Cryptolocker Virus attack


A friend's computer has the cryptolocker virus and a message that files have been encrypted.  72 hours to pay €300 to get the files decrypted.

There is NO backup of the files.

What is the best course of action?  Is paying the money a possiblily?

Thanks for any help and advice,

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Giovanni HewardCommented:
I am sorry. Your friend is out of luck. :-(
Thomas Zucker-ScharffSolution GuideCommented:
Thrre have been a number of similar questions regarding cryptolocker. Search in experts exchange and you will find a few links to decrypters.

Whatever you do, don't let anyone pay b by credit card.
Giovanni HewardCommented:
you will find a few links to decrypters

I'd like to see those... decryption requires a unique private key stored on a C&C server, which is presumably destroyed once the timer expires (likely to avoid mass decryption capability should a C&C server be seized.)

Realistically (and ironically), your best bet in actually recovering your files (without a backup, shadow copies, etc.) would be to pay the ransom.  Otherwise you're left with brute forcing a RSA-2048 private key and ill informed advice resulting in removal of the malware itself, destruction of the private key, and encrypted files--- leaving them truly non-recoverable without brute force.

Regarding brute force...
2048-bit keys - that is enormously stronger than anything Lenstra et al attempted, in fact, it would require factoring a 617-digit number. RSA Labs claim (see: that 2048-bit keys are 2^32 (2 to the power of 32) times harder to break using NFS, than 1024-bit keys. 2^32 = 4,294,967,296 or almost 4.3 billion, therefore breaking a 2048-bit [key] would take about 4.3 billion times longer (using the same standard desktop processing) than doing it for a 1024-bit key. It is therefore estimated, that standard desktop computing power would take 4,294,967,296 x 1.5 million years to break a 2048-bit [key]. Or, in other words, a little over 6.4 quadrillion years.

Somehow I think $300 is less than renting the distributed super computing power required to break the key in your lifetime.  The malware author actually understands proper implementation of both asymmetric and symmetric encryption.

A real defense is found in my post here.  Unfortunately, it cannot be retroactively applied. :-)

The greatest enemy of knowledge is not ignorance, it is the illusion of knowledge.  -Stephen Hawking

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Decrypters do not work, at least not in this case. Paying the ransom may help, at least some users reported that after the payment activation decryption began and files were recovered. However, paying the ransom does not guarantee the safe recovery of encrypted files, as stated here: Remove CryptoLocker virus and restore encrypted files

Your friend could try Shadow Explorer to recover some of the files but since they were not backed up I don't know if he still has this option.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.