Crypto Locker

Posted on 2014-01-23
Medium Priority
Last Modified: 2014-04-07
We've successfully removed the crypto locker virus. We however have a clone of the drive infected before the removal. We would like to know if anyone has anyway to beat the encryption of the virus on the personal files? Any help would be greatly appreciated.

Question by:itneedshelp
  • 2
LVL 30

Expert Comment

by:Sudeep Sharma
ID: 39803666
Unfortunately there is no decrypting tool yet for crypto locker. Either you need to pay them to get the files or need to restore them from the backups.

If you don't have the backups you may try to get the original files from the Shadow Copies.

Please go through the link below for further information and how to get the files from Shadow Copies.


LVL 31

Expert Comment

by:Thomas Zucker-Scharff
ID: 39803835
Sudeep pretty much said it all.  Cryptolocker is nasty and the only options I have either used successfully or seen used successfully are:

1. Reimage/Reinstall the system completely

2. Restore system from Backup (before the infection)

3. Pay for the decryption key (so far they have been providing the key when you pay - but it seems they only accept bitcoin)

LVL 59

Expert Comment

ID: 39806387

Please describe what you are trying to achieve. I guess, you wonder if you can restore the files from the infected drive. Of course you can. That virus is no file-infector.
The only way to become infected from that drive is by executing the virus executable - this will not happen when you restore documents.
LVL 31

Accepted Solution

Thomas Zucker-Scharff earned 2000 total points
ID: 39806676
AFAIK, this is true BUT the files have been encrypted by cryptolocker and therefore are useless unless you have a backup previous to the infection.

Featured Post

The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Worried about if Apple can protect your documents, photos, and everything else that gets stored in iCloud? Read on to find out what Apple really uses to make things secure.
The well known Cerber ransomware continues to spread this summer through spear phishing email campaigns targeting enterprises. Learn how it easily bypasses traditional defenses - and what you can do to protect your data.
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question