Solved

Cryptolocker cracked. How to decrypt all my files?

Posted on 2014-09-21
11
486 Views
Last Modified: 2014-12-23
Recently, I found my computer infected crytolocker and all my files are encrypt.
I tried to restore old version files but this virus cleanup System Restore cache. :(
I haven't done the files backup.

They asked me $600 - $1200 dollars. :(

I upload some screen dump.  crytolocker.pdf

 Can you help ?
0
Comment
Question by:Joe_LAI
  • 3
  • 3
  • 3
  • +1
11 Comments
 
LVL 8

Accepted Solution

by:
markzz earned 500 total points
ID: 40335216
I recently had a PC given to me by a friend asking for me to look at it. It was also reporting the files had been encrypted and he would have to pay them to decrypt the files.

I found that the files were in fact not encrypted and I could boot from a Win7 PE environment and access the files.
Therefore I copped the users data (Word documents, pictures etc) to an external memory device.

Once I had a copy of the users data I could now be quick aggressive with my attempts to clean the virus.
I did not manage to clean the system and eventually rebuilt it then restored the files.
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 40335219
In addition, if the files have actually been encrypted (which I think likely), then you need to recover the files from a backup. You should not pay money to the hackers.
0
 
LVL 8

Expert Comment

by:markzz
ID: 40335223
I second that.
Do not pay money to the hackers. They will NOT give you your data back so easily..
Hey if they were ethical people they would not be doing this in the first place.. DO NOT  trust them.
0
 

Author Comment

by:Joe_LAI
ID: 40335236
To markzz,

Did you just rename files and then you can access it ?
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 40335241
If the files are actually encrypted, you cannot simply rename to fix. In the example above the files were not encrypted.
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 13

Expert Comment

by:Rizzle
ID: 40335253
Hi,

I read an article online from a security company who have stated they have cracked the encryption used by cryptolocker. I can provide the link for it if you want unless you've already and tried their methods for unencrypting/removing the infection.
0
 
LVL 13

Expert Comment

by:Rizzle
ID: 40335263
Here is the website.

https://www.decryptcryptolocker.com/

One of my colleagues has used it and it does work so fingers crossed it can help you!

N.B EE Admins this is not a blind link.
0
 

Author Comment

by:Joe_LAI
ID: 40335279
To John Hurst, OK. Thanks.

To Roshan Ejaz, I tried this website  https://www.decryptcryptolocker.com/   but comes up Invalid file message.
"The file doesn't seem to be infected by Cryptolocker. Please submit a Cryptolocker infected file."

I don't know why not infected but I definitely unable to open it.
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 40335385
That virus comes from a disguised, socially engineering link to encourage people to click on it. I ask and encourage people never to click on links they do not know or understand. The risks are too great.
0
 

Author Comment

by:Joe_LAI
ID: 40335779
To John Hurst, I understand the unknown link is risk.  This link https://www.decryptcryptolocker.com/ is referred from Australian government. That's why I am confident to try it.
0
 
LVL 13

Expert Comment

by:Rizzle
ID: 40342109
If you dont mind me asking can you boot to safe mode without cryptolocker appaearing? Just trying to see how we can resolve this..

Definitely recommend backing your files up regularly moving forward.

Also what AV do you have on the machine? Some vendors may have a Cleanup tool to help cure this problem.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Suggested Solutions

By default, Carbonite Server Backup manages your encryption key for you using Advanced Encryption Standard (AES) 128-bit encryption. If you choose to manage your private encryption key, your backups will be encrypted using AES 256-bit encryption.
A Bare Metal Image backup allows for the restore of an entire system to a similar or dissimilar hardware. They are highly useful for migrations and disaster recovery. Bare Metal Image backups support Full and Incremental backups. Differential backup…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now