Software

Ask Software Development Questions and Get Answers ASAP

Ask a Computer Expert,
Get an Answer ASAP!

Just like 2 days ago my system was hacked by something

Customer Question
Hi, Just like 2 days ago...
Hi,
Just like 2 days ago my system was hacked by something called Sigma Ransomware. I thought this was no big deal for the last couple days because I could pretty much do what I've been doing. Until today my files seem to be messed up or inaccessible, at least some of them. Not even positive my screenshot will show. Let me know. Can you please help me? I don't even care if you have to login to my computer...anything please!!
Submitted: 4 months ago.Category: Software
Show More
Show Less
Ask Your Own Software Question
Answered in 6 hours by:
3/16/2018
Software technician: Eric Ewing, IT Pro replied 4 months ago
Eric Ewing
Eric Ewing, IT Pro
Category: Software
Satisfied Customers: 420
Experience: I am a technology professional with 20 years experience, and hold 15 industry certifications (from hardware/software repair to mobility to IT Security, and everything in-between!).
Verified

Hi! I'm Eric, a tech expert who's been paired with you through JustAnswer.com. I'm reviewing your question now, and will return w/ an answer soon!

Ask Your Own Software Question
Software technician: Eric Ewing, IT Pro replied 4 months ago

I am so sorry to hear this has happened to you!

Here's something we can try:

1 During your computer start process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.

2. When Command Prompt mode loads, enter the following line: cd restore and press ENTER.

3. Next, type this line: rstrui.exe and press ENTER.

4. In the opened window, click "Next".

5. Select one of the available Restore Points and click "Next" (this will restore your computer system to an earlier time and date, prior to the SIGMA ransomware virus infiltrating your PC).

6. In the opened window, click "Yes".

7. After restoring your computer to a previous date, download and scan your PC with recommended malware removal software to eliminate any remaining SIGMA ransomware files.

To restore individual files encrypted by this ransomware, try using Windows Previous Versions feature. This method is only effective if the System Restore function was enabled on an infected operating system. Note that some variants of SIGMA are known to remove Shadow Volume Copies of the files, so this method may not work on all computers.

To restore a file, right-click over it, go into Properties, and select the Previous Versions tab. If the relevant file has a Restore Point, select it and click the "Restore" button.

If you cannot start your computer in Safe Mode with Networking (or with Command Prompt), boot your computer using a rescue disk. Some variants of ransomware disable Safe Mode making its removal complicated. For this step, you require access to another computer.

To regain control of the files encrypted by SIGMA, you can also try using a program called Shadow Explorer. More information on how to use this program is available here.

If the above steps don't get the job done, I regret to say that your files may be very difficult to recover. SIGMA uses the RSA-2048 encryption algorithm, which generates public (encryption) and private (decryption) keys. Since restoring files without the private key is impossible, criminals hide it on a remote server and demand a ransom to receive it. The cost of the decryption key and associated tool is $1000 in Bitcoins, however, the message also states that the cost will double after seven days. To submit payment, users are encouraged to visit SIGMA's Tor website and follow instructions provided. Note is that users can use a XAMP live chat to contact cyber criminals. They are also permitted to send several files to SIGMA's developers. The criminals then decrypt these files and return them as a 'guarantee' that decryption is possible. Bear in mind, however, that cyber criminals cannot be trusted. These people often ignore victims, once payments are submitted. There is no guarantee that your files will ever be restored and you will probably be scammed. Paying will simply support cyber criminals' malicious businesses and you will receive nothing in return. Therefore, we strongly advise you to ignore all requests to contact these people or pay ransoms. Unfortunately, there are no tools capable of cracking RSA-2048 cryptography and restoring files compromised by SIGMA. The only option is to restore files/system from a backup.

Ask Your Own Software Question
Customer reply replied 4 months ago
Let me work on this and I will let you know. Did I do something wrong to let this in? Did I open something wrong? Did I not use the right software virus protection?
Software technician: Eric Ewing, IT Pro replied 4 months ago

This particular virus ordinarily spreads via Craigslist or via an email purporting to be from Craigslist. Had you recently been using Craigslist? If not, I'll try and figure out if it has begun spreading via another method.

Ask Your Own Software Question
Customer reply replied 4 months ago
I use craigslist all the time to advertise my properties. Would it be from the site or by clicking on a response from an evil player off the site?
Software technician: Eric Ewing, IT Pro replied 4 months ago

Most likely the latter, since reports of this malware do not reflect a widespread issue.

Ask Your Own Software Question
Customer reply replied 4 months ago
Eric, unfortunately I got hung up on step 1 - the F8 button didn't do anything. Isn't there a way to just type like cmd somewhere or something to get that command prompt box or something? I restated the computer and kept hitting F8 or then CTRL F8 but neither worked.
Customer reply replied 4 months ago
I have windows 10 - does hitting the F8 button work on that?
Customer reply replied 4 months ago
Eric, where did you go? Need you! :-)
Software technician: Eric Ewing, IT Pro replied 4 months ago

Apologies! I've only just seen your response. Please try this to get to a command prompt on Windows 10:

The easiest way to begin the process of booting into Safe Mode with Command Prompt is from the Windows 10 login screen. To access this screen, you can either log out, reboot your computer, or press the Ctrl+Alt+Delete keys a the same time.

Once you are at the Windows 10 sign-in screen, you should hold down the Shift key on your keyboard and not let it go. While holding down the Shift key, click on the Power button () and then click on Restart.

When Windows 10 restarts, you will be at the Choose an Option screen.

Click on the Troubleshooting button to access the Troubleshoot options screen.

Now click on the Advanced Options button to access the Advanced Options screen.

Click on the Startup Settings option and you will now be presented with the Startup Settings screen.

Click on the Restart button. Windows will now begin to start, but you will be presented with a screen that provides various options you can select to specify how Windows should be started.

At this screen you should press the number 6 key on your keyboard to enter Safe Mode with Command Prompt.

Windows 10 will now boot and you will be presented with the normal login prompt. Enter your password, and you will be brought directly to a Windows Command Prompt rather than the normal Windows desktop.

From this prompt you can enter commands that you wish to execute, per step #2 in the original directions. Please let me know if that works!

Ask Your Own Software Question
Was this answer helpful?

How JustAnswer works

step-image
Describe your issueThe assistant will guide you
step-image
Chat 1:1 with a software technicianLicensed Experts are available 24/7
step-image
100% satisfaction guaranteeGet all the answers you need
Ask Eric Ewing Your Own Question
Eric Ewing
Eric Ewing
Eric Ewing, IT Pro
Category: Software
Satisfied Customers: 420
420 Satisfied Customers
Experience: I am a technology professional with 20 years experience, and hold 15 industry certifications (from hardware/software repair to mobility to IT Security, and everything in-between!).

Eric Ewing is online now

A new question is answered every 9 seconds

How JustAnswer works:

  • Ask an ExpertExperts are full of valuable knowledge and are ready to help with any question. Credentials confirmed by a Fortune 500 verification firm.
  • Get a Professional AnswerVia email, text message, or notification as you wait on our site. Ask follow up questions if you need to.
  • 100% Satisfaction GuaranteeRate the answer you receive.

JustAnswer in the News:

Ask-a-doc Web sites: If you've got a quick question, you can try to get an answer from sites that say they have various specialists on hand to give quick answers... Justanswer.com.
JustAnswer.com...has seen a spike since October in legal questions from readers about layoffs, unemployment and severance.
Web sites like justanswer.com/legal
...leave nothing to chance.
Traffic on JustAnswer rose 14 percent...and had nearly 400,000 page views in 30 days...inquiries related to stress, high blood pressure, drinking and heart pain jumped 33 percent.
Tory Johnson, GMA Workplace Contributor, discusses work-from-home jobs, such as JustAnswer in which verified Experts answer people’s questions.
I will tell you that...the things you have to go through to be an Expert are quite rigorous.

What Customers are Saying:

My Expert answered my question promptly and he resolved the issue totally. This is a great service. I am so glad I found it I will definitely use the service again if needed.

One Happy CustomerNew York

Wonderful service, prompt, efficient, and accurate. Couldn't have asked for more. I cannot thank you enough for your help.

Mary C.Freshfield, Liverpool, UK

This expert is wonderful. They truly know what they are talking about, and they actually care about you. They really helped put my nerves at ease. Thank you so much!!!!

AlexLos Angeles, CA

Thank you for all your help. It is nice to know that this service is here for people like myself, who need answers fast and are not sure who to consult.

GPHesperia, CA

I couldn't be more satisfied! This is the site I will always come to when I need a second opinion.

JustinKernersville, NC

Just let me say that this encounter has been entirely professional and most helpful. I liked that I could ask additional questions and get answered in a very short turn around.

EstherWoodstock, NY

Thank you so much for taking your time and knowledge to support my concerns. Not only did you answer my questions, you even took it a step further with replying with more pertinent information I needed to know.

RobinElkton, Maryland

< Previous | Next >

Meet the Experts:

Jess M.

Jess M.

Computer Support Specialist

802 satisfied customers

Computer Software Support specialist for more that 10 years

Kamil Anwar

Kamil Anwar

Software Specialist

543 satisfied customers

8+ Years of Experience. / CCNA (S), CCNA (W), CCNA (RS), MCTS, MBCs.

Chris L.

Chris L.

Support Specialist

526 satisfied customers

Certified Software expert with over 10 years experience.

Jins M. N.

Jins M. N.

Computer Hardware Engineer

523 satisfied customers

12+ years experience. Expert in installing and problem fixing of softwares.

IT Miro

IT Miro

Computer Scientist

513 satisfied customers

Bachelor's Degree in Information Technology, Microsoft Certified Professional

Steve Herrod

Steve Herrod

Computer Support Specialist

220 satisfied customers

Familiar with a wide variety of software and experienced in user training/support

Byron

Byron

Computer Support Specialist

205 satisfied customers

12 years in operations at a large law firm supporting both retail and specialty applications.

< Previous | Next >

Related Software Questions
My inspiron 20 is trapped by the Microsoft ransomware. How
My inspiron 20 is trapped by the Microsoft ransomware. How can I start it so to read my Ubunu disk? … read more
Kris R
Kris R
IT Manager
Computing
3,312 satisfied customers
Are there any good programs, websites, etc., that would
Are there any good programs, websites, etc., that would allow me to create a custom crossword puzzle?… read more
Benjamin Larson
Benjamin Larson
Software Development Engineer
Bachelor
43 satisfied customers
I'm on my 4th day trying to get this problem fixed. First my
I'm on my 4th day trying to get this problem fixed. First my tech support for Office Depot tech services took 2 days as they couldn't help me. The 3rd day I went to microsoft and also on day 4. Finall… read more
Nathan Kirst
Nathan Kirst
H.S Diploma
15 satisfied customers
Password:2feralcats, as of my last password change. A couple
no. I don't seem to trust doing that. Don't know if it you or someone else. I am a computer duffus. … read more
Cory
Cory
Vocational, Technical or Trade Scho
1,555 satisfied customers
I've just ordered a new computer. Windows 10 Home, 16GB of
I've just ordered a new computer. Windows 10 Home, 16GB of RAM, Intel Core i7-6700 quad core, 256GB SSD and 1TB 7200 RPM SATA 2nd hard drive. Will be used for the usual email, internet, MS Office (som… read more
Quiksilver07070
Quiksilver07070
Remote Technical Support
Associate Degree
68 satisfied customers
Past couple days, the windows search function does not return
For the past couple days, the windows search function does not return a result. To fix it, I ran a tool supplied by microsoft called "fix it" . It ran and reported that the search function had stopped… read more
Jins M. N.
Jins M. N.
Computer Hardware Engineer
Diplom
523 satisfied customers
White screen problem using wordpress theme. Website does not
White screen problem using wordpress theme. Website does not come up. I enter url and get a white screen. Have talked to hosting company Hostgator at first level support and they passed it on for some… read more
Michael Hannigan
Michael Hannigan
Bachelor\u0027s Program
239 satisfied customers
So Ive been using this security plugin for WordPress for a
So I've been using this security plugin for WordPress for a while now bulletproof-security, & it's been nothing but a NIGHTMARE. Every few months I find out that it's done something to my htaccess fil… read more
Hunter Owens
Hunter Owens
Computer Specialist
Bachelor\u0027s Degree
1,009 satisfied customers
This is regarding Win 7. Im an XP user, who has just moved
This is regarding Win 7. I'm an XP user, who has just moved over to Win 7. 1. One thing no one can change is the stacking of files/windows in the taskbar area. In XP they stack from the bottom to the … read more
IT Miro
IT Miro
Computer Scientist
Bachelor's Degree
513 satisfied customers
I just got a new computer & thought that this issue that I
I just got a new computer & thought that this issue that I keep getting that I know is related to Thunderbird would go away, but it hasn't. And yes I have a LOT of mail in my TB. I try to file things … read more
Bryan
Bryan
735 satisfied customers
Windows 7 has an issue with the print type.It is possible
Windows 7 has an issue with the print type. It is possible that I hit the wrong keys and locked or unlocked something when cleaning the keys yesterday. Everything is messed up and I need help. On the … read more
BestComputerExpert
BestComputerExpert
Ive created a couple websites with Adobe GoLive (no longer
I've created a couple websites with Adobe GoLive (no longer supported), but now need to update my Mac to 10.7+. What web creation software is available to keep the GoLive created sites up to date & ye… read more
The-PC-Guy
The-PC-Guy
Bachelor\u0027s Degree
630 satisfied customers
Passmark is 8973 for E3-1230v2 vs. 5884 for i5-3330. No way
Passmark is 8973 for E3-1230v2 vs. 5884 for i5-3330. No way to tell for sure if the motherboard will take it though, huh? It's equivalent to a fast i7 in passmark… read more
Brandon M.
Brandon M.
System Administrator
Vocational, Technical or Trade Scho
2,143 satisfied customers
running Windows 7 Home Premium 64 bit. Had ? version of Adobe
running Windows 7 Home Premium 64 bit. Had ? version of Adobe Reader installed, two days ago lost the adobe version (teenager did something) now tried reinstalling adobe reader 9.5 Continue to receive… read more
Justin
Justin
Network Administrator
Associate Degree
2,187 satisfied customers
Im trying to install the game "Lost Eden" on my computer -
I'm trying to install the game "Lost Eden" on my computer - I don't even know how to get started. My computer is an MSI, I'm using Windows XP, Pentium. I put the CD in my drive, and a window opens sho… read more
Chris Baxter
Chris Baxter
CEO
Bachelor\u0027s Degree
76 satisfied customers
I have a 5yr-old Dell running Windows Vista Home Premium.
I have a 5yr-old Dell running Windows Vista Home Premium. I've had practically ZERO issues since it was new. Yesterday, I got a message that I can't remember exactly but it was something about Windows… read more
Ryan B.
Ryan B.
Desktop Support Technician
High School or GED
1,720 satisfied customers
I dont know if this is a question for here but do have a
I dont know if this is a question for here but do have a technical one. Ive had a person who devotes herself to create havoc and chaos via the internet, manipulating her way into an individuals comput… read more
DrKlahn
DrKlahn
Principal Systems Engineer
Bachelor\u0027s Degree
830 satisfied customers
Since I got my new Dell computer with Windows XP a couple of
Since I got my new Dell computer with Windows XP a couple of years ago, my Microsoft Home Publishing 2000 has not performed as it did previously. When I least expect it, it simply sends me a message t… read more
elby79
elby79
131 satisfied customers
Disclaimer: Information in questions, answers, and other posts on this site ("Posts") comes from individual users, not JustAnswer; JustAnswer is not responsible for Posts. Posts are for general information, are not intended to substitute for informed professional advice (medical, legal, veterinary, financial, etc.), or to establish a professional-client relationship. The site and services are provided "as is" with no warranty or representations by JustAnswer regarding the qualifications of Experts. To see what credentials have been verified by a third-party service, please click on the "Verified" symbol in some Experts' profiles. JustAnswer is not intended or designed for EMERGENCY questions which should be directed immediately by telephone or in-person to qualified professionals.

Disclaimer: Information in questions, answers, and other posts on this site ("Posts") comes from individual users, not JustAnswer; JustAnswer is not responsible for Posts. Posts are for general information, are not intended to substitute for informed professional advice (medical, legal, veterinary, financial, etc.), or to establish a professional-client relationship. The site and services are provided "as is" with no warranty or representations by JustAnswer regarding the qualifications of Experts. To see what credentials have been verified by a third-party service, please click on the "Verified" symbol in some Experts' profiles. JustAnswer is not intended or designed for EMERGENCY questions which should be directed immediately by telephone or in-person to qualified professionals.

Show MoreShow Less

Ask Your Question

x