Solved

Crypto Locker

Posted on 2014-01-23
4
492 Views
Last Modified: 2014-04-07
We've successfully removed the crypto locker virus. We however have a clone of the drive infected before the removal. We would like to know if anyone has anyway to beat the encryption of the virus on the personal files? Any help would be greatly appreciated.

Thanks!
0
Comment
Question by:itneedshelp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 30

Expert Comment

by:Sudeep Sharma
ID: 39803666
Unfortunately there is no decrypting tool yet for crypto locker. Either you need to pay them to get the files or need to restore them from the backups.

If you don't have the backups you may try to get the original files from the Shadow Copies.

Please go through the link below for further information and how to get the files from Shadow Copies.

http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information

Sudeep
0
 
LVL 28

Expert Comment

by:Thomas Zucker-Scharff
ID: 39803835
Sudeep pretty much said it all.  Cryptolocker is nasty and the only options I have either used successfully or seen used successfully are:

1. Reimage/Reinstall the system completely

2. Restore system from Backup (before the infection)

3. Pay for the decryption key (so far they have been providing the key when you pay - but it seems they only accept bitcoin)

0
 
LVL 55

Expert Comment

by:McKnife
ID: 39806387
Hi.

Please describe what you are trying to achieve. I guess, you wonder if you can restore the files from the infected drive. Of course you can. That virus is no file-infector.
The only way to become infected from that drive is by executing the virus executable - this will not happen when you restore documents.
0
 
LVL 28

Accepted Solution

by:
Thomas Zucker-Scharff earned 500 total points
ID: 39806676
AFAIK, this is true BUT the files have been encrypted by cryptolocker and therefore are useless unless you have a backup previous to the infection.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question