Solved

Cryptolocker cracked. How to decrypt all my files?

Posted on 2014-09-21
11
489 Views
Last Modified: 2014-12-23
Recently, I found my computer infected crytolocker and all my files are encrypt.
I tried to restore old version files but this virus cleanup System Restore cache. :(
I haven't done the files backup.

They asked me $600 - $1200 dollars. :(

I upload some screen dump.  crytolocker.pdf

 Can you help ?
0
Comment
Question by:Joe_LAI
  • 3
  • 3
  • 3
  • +1
11 Comments
 
LVL 8

Accepted Solution

by:
markzz earned 500 total points
ID: 40335216
I recently had a PC given to me by a friend asking for me to look at it. It was also reporting the files had been encrypted and he would have to pay them to decrypt the files.

I found that the files were in fact not encrypted and I could boot from a Win7 PE environment and access the files.
Therefore I copped the users data (Word documents, pictures etc) to an external memory device.

Once I had a copy of the users data I could now be quick aggressive with my attempts to clean the virus.
I did not manage to clean the system and eventually rebuilt it then restored the files.
0
 
LVL 92

Expert Comment

by:John Hurst
ID: 40335219
In addition, if the files have actually been encrypted (which I think likely), then you need to recover the files from a backup. You should not pay money to the hackers.
0
 
LVL 8

Expert Comment

by:markzz
ID: 40335223
I second that.
Do not pay money to the hackers. They will NOT give you your data back so easily..
Hey if they were ethical people they would not be doing this in the first place.. DO NOT  trust them.
0
 

Author Comment

by:Joe_LAI
ID: 40335236
To markzz,

Did you just rename files and then you can access it ?
0
 
LVL 92

Expert Comment

by:John Hurst
ID: 40335241
If the files are actually encrypted, you cannot simply rename to fix. In the example above the files were not encrypted.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 13

Expert Comment

by:Rizzle
ID: 40335253
Hi,

I read an article online from a security company who have stated they have cracked the encryption used by cryptolocker. I can provide the link for it if you want unless you've already and tried their methods for unencrypting/removing the infection.
0
 
LVL 13

Expert Comment

by:Rizzle
ID: 40335263
Here is the website.

https://www.decryptcryptolocker.com/ 

One of my colleagues has used it and it does work so fingers crossed it can help you!

N.B EE Admins this is not a blind link.
0
 

Author Comment

by:Joe_LAI
ID: 40335279
To John Hurst, OK. Thanks.

To Roshan Ejaz, I tried this website  https://www.decryptcryptolocker.com/   but comes up Invalid file message.
"The file doesn't seem to be infected by Cryptolocker. Please submit a Cryptolocker infected file."

I don't know why not infected but I definitely unable to open it.
0
 
LVL 92

Expert Comment

by:John Hurst
ID: 40335385
That virus comes from a disguised, socially engineering link to encourage people to click on it. I ask and encourage people never to click on links they do not know or understand. The risks are too great.
0
 

Author Comment

by:Joe_LAI
ID: 40335779
To John Hurst, I understand the unknown link is risk.  This link https://www.decryptcryptolocker.com/ is referred from Australian government. That's why I am confident to try it.
0
 
LVL 13

Expert Comment

by:Rizzle
ID: 40342109
If you dont mind me asking can you boot to safe mode without cryptolocker appaearing? Just trying to see how we can resolve this..

Definitely recommend backing your files up regularly moving forward.

Also what AV do you have on the machine? Some vendors may have a Cleanup tool to help cure this problem.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Ransomware 9 82
Windows Backup image 3 37
Is this virus ? 6 36
NAS - HP DataVault X510 and Windows Home Server 14 25
How to update Firmware and Bios in Dell Equalogic PS6000 Arrays and Hard Disks firmware update.
The article will include the best Data Recovery Tools along with their Features, Capabilities, and their Download Links. Hope you’ll enjoy it and will choose the one as required by you.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now