Solved

Your personal files are encrypted by CTB-Locker

Posted on 2015-01-20
7
428 Views
Last Modified: 2015-02-17
Hi
I have a client that was hit by CTB-Locker malware / ransomware.
I have removed it but cannot seem to find any way to decrypt his files.

Does anyone know how I can do this?
0
Comment
Question by:bax2000
7 Comments
 
LVL 17

Assisted Solution

by:Lior Karasenti
Lior Karasenti earned 167 total points
ID: 40559308
Unfurtunently there is no way to decrypt the files
You can:
1.pay the ransom
2.restore the files from backup
0
 
LVL 24

Accepted Solution

by:
VB ITS earned 167 total points
ID: 40559310
Unfortunately when you are hit with these types of "ransomware" you can only recover your files through backups.

In order to decrypt the files you have to pay the virus makers for the decryption key. Even if you pay them they may not give you the decryption key, as they really have no inclination to do so. Restore from backups - it's your only real solution.

See here if you'd like some help identifying which files have been encrypted: https://curah.microsoft.com/293812/decrypt-your-files-damaged-by-ctb-locker-virus
0
 
LVL 48

Assisted Solution

by:dbrunton
dbrunton earned 166 total points
ID: 40560443
See http://www.bleepingcomputer.com/virus-removal/ctb-locker-ransomware-information

Makes some suggestions as to data recovery but most likely if you don't have backups you are screwed.
0
Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

 
LVL 62

Expert Comment

by:☠ MASQ ☠
ID: 40560665
"Even if you pay them they may not give you the decryption key, as they really have no inclination to do so."

Not strictly true. although there's no way I'd advocate paying; perversely it is actually in the ransomer's interest to provide an unlock key once paid as this actually encourages other victims to consider paying up too.  This was seen as the case with Cryptolocker during its first year.

Not for points just for info.
0
 
LVL 3

Expert Comment

by:Mike Sun
ID: 40561469
If you do not have backups it's worth trying  the "restore previous versions" option by right-clicking the file or parent folder with the encrypted items.
0
 
LVL 17

Expert Comment

by:Lior Karasenti
ID: 40565987
There is a solution that I saw today, I didn't try it because we already reinstalled our infected computer
but you can try it if you didn't format the infected computer
follow the instructions here:

https://www.decryptcryptolocker.com/
0
 
LVL 48

Expert Comment

by:dbrunton
ID: 40566083
Lior Karasenti

Your link is for CryptoLocker.  The questioner has been hit with CTB-Locker.   The two are different ransomwares.

The first one has been solved for getting data files back.  The second has not.
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
do i need anti virus software with windows 10? 13 68
Windows 2008 Server C Drive too full 25 71
Graphics card for a new Dell 5810 workstation 16 102
Cygwin - GNU GPL License 1 22
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup" or a blinking cursor with black screen. A loop for Auto repair will start but fix nothing.  You will be panic as there are no back…
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now