Solved

Cryptolocker cracked. How to decrypt all my files?

Posted on 2014-09-21
11
506 Views
Last Modified: 2014-12-23
Recently, I found my computer infected crytolocker and all my files are encrypt.
I tried to restore old version files but this virus cleanup System Restore cache. :(
I haven't done the files backup.

They asked me $600 - $1200 dollars. :(

I upload some screen dump.  crytolocker.pdf

 Can you help ?
0
Comment
Question by:Joe_LAI
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 3
  • +1
11 Comments
 
LVL 8

Accepted Solution

by:
markzz earned 500 total points
ID: 40335216
I recently had a PC given to me by a friend asking for me to look at it. It was also reporting the files had been encrypted and he would have to pay them to decrypt the files.

I found that the files were in fact not encrypted and I could boot from a Win7 PE environment and access the files.
Therefore I copped the users data (Word documents, pictures etc) to an external memory device.

Once I had a copy of the users data I could now be quick aggressive with my attempts to clean the virus.
I did not manage to clean the system and eventually rebuilt it then restored the files.
0
 
LVL 95

Expert Comment

by:John Hurst
ID: 40335219
In addition, if the files have actually been encrypted (which I think likely), then you need to recover the files from a backup. You should not pay money to the hackers.
0
 
LVL 8

Expert Comment

by:markzz
ID: 40335223
I second that.
Do not pay money to the hackers. They will NOT give you your data back so easily..
Hey if they were ethical people they would not be doing this in the first place.. DO NOT  trust them.
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 

Author Comment

by:Joe_LAI
ID: 40335236
To markzz,

Did you just rename files and then you can access it ?
0
 
LVL 95

Expert Comment

by:John Hurst
ID: 40335241
If the files are actually encrypted, you cannot simply rename to fix. In the example above the files were not encrypted.
0
 
LVL 13

Expert Comment

by:Rizzle
ID: 40335253
Hi,

I read an article online from a security company who have stated they have cracked the encryption used by cryptolocker. I can provide the link for it if you want unless you've already and tried their methods for unencrypting/removing the infection.
0
 
LVL 13

Expert Comment

by:Rizzle
ID: 40335263
Here is the website.

https://www.decryptcryptolocker.com/ 

One of my colleagues has used it and it does work so fingers crossed it can help you!

N.B EE Admins this is not a blind link.
0
 

Author Comment

by:Joe_LAI
ID: 40335279
To John Hurst, OK. Thanks.

To Roshan Ejaz, I tried this website  https://www.decryptcryptolocker.com/   but comes up Invalid file message.
"The file doesn't seem to be infected by Cryptolocker. Please submit a Cryptolocker infected file."

I don't know why not infected but I definitely unable to open it.
0
 
LVL 95

Expert Comment

by:John Hurst
ID: 40335385
That virus comes from a disguised, socially engineering link to encourage people to click on it. I ask and encourage people never to click on links they do not know or understand. The risks are too great.
0
 

Author Comment

by:Joe_LAI
ID: 40335779
To John Hurst, I understand the unknown link is risk.  This link https://www.decryptcryptolocker.com/ is referred from Australian government. That's why I am confident to try it.
0
 
LVL 13

Expert Comment

by:Rizzle
ID: 40342109
If you dont mind me asking can you boot to safe mode without cryptolocker appaearing? Just trying to see how we can resolve this..

Definitely recommend backing your files up regularly moving forward.

Also what AV do you have on the machine? Some vendors may have a Cleanup tool to help cure this problem.
0

Featured Post

Guide to Performance: Optimization & Monitoring

Nowadays, monitoring is a mixture of tools, systems, and codes—making it a very complex process. And with this complexity, comes variables for failure. Get DZone’s new Guide to Performance to learn how to proactively find these variables and solve them before a disruption occurs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A Bare Metal Image backup allows for the restore of an entire system to a similar or dissimilar hardware. They are highly useful for migrations and disaster recovery. Bare Metal Image backups support Full and Incremental backups. Differential backup…
Your data is at risk. Probably more today that at any other time in history. There are simply more people with more access to the Web with bad intentions.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question