Solved

Cryptolocker cracked. How to decrypt all my files?

Posted on 2014-09-21
11
491 Views
Last Modified: 2014-12-23
Recently, I found my computer infected crytolocker and all my files are encrypt.
I tried to restore old version files but this virus cleanup System Restore cache. :(
I haven't done the files backup.

They asked me $600 - $1200 dollars. :(

I upload some screen dump.  crytolocker.pdf

 Can you help ?
0
Comment
Question by:Joe_LAI
  • 3
  • 3
  • 3
  • +1
11 Comments
 
LVL 8

Accepted Solution

by:
markzz earned 500 total points
ID: 40335216
I recently had a PC given to me by a friend asking for me to look at it. It was also reporting the files had been encrypted and he would have to pay them to decrypt the files.

I found that the files were in fact not encrypted and I could boot from a Win7 PE environment and access the files.
Therefore I copped the users data (Word documents, pictures etc) to an external memory device.

Once I had a copy of the users data I could now be quick aggressive with my attempts to clean the virus.
I did not manage to clean the system and eventually rebuilt it then restored the files.
0
 
LVL 93

Expert Comment

by:John Hurst
ID: 40335219
In addition, if the files have actually been encrypted (which I think likely), then you need to recover the files from a backup. You should not pay money to the hackers.
0
 
LVL 8

Expert Comment

by:markzz
ID: 40335223
I second that.
Do not pay money to the hackers. They will NOT give you your data back so easily..
Hey if they were ethical people they would not be doing this in the first place.. DO NOT  trust them.
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 

Author Comment

by:Joe_LAI
ID: 40335236
To markzz,

Did you just rename files and then you can access it ?
0
 
LVL 93

Expert Comment

by:John Hurst
ID: 40335241
If the files are actually encrypted, you cannot simply rename to fix. In the example above the files were not encrypted.
0
 
LVL 13

Expert Comment

by:Rizzle
ID: 40335253
Hi,

I read an article online from a security company who have stated they have cracked the encryption used by cryptolocker. I can provide the link for it if you want unless you've already and tried their methods for unencrypting/removing the infection.
0
 
LVL 13

Expert Comment

by:Rizzle
ID: 40335263
Here is the website.

https://www.decryptcryptolocker.com/ 

One of my colleagues has used it and it does work so fingers crossed it can help you!

N.B EE Admins this is not a blind link.
0
 

Author Comment

by:Joe_LAI
ID: 40335279
To John Hurst, OK. Thanks.

To Roshan Ejaz, I tried this website  https://www.decryptcryptolocker.com/   but comes up Invalid file message.
"The file doesn't seem to be infected by Cryptolocker. Please submit a Cryptolocker infected file."

I don't know why not infected but I definitely unable to open it.
0
 
LVL 93

Expert Comment

by:John Hurst
ID: 40335385
That virus comes from a disguised, socially engineering link to encourage people to click on it. I ask and encourage people never to click on links they do not know or understand. The risks are too great.
0
 

Author Comment

by:Joe_LAI
ID: 40335779
To John Hurst, I understand the unknown link is risk.  This link https://www.decryptcryptolocker.com/ is referred from Australian government. That's why I am confident to try it.
0
 
LVL 13

Expert Comment

by:Rizzle
ID: 40342109
If you dont mind me asking can you boot to safe mode without cryptolocker appaearing? Just trying to see how we can resolve this..

Definitely recommend backing your files up regularly moving forward.

Also what AV do you have on the machine? Some vendors may have a Cleanup tool to help cure this problem.
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is an update and follow-up of my previous article:   Storage 101: common concepts in the IT enterprise storage This time, I expand on more frequently used storage concepts.
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question