Crypto Locker

We've successfully removed the crypto locker virus. We however have a clone of the drive infected before the removal. We would like to know if anyone has anyway to beat the encryption of the virus on the personal files? Any help would be greatly appreciated.

Thanks!
itneedshelpAsked:
Who is Participating?
 
Thomas Zucker-ScharffConnect With a Mentor Systems AnalystCommented:
AFAIK, this is true BUT the files have been encrypted by cryptolocker and therefore are useless unless you have a backup previous to the infection.
0
 
Sudeep SharmaTechnical DesignerCommented:
Unfortunately there is no decrypting tool yet for crypto locker. Either you need to pay them to get the files or need to restore them from the backups.

If you don't have the backups you may try to get the original files from the Shadow Copies.

Please go through the link below for further information and how to get the files from Shadow Copies.

http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information

Sudeep
0
 
Thomas Zucker-ScharffSystems AnalystCommented:
Sudeep pretty much said it all.  Cryptolocker is nasty and the only options I have either used successfully or seen used successfully are:

1. Reimage/Reinstall the system completely

2. Restore system from Backup (before the infection)

3. Pay for the decryption key (so far they have been providing the key when you pay - but it seems they only accept bitcoin)

0
 
McKnifeCommented:
Hi.

Please describe what you are trying to achieve. I guess, you wonder if you can restore the files from the infected drive. Of course you can. That virus is no file-infector.
The only way to become infected from that drive is by executing the virus executable - this will not happen when you restore documents.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.