Alaska Software Inc. - Random Encyption of Folders Containing DBF files?
Username: Password:
AuthorTopic: Random Encyption of Folders Containing DBF files?
Scott KriseRandom Encyption of Folders Containing DBF files?
on Mon, 02 Apr 2018 12:29:24 -0400
Ok....have a weird one here.

So I just came back from a customer site...very small, 3 standalone pcs. 
They were complaining that they couldn’t get into my software when they got 
back from lunch last week...and it was fine
earlier in the day.  When they arrived back from lunch and unlocked their 
pc...all the icons were gone off the desktop and the system wasn’t working 
right...so they restarted and from that point forward, the system worked ok 
except for my software.

Now here is the weird part. So, I looked today, and the folder was in a 
green font (Windows 7 professional). Green, as I have come to find out means 
that the folder/files are encrypted. So if you right click the folder, go to 
properties, click advanced...the bottom option "encrypt contents to secure 
data" was checked for all the files and folders within my app's folder. I 
then start looking around, and folders where I had backed up their live 
system in the past were also encrypted. Besides my folders, the only other 
folder on their computer that was in green was a Sage folder...which for 
those of you don’t know is an  accounting package...which ironically, also 
uses DBF type data structures.

So, why would all the folders on the pc that contain dbf file structures be 
suddenly encrypted? I've been doing this kind of work for a looooong time, 
never seen anything like this. Has anyone else ever seen anything similar? 
We are unable to turn the encryption off...to open anything that is 
encrypted to export or copy, etc. Gives an error when we try. All of our 
backups are also encrypted as well. We found a backup of our data that from 
a few months ago that was zipped up...and we were able to unzip the files 
and get them operational with that data...but that’s the best we could do.

Does anyone have any experience/input on what might be causing this?

Thanks,

Scott
Boris BorzicRe: Random Encyption of Folders Containing DBF files?
on Mon, 02 Apr 2018 18:50:44 +0200
"Scott Krise" <scottkrise@verizon.net> wrote in
news:ecb3e82$b21b6c1$414588@news.alaska-software.com: 

> So, why would all the folders on the pc that contain dbf file
> structures be suddenly encrypted? I've been doing this kind of work
> for a looooong time, never seen anything like this. Has anyone else
> ever seen anything similar? We are unable to turn the encryption
> off...to open anything that is encrypted to export or copy, etc. Gives
> an error when we try. All of our backups are also encrypted as well.
> We found a backup of our data that from a few months ago that was
> zipped up...and we were able to unzip the files and get them
> operational with that data...but that Ts the best we could do. 

More than likely someone in the organization has enabled EFS on the folders 
where the DBF files reside:
https://technet.microsoft.com/en-us/library/cc700811.aspx

If you can find out which user turned on the encryption then you can log in 
with the user's cridentials and turn it off. A system administrator should 
also be able to do this.

Best regards,
Boris Borzic

http://xb2.net
http://sqlexpress.net
industrial strength Xbase++ development tools
Scott KriseRe: Random Encyption of Folders Containing DBF files?
on Mon, 02 Apr 2018 13:09:01 -0400
Literally only two people in the office...and one user of this particular 
computer in addition to the administrator. Tried disabling the encryption 
from both the local user and administrator, and it fails in both cases. The 
users didn’t knowingly encrypt these...and it isn't really located in a 
place where it would be likely to happen by accident.

And even if that did happen, what's the liklihood of the same person then 
going into the "SAGE" folder and doing the same thing (which isnt even being 
used anymore...) and then into the backup folders that only I use? The only 
common link I see to these folders is the file types within them.

Something else is going on...


"Boris Borzic" wrote in message 
news:XnsA8B882A299EE3SQLExpress@87.106.143.233...

"Scott Krise" <scottkrise@verizon.net> wrote in
news:ecb3e82$b21b6c1$414588@news.alaska-software.com:

> So, why would all the folders on the pc that contain dbf file
> structures be suddenly encrypted? I've been doing this kind of work
> for a looooong time, never seen anything like this. Has anyone else
> ever seen anything similar? We are unable to turn the encryption
> off...to open anything that is encrypted to export or copy, etc. Gives
> an error when we try. All of our backups are also encrypted as well.
> We found a backup of our data that from a few months ago that was
> zipped up...and we were able to unzip the files and get them
> operational with that data...but thatƒ Ts the best we could do.

More than likely someone in the organization has enabled EFS on the folders
where the DBF files reside:
https://technet.microsoft.com/en-us/library/cc700811.aspx

If you can find out which user turned on the encryption then you can log in
with the user's cridentials and turn it off. A system administrator should
also be able to do this.

Best regards,
Boris Borzic

http://xb2.net
http://sqlexpress.net
industrial strength Xbase++ development tools
Boris BorzicRe: Random Encyption of Folders Containing DBF files?
on Mon, 02 Apr 2018 22:37:43 +0200
"Scott Krise" <scottkrise@verizon.net> wrote in
news:5873493a$52780eb$41a225@news.alaska-software.com: 

> Literally only two people in the office...and one user of this
> particular computer in addition to the administrator. Tried disabling
> the encryption from both the local user and administrator, and it
> fails in both cases. The users didn Tt knowingly encrypt these...and
> it isn't really located in a place where it would be likely to happen
> by accident. 

It may be worth scanning for malware: 

https://www.bleepingcomputer.com/forums/t/501540/ransomcrypt-
dirtydecryptexe-uses-efs/

Best regards,
Boris Borzic

http://xb2.net
http://sqlexpress.net
industrial strength Xbase++ development tools
Jim LeeRe: Random Encyption of Folders Containing DBF files?
on Tue, 03 Apr 2018 01:22:22 +0200
hi,

look under
Run -> certmgr.msc
in the Certificate manager, go to Personal -> Certificates
Find the certificates that are Encrypting File System in Intended Purposes.

if you have no Certificates you cant decrypt folder/files
Scott KriseRe: Random Encyption of Folders Containing DBF files?
on Tue, 03 Apr 2018 11:56:51 -0400
No...no certificate. I understand what you are saying. I'm just trying to 
rule out that it was some sort of virus or other malware that's targeting 
dbf file types. I know it's a long shot...but thought it was worth asking.

Thanks for the help

"Jim Lee" wrote in message 
news:3d487f7f$38d0ac32$44f780@news.alaska-software.com...
> hi,
>
> look under
> Run -> certmgr.msc
> in the Certificate manager, go to Personal -> Certificates
> Find the certificates that are Encrypting File System in Intended 
> Purposes.
>
> if you have no Certificates you can´t decrypt folder/files
>