?
Solved

Your personal files are encrypted by CTB-Locker

Posted on 2015-01-20
7
Medium Priority
?
443 Views
Last Modified: 2015-02-17
Hi
I have a client that was hit by CTB-Locker malware / ransomware.
I have removed it but cannot seem to find any way to decrypt his files.

Does anyone know how I can do this?
0
Comment
Question by:bax2000
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 17

Assisted Solution

by:Lior Karasenti
Lior Karasenti earned 501 total points
ID: 40559308
Unfurtunently there is no way to decrypt the files
You can:
1.pay the ransom
2.restore the files from backup
0
 
LVL 24

Accepted Solution

by:
VB ITS earned 501 total points
ID: 40559310
Unfortunately when you are hit with these types of "ransomware" you can only recover your files through backups.

In order to decrypt the files you have to pay the virus makers for the decryption key. Even if you pay them they may not give you the decryption key, as they really have no inclination to do so. Restore from backups - it's your only real solution.

See here if you'd like some help identifying which files have been encrypted: https://curah.microsoft.com/293812/decrypt-your-files-damaged-by-ctb-locker-virus
0
 
LVL 49

Assisted Solution

by:dbrunton
dbrunton earned 498 total points
ID: 40560443
See http://www.bleepingcomputer.com/virus-removal/ctb-locker-ransomware-information

Makes some suggestions as to data recovery but most likely if you don't have backups you are screwed.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 63

Expert Comment

by:☠ MASQ ☠
ID: 40560665
"Even if you pay them they may not give you the decryption key, as they really have no inclination to do so."

Not strictly true. although there's no way I'd advocate paying; perversely it is actually in the ransomer's interest to provide an unlock key once paid as this actually encourages other victims to consider paying up too.  This was seen as the case with Cryptolocker during its first year.

Not for points just for info.
0
 
LVL 3

Expert Comment

by:Mike Sun
ID: 40561469
If you do not have backups it's worth trying  the "restore previous versions" option by right-clicking the file or parent folder with the encrypted items.
0
 
LVL 17

Expert Comment

by:Lior Karasenti
ID: 40565987
There is a solution that I saw today, I didn't try it because we already reinstalled our infected computer
but you can try it if you didn't format the infected computer
follow the instructions here:

https://www.decryptcryptolocker.com/
0
 
LVL 49

Expert Comment

by:dbrunton
ID: 40566083
Lior Karasenti

Your link is for CryptoLocker.  The questioner has been hit with CTB-Locker.   The two are different ransomwares.

The first one has been solved for getting data files back.  The second has not.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When asking a question in a forum or creating documentation, screenshots are vital tools that can convey a lot more information and save you and your reader a lot of time
Know the reasons and solutions to move/import EDB to New Exchange Server. Also, find out how to recover an Exchange .edb file and to restore the file back.
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question