Link to home
Start Free TrialLog in
Avatar of Joe_LAI
Joe_LAI

asked on

Cryptolocker cracked. How to decrypt all my files?

Recently, I found my computer infected crytolocker and all my files are encrypt.
I tried to restore old version files but this virus cleanup System Restore cache. :(
I haven't done the files backup.

They asked me $600 - $1200 dollars. :(

I upload some screen dump.  crytolocker.pdf

 Can you help ?
ASKER CERTIFIED SOLUTION
Avatar of markzz
markzz

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
In addition, if the files have actually been encrypted (which I think likely), then you need to recover the files from a backup. You should not pay money to the hackers.
Avatar of markzz
markzz

I second that.
Do not pay money to the hackers. They will NOT give you your data back so easily..
Hey if they were ethical people they would not be doing this in the first place.. DO NOT  trust them.
Avatar of Joe_LAI

ASKER

To markzz,

Did you just rename files and then you can access it ?
If the files are actually encrypted, you cannot simply rename to fix. In the example above the files were not encrypted.
Avatar of REIT
Hi,

I read an article online from a security company who have stated they have cracked the encryption used by cryptolocker. I can provide the link for it if you want unless you've already and tried their methods for unencrypting/removing the infection.
Here is the website.

https://www.decryptcryptolocker.com/ 

One of my colleagues has used it and it does work so fingers crossed it can help you!

N.B EE Admins this is not a blind link.
Avatar of Joe_LAI

ASKER

To John Hurst, OK. Thanks.

To Roshan Ejaz, I tried this website  https://www.decryptcryptolocker.com/   but comes up Invalid file message.
"The file doesn't seem to be infected by Cryptolocker. Please submit a Cryptolocker infected file."

I don't know why not infected but I definitely unable to open it.
That virus comes from a disguised, socially engineering link to encourage people to click on it. I ask and encourage people never to click on links they do not know or understand. The risks are too great.
Avatar of Joe_LAI

ASKER

To John Hurst, I understand the unknown link is risk.  This link https://www.decryptcryptolocker.com/ is referred from Australian government. That's why I am confident to try it.
If you dont mind me asking can you boot to safe mode without cryptolocker appaearing? Just trying to see how we can resolve this..

Definitely recommend backing your files up regularly moving forward.

Also what AV do you have on the machine? Some vendors may have a Cleanup tool to help cure this problem.