there are no executables only photos and word documents). I would add that the laptop is so old I could replace it for less that the cost of recovering it (I tried a few free virus/malware products but they didn’t even recognise the Ransomware). Any help would be greatly appreciated.

  Dan_28 14:49 10 Sep 2018

Hi many thanks for the reply. I had been looking around for an old Atari st emulator so reckon that is where I picked up the Ransomware. It’s an old dell E6400 laptop that I bought second hand about 3 years ago so it’s not worth much, apart from a bit of light internet surfing it’s only used to dump the photos off our phones and for emails so I’ve never felt the need for anything newer. Like I said I have copied off all the files I need to keep so if it’s safe to copy them back afterwards I can clear everything except the operating system off of it if I need to). I’ve just gone in to ‘Control Panel’ (I should of mentioned this is Windows 7) and the previous owner had switched off windows backups. Should I use the recovery option to restore (the only restore point I have is 1st September but that should be far enough back.

  Fruit Bat /\0/\ 15:36 10 Sep 2018

‘Savefiles’ Ransomware comes as a trojan and inffects word documents as a Macro

So do not load any of your word documents to your other PCs or laptops probably best to delete the others as well, do you have back ups?

Safest option is to get your windows serial key off the machine and then format the drive and do a complete clean install of windows you can download and make a windows iso from MS (key need for win 7 / XP), what op system windows 7?

Some info click here do not download spyhunter from the links on that page

  Dan_28 16:05 10 Sep 2018

MJS WARLORD, there was only one restore point and as the link Fruit Bat posted mentioned that is also corrupted (I’ve restored it and nothing has changed even though it’s nearly s week earlier that the Ransomware struck.

Fruit Bat, that sounds a little out of my comfort zone but since the laptop is basically no good I’m happy to give it a try as I have nothing to lose. It’s Windows 7 Ultimate btw. One thing, I’ve had s look and the only documents I really need to keep are pdf’s (I have a backup but not that recent), do you think they may be safe and can I assume the photos as safe?

  lotvic 01:16 11 Sep 2018

You should be able to download Windows 7 from Dell. Download and Use the Dell OS Recovery Image click here

  Dan_28 08:47 11 Sep 2018

Many thanks for all the help, I’ve managed to download and install a fresh copy of Windows 7 and everything is now working fine.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Huawei given 90-day extension to trade with US companies

Ichijo Hikaru's riso print pop art is a celebration of the female body

New iPhone 11 (2019) release date, price & specs rumours

Les bons plans audio (2019)